• VMware Identity manager authentication fails through the primary node only post scaling up the VIDM from singe node to cluster. 
• While logging through the primary node it gives the error  "Error Incorrect issuer in SAML AuthnRequest." while redirecting to the LoadBalancer. 
• Authentication works fine through the other two nodes. 
• VIDM cluster health looks fine. 
• This issue was also observed while logging into NSX via VIDM login page.
• This issue can also be observed when logging into Aria Operations Login page 

• VMware Identity Manager 3.3.x
• VMware NSX

This happens when we scale out a single node VIDM to a 3 node cluster and then retrust of the cluster with the LoadBalancer is not done correctly. 

OR

When the 'VMware Identity manager appliance' field is set to the VIDM node URL instead of the VIDM LoadBalancer URL.

• To resolve this we need to run a retrust of the VIDM cluster with the LoadBalancer URL on the NSX manager by replacing the VIDM node URL  with VIDM Loadbalancer URL  under VMware Identity Manager Appliance field (Navigate to System > User Management > Authentication Providers > VMware Identity Manager > Edit). Refer to the following documentation. 
• OR try below Steps : 
  • Take a snapshot of the VIDM cluster from LCM. 
  • Run the re-trust of the VIDM cluster with the LoadBalancer. 
  • Try to login through the Primary node and it will work. 
• If you the error is generated in Aria Operations please ensure the FQDN is used in VIDM integration and not IP address as certificate issue will continue