When using AUTH and AZ mapping with SSO integration, the user gets a "File Not Found" in the browser and the following error in the application server log:
Header userDN and session spec users do not match
When integrated with Single Sign On, ValidateHeadersWithPS is on by default. The SiteMinder header will always send the full DN value for the user in question. However, when using auth/az mapping, Identity Manager will have only the user id, and not the full DN value, so this validation will always fail.
Turn off ValidateHeadersWithPS.