One of our protected resource is setup with a Response header to return the memberOf Attribute of the user.
Some of these returned Groups contains a NON ASCII characters.
When the AG agent generate the header (after processing the Policy Server Response) and pass it to the backend server (via the proxy engine), the backend is rejecting the request due to these characters not converted to UTF8 .

Release:
Component: SMAPC

2 options to resolve the issue on the Access Gateway 

** Option 1 --> 

Navigate to (sps_home)\proxy-engine\conf and open the SmSpsProxyEngine.properties file 
- Add the following in the NETE_SPS_PROXYENGINE_CMD section before the classpath: 
-Dhttp_protocol_element_charset="UTF-8" ---) to be added 

For example: 
NETE_SPS_PROXYENGINE_CMD="%NETE_SPS_JAVA_HOME%\bin\java.exe" -Xms512m -Xmx1024m -XX:MaxMetaspaceSize=256M -Dhttp_protocol_element_charset="UTF-8" 

Here UTF-8 is the character set that our noodle client uses while communicating with back end server. 

** Option 2 --> 

Another alternate setting would be adding   http_protocol_element_charset="UTF-8"  server.conf file  in <Service name="forward"> section.

sample:
<Service name="forward">
    class="org.tigris.noodle.Noodle"

    # Enables support for multiple protocols if set to true. Currently only
    # http and https is supported.  If set to false only http is supported.
    protocol.multiple="true"
    http_protocol_element_charset="UTF-8"
>