Connecting NetIQ (IdP) with Okta (SP) using SAML 2.0 for SSO

Hello Okta community!

Situation: our SaaS platform is the Service Provider using Okta. We have successfully setup single sign-on for customers using the SAML 2.0 Identity Provider option in Okta. Working IdP platforms include Google, Microsoft and other instance of Okta. We follow the process of receiving the IdP Issuer URI, IdP SSO URL, and IdP Signature Certificate, upload them into the Identity Provider we have created, and then share the metadata.xml file for the customer to upload into their identity provider.

Next we enable a routing rule for a single user, confirm the authentication flow for a single test user, then proceed to enable SSO for all users of their account - done. Until now this has worked the same way every time.

Problem: we have a customer using the NetIQ Access Manager platform as their identity provider and we’re trying to configure SAML 2.0 SSO in Okta. We’re unable to successfully test the authentication flow after configuring the IdP on our side and configuring the SP on their side. I’m not sure how to proceed. The test is successfully redirecting the user when they enter their email address on our login page (i.e. the routing rule is working), they are directed to their IdP login page, authenticate successfully, however they are left on our login page without a successful authentication into our app.

Info: One concern is that the metadata they are providing is in a different format than we usually receive. The file contains multiple certificates (some use=signing, some use=encryption - we are manually grabbing the signing certificate and uploading into Okta).

The next concern is that the IdP SSO URL we are instructed to insert into the Okta IdP configuration does not exist in the metadata they are sending - is this a problem? We’ve tried both grabbing the SingleSignOnService from the metadata.xml file, and also used the version they have shared - no luck.

Request: Does anyone have experience configuring NetIQ as the IdP with Okta as the SP? How might we debug this further, and what are we looking for? Are there any guides as a reference?