Running a Policy Server and when this one cannot authenticate a user, the smauthreason is always set to 0 even if the User Store gives back the reason why the user cannot be authenticated:
AuthReject <PolicyServer> [25/Jan/2021:11:32:16 +0100] "10.0.0.1 <user1>" "<app> GET /"   TSS7100E 001 J=<user1> A=xxxx T=EXAMPLE F=COM - Acid Suspended TSS7141E Use of Accessor ID Suspended  
AuthReject <PolicyServer> [19/Jan/2021:10:42:13 +0100] "10.0.0.1 <user2>" "<app> GET /"   TSS7100E 007 J=<user2> A=xxxx T=EXAMPLE F=COM - Password Missing TSS7102E Password Missing  
The User Directory has been configured as per documentation (1).
Why does the Policy Server always return the smAuthReason as 0?
TSS as User Store has some limitations.
As per documentation, integration of Siteminder with TSS doesn't allow the use of password services (2).
When looking at the smaccess log above, all messages are related to account state and password:
Password Missing TSS7102E Password Missing
Incorrect Password TSS7101E Password is Incorrect
Password Violation Threshold Exceeded
Password Has Expired. New Password Missing
Password is Incorrect
Incorrect Password TSS7101E Password is Incorrect TSS7100E Excessive
PW Violations TSS7120E Password Violation Threshold Exceeded Acid
Suspended TSS7141E Use of Accessor ID Suspended
The SmAuthReason = 0 means that the user needs to login. As out of the box Policy Server doesn't handle the different situation regarding the state of the account to redirect to password services (smpwservices.fcc), then this is as expected to see the smauthreason being 0.
The "failed authentication" is related to the password and as such the password services. Without password services, if the password is not the expected one, the only possible next step for the user is to come back to the login page. And this is what the product does out of the box.
The errors seen are related to password state (3).