Thanks for the hint!
Just to add a little more flesh... We had this error and it turned out to be issues with LDAP servers being out of service.
GMU was spitting "Execution failed. Reason: Internal Server Error. Detail: naming exception"
These are the entries from the log file
2019-01-17T15:37:32.608+0000 WARNING 510 com.l7tech.server.identity.ldap.LdapGroupManagerImpl: LDAP error, while building group
2019-01-17T15:37:32.608+0000 WARNING 510 com.l7tech.external.assertions.gatewaymanagement.server.rest.exceptions.ExceptionMapper: Error processing management request: naming exception
2019-01-17T15:37:32.608+0000 INFO 510 com.l7tech.external.assertions.gatewaymanagement.server.rest.exceptions.ExceptionMapper: Error processing management request:naming exception
Going into the policy manager and using "Test" for our AD / LDAP integrations revealed that the gateway was having trouble reaching an LDAP server. Traffic could get from the gateway to the ldap server listed in it but not to another LDAP server that it was being referred to.
It appears that in an AD setup, regardless of how many LDAP servers are list as being available (when the bind occurs) the Gateway will always pick the first one. We've seen this with other LDAP client implementations in the last few days too.