After some testing & troubleshooting, it seems that our Mainframe access has broken on version 4.1.1 of PAM, and it likely has to do with how loopback is handled.  Nothing has changed on our Mainframe end between versions 3.4.2 (current PAM) and 4.1.1.  I verify I can log into mainframe outside of PAM by manually entering credentials, however, PAM doesn't seem to use vaulted credentials properly on version 4.1.1 for Mainframe system access.

Release : 4.1

Mainframe access in this use case first landed on a page from which a selection had to be made to proceed to the login page. Between 3.4.2 and 4.1.1 a fix was added to accommodate a use case where the login page first only showed a user name field, and that had to be populated before the password field would show up. That fix was not compatible with the use case of having a landing page that required user input, but not credential input.

The problem is expected to be fixed in 4.1.3+ and 4.2+. For PAM 4.1.1 a hotfix is available on request. If you have this problem and 4.1.3 or 4.2 is not available, or the upgrade is not an option for you yet for other reasons, please open a case with PAM Support.