Use LAN traces to check requests, responses, and interpacket delay times.
In the user store logs, confirm that the request arrived. Check for internal errors.
If you have created an admin user for the user store, ensure that the user has sufficient rights to find the users in the specified the search contexts. For more information about the required rights, see Configuring an Admin User for the User Store.
Check the user store health and replica layout. See TID 3066352.
Ensure that the user exists in the user store and that the user’s context is defined as a search context.
Ensure that the Liberty protocol is enabled if you have configured Access Manager devices to use Identity Server for authentication (click Identity Servers > Edit > General Configuration).
Check the properties of the class and method. For example, the search format on the properties must match what you’ve defined on a custom login page. You might be asking for a name/password login, but the method specifies e-mail login criteria.
Enable authentication logging options (click Identity Servers > Edit > Auditing and Logging).
Ensure that the authentication contract matches the base URL scheme. For example, check to see if SSL is used across all components.