There are really no tricks...
Here's a working config I just did in my lab. It might give you an idea of what went wrong with your setup.
On the PA Firewall:
No need to enter any other information as this is to create a self signed cert later
On the UserID server:
Hope that helps!