Attempting to use the 'Authenticate User or Group' assertion for a user
which exists within a Federated Identity Provider fails with an error
similar to the following:
Credentials failed for xxx due to 'Couldn't authorize X.509 credentials: Signer 'cn=zzzzzzz' is not trusted'
Situation can be seen on any Layer 7 Gateway version.
This situation can be seen when the root or signing certificate associated with the certificate which identifies the user in question
is contained within the gateways trusted certificate store but was not directly added to the FIP.
Be certain the already trusted root certificate is added within the FIP by following these steps:
-Launch policy manager and select the Identity Providers Tab
-Right click the FIP in question and select 'Properties'
-At Step 2 'Select the Trusted Certificates' dialog please add the
appropriate root certificate which is already trusted within the gateway