When assertion generation is denied by the policy server, the customer is seeing an AzAccept in the smaccess.log rather than the expected AzReject event.
The AzAccept event was logged for the user's visit to the Authentication URL (redirect.jsp), not for assertion generation.
Release : 12.8
Component : FEDERATION
While successful assertion generations are logged in the smaccess.log, denied assertion generations are not, so this is working by design.