We have created a user within our FIP and the specified username matches the cn of the certificate being presented to the gateway in the request.  We receive a 401 Authentication Failed error though when executing the 'Authenticate Against Identity Provider' assertion.

CA API Gateway

Although we had imported the Root CA certificate which signed the certificate being presented into the gateway trust store it was not added directly into the FIP.

Add the Root certificate directly into the FIP.

From policy manager->Right click the Identity Provider and choose 'properties'->Then at the 'Select Trusted Certificates' step be certain to add the Root certificate such that any certificate presented which was signed by the root will be trusted.

Once this was done we could authenticate the user successfully.