When running Policy Server, and for a specific URL, the Policy Server never authorizes the User as it should. Before, the former Policy Server version 6 was authorizing this access, and there wasn't any configuration change on this.
Policy Server 12.52SP1 on RedHat 6 64bit; (Policy Server was upgraded from 6.0SP5CR05)
AdminUI 12.52SP1 on RedHat 6 64bit;
Web Agent 5QMR7CR00 on Windows 2003SP2
The authorization fails because of the User not being found in the authorization mapping: The User is disabled.
The User is not authorized when requesting a GET on the protected resource.
The Policy Server 12.52SP1 does not find it in one of the LDAP servers defined for that resource:
ldap1:389
ldap2:389
ldap3:389
The former Policy Server 6.0SP5CR05 had a bug that was corrected in 6.0SP5CR25, to fix a known issue for a condition that was allowing access even if the User was disabled.
Now, the behavior has changed since Policy Server 6.0SP5CR35, and the user needs to be enabled in the Authorization User Store too.
From smps-6_0_5_35-readme.txt :
80437 The policy server directory mapping feature will no longer
authorize a user when the authorization user directory has disabled
the user but the authentication user directory has not disabled them.