Info |Microsoft.AspNetCore.Hosting.Diagnostics|Request starting HTTP/1.1 POST https://xxx:8090/access-management/gct96sites/AssertionConsumerService application/x-www-form-urlencoded 13021 
2022-09-28 15:13:35.1052|Info |Microsoft.AspNetCore.Cors.Infrastructure.CorsService|CORS policy execution failed. 
2022-09-28 15:13:35.1052|Info |Microsoft.AspNetCore.Cors.Infrastructure.CorsService|Request origin https://xxx.auth0.com does not have permission to access the resource. 
2022-09-28 15:13:35.1052|Info |Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware|No CORS policy found for the specified request. 
2022-09-28 15:13:35.1267|Error|ComponentSpace.Saml2.SamlServiceProvider|Receiving an SSO response from a partner identity provider has failed. ComponentSpace.Saml2.Exceptions.SamlCertificateException: 
The X.509 certificate could not be loaded from the string.
---> System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
   at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
   at System.Convert.FromBase64String(String s)
   at ComponentSpace.Saml2.Certificates.CertificateLoader.LoadCertificateFromStringAsync(String certificateString, String certificatePassword)
   --- End of inner exception stack trace ---
   at ComponentSpace.Saml2.Certificates.CertificateLoader.LoadCertificateFromStringAsync(String certificateString, String certificatePassword)
   at ComponentSpace.Saml2.Certificates.CertificateManager.LoadCertificatesAsync(IList`1 certificates, CertificateUse certificateUse)
   at ComponentSpace.Saml2.Certificates.CertificateManager.GetPartnerIdentityProviderCertificatesAsync(PartnerIdentityProviderConfiguration partnerIdentityProviderConfiguration, CertificateUse certificateUse)
   at ComponentSpace.Saml2.SamlServiceProvider.GetPartnerProviderSignatureCertificatesAsync(Boolean precondition)
   at ComponentSpace.Saml2.SamlServiceProvider.VerifySamlAssertionSignatureAsync(AssertionListItem assertionListItem)
   at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse)
   at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState)
   at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
   at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
   at System.Convert.FromBase64String(String s)
   at ComponentSpace.Saml2.Certificates.CertificateLoader.LoadCertificateFromStringAsync(String certificateString, String certificatePassword)
2022-09-28 15:13:35.1267|Info |Microsoft.AspNetCore.Hosting.Diagnostics|Request finished in 22.0262ms 302  
2022-09-28 15:13:35.1648|Info |Microsoft.AspNetCore.Hosting.Diagnostics|Request starting HTTP/1.1 GET https://xxx:8090/access-management/Account/Error   
2022-09-28 15:13:35.2348|Info |Microsoft.AspNetCore.Routing.EndpointMiddleware|Executing endpoint 'Tridion.AccessManagement.Controllers.AccountController.Error (Tridion.AccessManagement)' 
2022-09-28 15:13:35.2348|Info |Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker|Route matched with {action = "Error", controller = "Account"}. 
Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Error(System.String) on controller Tridion.AccessManagement.Controllers.AccountController (Tridion.AccessManagement). 
2022-09-28 15:13:35.2348|Info |Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor|Executing ViewResult, running view Error. 
2022-09-28 15:13:35.2348|Info |Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor|Executed ViewResult - view Error executed in 1.143ms. 
2022-09-28 15:13:35.2348|Info |Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker|Executed action Tridion.AccessManagement.Controllers.AccountController.Error (Tridion.AccessManagement) in 1.5061ms 
2022-09-28 15:13:35.2348|Info |Microsoft.AspNetCore.Routing.EndpointMiddleware|Executed endpoint 'Tridion.AccessManagement.Controllers.AccountController.Error (Tridion.AccessManagement)' 
2022-09-28 15:13:35.2348|Info |Microsoft.AspNetCore.Hosting.Diagnostics|Request finished in 71.836ms 200 text/html; charset=utf-8 
2022-09-28 15:13:38.1150|Info |Microsoft.AspNetCore.Hosting.Diagnostics|Request starting HTTP/1.1 POST https://xxx:8090/access-management/connect/token application/x-www-form-urlencoded;charset=UTF-8 151 
2022-09-28 15:13:38.1150|Info |IdentityServer4.Hosting.IdentityServerMiddleware|Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token 
2022-09-28 15:13:38.1282|Info |IdentityServer4.Validation.TokenRequestValidator|Token request validation success, {"ClientId":"fc96aed3-xxx-81e4393224c3", "ClientName":"fc96aed3-xxx-81e4393224c3", "GrantType":"client_credentials",
 "Scopes":"Tridion.AccessManagement Tridion.AddonService Tridion.ContentManager", "Raw":{"grant_type":"client_credentials","client_id":"fc96aed3-xxx-81e4393224c3","client_secret":"***REDACTED***"}} 
2022-09-28 15:13:38.1282|Info |Microsoft.AspNetCore.Hosting.Diagnostics|Request finished in 14.8465ms 200 application/json; charset=UTF-8 
2022-09-28 15:13:49.3507|Info |Microsoft.AspNetCore.Hosting.Diagnostics|Request starting HTTP/1.1 POST

Solution: Ensure that the certificate string does not contain any hidden characters or that it is not truncated

The X.509 certificate that the SAML provider uses to sign SAML tokens and when pasting the long string of characters to the Certificate field of Access Management, verify that it is valid.