When a secret store is configured to use external LDAP user store, the Access Gateway returns an error. The Identity Provider DN value set by the Administration Console for user stores enabled for NMAS is different from what the Identity Provider expects.
This issue is not applicable for new NMAS configurations as the Administration Console writes the correct value. If you have configured NMAS before upgrading to 3.2 SP2 IR1, follow either of the two workarounds given below:
Workaround 1:
Apply the 3.2 SP2 IR1 patch.
Go to Identity Server > Edit Cluster > Local > User Store.
Clear Install NMAS SAML Method, Apply and Update the server.
Select Install NMAS SAML Method, Apply and Update the server again.
Workaround 2:
Go to Roles and Tasks > NMAS > NMAS Login Methods > SAML Assertion >Affiliates Tab.
Click on the cluster ID and set the Provider ID as <Cluster Base URL>/nidp/idff/metadata. For example, http://suse-87-129.blr.novell.com:8080/nidp/idff/metadata.