Tridion Docs Publication Manager Login fails with "access denied" - but I can log in via the Web Client

Tridion Docs Publication Manager Login fails with "access denied" - but I can log in via the Web Client.
This is on our test environment. I can connect to PROD just fine in Publication Manager
 

1) In this case the the Pub Manager Access Denied error was occurring because the (ChainTrust) web.config certificate validation was failing to find the root certificate in the trusted root store. This was proved by reducing the scope of the certificate validation to (PeerTrust), by changing the following line in .\InfoShare\WebDITA\InfoShareWS\Web.config:

<certificateValidation certificateValidationMode="ChainTrust"/>

to

<certificateValidation certificateValidationMode="PeerTrust"/>

So either the root certificate can be added to the trusted store or since it's a test environment the above change may be sufficient.

2) Also can be the timezone or clock is out by more than 5 minutes and the tokens expire before getting used. 

3) This can also be fixed by locking client desktop screen while being on VPN connection and than unlocking it. 
 

Also see:
Knowledge Center - User getting "access denied" message in Pub Man
Troubleshooting Relying parties and Certificate issues 
Knowledge Center: After SSL certificate renewal login via publication manager is not possible anymore