After upgrading Identity Manager (14.4 to 14.5) and SiteMinder, users with access roles are unable to login to their applications via SSO through Siteminder.

There is no problem with the IM-SM integration, in that everything works as expected in Identity Manager. The IME is protected by SM, users can log in and perform all IM work including assigning and revoking access roles.

The problem occurs outside of IM, when users attempt to log in to SM-protected resources. After entering their user credentials the login screen hangs.

Access logs show that expected headers are not being sent to the application.

The smtracedefault log shows that Authentication completes successfully but Authorization fails due to not being able to locate smIMS access role data.

Resolved by changing user directory order in Siteminder. With two directory servers, when switching their order in Siteminder, the login to applications completes successfully. This worked in the previous version of Siteminder and may possibly be a new issue new version of Siteminder, 12.8.08.1.