When running Federation Services on Web Agent Option Pack or CA Access Gateway (SPS), what are the possible causes and solutions when the following error message shows up in the FWStrace.log?    

  FAILED_INVALID_RESPONSE_RETURNED

This usually leads the browser to receive error 500.

At first glance, this error is generic, and can mainly be caused by several reasons:

The Authnrequest is signed in a POST request:

  Error: FAILED_INVALID_RESPONSE_RETURNED in SP Web Agent Option Pack
  

Policy Server gets a problem retrieving the certificate for the assertion signature validation:

  Error: FAILED_INVALID_RESPONSE_RETURNED and issuer dn is empty or null
  

No Persistent realm nor Session Store enabled:

  Error: FAILED_INVALID_RESPONSE_RETURNED by enabling SLO in Federation
 

  Error: Denying request due to "NO" from SAML2 assertion generator