Single sign on OpenAM错误500“；无法进行单点登录或联合”；当浏览器加载成功URL时

我刚刚安装了OpenAM 13.0.0，创建了一个托管IDP，并注册了一个远程SP。 在远程SP（一个名为Questetra的产品）中，我使用在XML中找到的值配置了entityID、登录URL、注销URL和证书

问题：OpenAM在浏览器加载

成功URL的步骤中显示
500内部服务器错误


知道发生了什么吗
有关于如何调试的提示吗？Tomcat和OpenAM日志中没有什么特别之处

缩短线鲨痕迹
HTTP/1.1200正常
[...]
{“successURL”：“/SSORedirect/metaAlias/idp？ReqID=a41de50e29c99ff3422f82b7g660ch6&index=null&acsURL=http%3A%2F%2Fthesp%3A8080%2UserWeb%2Fsaml%2FSSO%2F别名%2BPM&spEntityID=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2F&binding=urn%3Aoasis%3Atc%3ASAML%3A2.0%3AS%3AHTP-POST”}
GET/openam/SSORedirect/metaAlias/idp？ReqID=a41de50e29c99ff3422f82b7g660ch6&index=null&acsURL=http%3A%2F%2Fthesp%3A8080%2userweb%2fsml%2FSSO%2Falias%2bpm&spEntityID=http%3A%2F%2Fthesp%3A8080%2userweb%2F&binding=urn%3Aoasis%3Atc%3ASAML%3A2.0%3AHTTP-POST-http/1.1.1
[...]
HTTP/1.1500内部服务器错误
[...]
[…]HTTP状态500-无法进行单点登录或联合[…]

完全跟踪

Tomcat 7.0.72、Ubuntu 2016.04.1 LTS、Firefox 50.1.0
我通过直接从OpenAM导出的元数据文件中获取证书值并再次直接输入来解决相同的错误，以确保其完全相同。
将OpenAM调试日志设置为“消息”级别，并检查联合调试日志（或在此处提供错误）嘿，尼古拉斯，你能解决这个问题吗？
HTTP/1.1 200 OK
[...]

{"successURL":"/SSORedirect/metaAlias/idp?ReqID=a41de50e29c99ff3422f82b7g660ch6&index=null&acsURL=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2Fsaml%2FSSO%2Falias%2Fbpm&spEntityID=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2F&binding=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Abindings%3AHTTP-POST"}

GET /openam/SSORedirect/metaAlias/idp?ReqID=a41de50e29c99ff3422f82b7g660ch6&index=null&acsURL=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2Fsaml%2FSSO%2Falias%2Fbpm&spEntityID=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2F&binding=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Abindings%3AHTTP-POST HTTP/1.1
[...]

HTTP/1.1 500 Internal Server Error
[...]

<html>[...]HTTP Status 500 - Unable to do Single Sign On or Federation[...]</html>