Identity Server is the identity provider for other Access Manager components. Access Gateways have Embedded Service Providers. When a device is imported into Administration Console and an Identity Server configuration is selected for them, a trusted relationship is established with Identity Server by using test certificates. When you change these certificates or change from using HTTP to HTTPS, you need to ensure that the trusted relationship is reestablished. Metadata is used for establishing trusted relationships.
The metadata exchanged between service providers and identity providers contains public key certificates, key descriptors for message signing, a URL for the SSO service, a URL for the SLO (single logout) service, and so on. With Access Manager, this metadata is accessible on both Identity Server and the Embedded Service Provider of the device. Errors are generated when either the identity provider could not load the service provider’s metadata (100101043), or the service provider could not load the metadata of the identity provider (100101044).
If users are receiving either of these errors when they attempt to log in, verify the following:
If these steps do not solve your problem, try the following:
For information about metadata validation process and the flow of events that occur when accessing a protected resource on Access Gateway, see “Troubleshooting 100101043 and 100101044 Errors in Access Manager”.