We have a use case where Auth / Az mapping is created, new realm, rules and policies under an existing domain but users keep getting redirected to the login screen of the application.
The error message in the smaccess.log file on the policy server is as follows:
ValidateAccept eqnycssmq22 [27/Aug/2019:18:41:37 +0000] "172.16.1.146 tborr1" "eqnycswbq22 GET /CLT/cltBasketAction" [idletime=3600;maxtime=580552356;authlevel=5;]   
AzReject eqnycssmq22 [27/Aug/2019:18:41:37 +0000] "172.16.1.146 tborr1" "eqnycswbq22 GET /CLT/cltBasketAction" [000000000000000000000000ac1001bb-4e1d-5d657961-0050-203e0a22]   
Release : All
Component : SITEMINDER -POLICY SERVER
Although an appropriate directory mapping existed, the mapping was not added to the realm, so the policy was only attempting to authorize users from the authentication directory while no users from the authentication directory had been added to the policy.
Upon adding the Auth/Az directory mapping to the realm, users began authorizing successfully.