In this basic configuration, the following two common configuration errors can result in login failure:
Error 300101015: If your Access Gateway and Identity Server do not have the same time, the assertion is invalid. Check the time of each machine.
Errors 100101043 and 100101044: Identity Server and Access Gateway need to be able to resolve each other’s DNS names. If you are in a lab and not using a DNS server, make sure the host files of each machine have been configured to resolve the DNS name to the IP address of the device.
The other cause for these errors, when SSL has not been enabled, is the failure to update either Identity Server or Access Gateway after making a change to the base URL of Identity Server or modifying Identity Server Access Gateway is trusting for authentication.
For information about how to force Access Gateway to update the metadata for Identity Server, see Embedded Service Provider Metadata.