For ADFS 2.0 to work with Access Manger SAML 2.0, you must disable the Certificate Revocation List (CRL) checking.
To disable the CRL checking:
Modify Identity Server’s tomcat.conf file.
For information about how to modify a file, see Modifying Configurations.
Add this parameter: JAVA_OPTS="${JAVA_OPTS} -Dcom.novell.nidp.serverOCSPCRL=false".