This issue occurs in a dual identity server cluster configuration. After upgrading Access Manager, X509 authentication fails because the context.xml file gets overwritten and some configurations get deleted.
To workaround this issue, perform the following steps:
Before upgrading Access Manager, back up the /opt/novell/nam/idp/webapps/nidp/META-INF/context.xml file, if you have customized the context.xml file.
After upgrading Access Manager, add the customized content to the upgraded context.xml file and uncomment the following lines in the context.xml file:
<!-- Force use the old Cookie processor (because this new tomcat version uses RFC6265 Cookie Specification) --><!-- <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" /> --> </Context>