While running Policy Server, intermittently the Policy Server might write log lines where the user variable has no value, ie. : user=.

To illustrate:

[1646/140397614155520][Thu Apr 08 2021 13:01:31][SmAuthorization.cpp:2248][INFO][sm-log-00000] Execution time exceeded threshold. (CSmAz::ProcessActiveExpression, 7295, 5000, agent=<Agent> client=10.0.0.1 server=http://example.com  resource=/<application> action=GET user=)

Explanation 

This could occur when there is an absence of user value might be caused by a specific process hasn't finished yet.

From the given snippet, the value seems to be missing when the Policy Server is at the Authorization phase.

To illustrate that, if the Policy Server takes too much time to analyze the CRL cache for a given user, the Policy Server line will report no value to the user with similar line.

Also, if the processing of SAML Response takes too long, a similar log line with the user without value can be shown in below (1).

It's also possible the process ends the request correctly.

Policy Server writes this line because the process is not finished yet, but takes more time than threshold value (5 seconds).

In the Policy Server traces, you should see over that line if the process ends correctly or with an error later.

Mainly, when you see user= is because at the stage the process is, the value is not yet known.

Again, that doesn't mean the authorization will fail.

1. AuthnResponse contains not SAML compliant Timestamp