Can't see server.log
Can you make sure you have <sp:RequireIssuerSerialReference/> assertion under the X509Token assertion.
This is because the certs you generated most likely do not have the KeyIdentifier Extension in them.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=336297