Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 261

Cause: This is because the contract has the wrong format for its URI. The URI must start with
or . Change the contract and try again.
http://
[ERROR] Saml contains an unknown NameIdentifierFormat:
Issuer=https://idp-51.amlab.net:8443/nidp/wsfed/; Format=urn:oasis:names:tc:SAML:1.1:nameid-
format:unspecified
Cause: The name identifier format is set to unspecified, and it needs to be set to E-mail.
[ERROR] Saml contains an unknown Claim name/namespace:
Issuer=https://idp-51.amlab.net:8443/nidp/wsfed/;
Namespace=urn:oasis:names:tc:SAML:1.0:assertion; Name=emailaddress
Cause: The emailAddress attribute is not in the correct namespace for WSFed.
CRL Errors
2008-08-01T19:56:55 [WARNING] VerifyCertChain: Cert chain did not verify - error code

was 0x80092012
2008-08-01T19:56:55 [ERROR] KeyInfo processing failed because the trusted certificate does

not have a a valid certificate chain. Thumbprint =
09667EB26101A98F44034A3EBAAF9A3A09A0F327
2008-08-01T19:56:55 [WARNING] Failing signature verification because the KeyInfo section

failed to produce a key.
2008-08-01T19:56:55 [WARNING] SAML token signature was not valid: AssertionID =

idZ0KQH0kfjVK8kmKfv6YaVPglRNo
Cause: The CRL check isn't turned off. See
[ERROR] EmailClaim.set_Email:
Email 'mPmNXOA8Rv+j16L1iNKn/4HVpfeJ3av1L9c0GQ==' has invalid format
Cause: The drop-down list next to E-mail in the identifier format was not changed from <Not
Specified> to a value with a valid e-mail address in it.
"Disabling CRL Checking" on page
urn:
259.
Configuring WS Federation 261