HTTP_SM_SERVERSESSIONID and HTTP_SM_USER are missing in response headers.
Following messages are evident in the agent trace:
EnableAuthorization was disabled. User and Session headers are not set
Authorization is skipped as it is not enabled. AuthenticationManager returned SmYes, end new request
Release : 12.8.x
Component : SITEMINDER -WEB AGENT FOR APACHE
EnableAuthorization was set to no in SPS ACO
Set EnableAuthorization to yes (comment out as the default value is yes)