Set up webagent in sso-only mode and configure it with any session attribute to be set as http header. Request any protected resource. Agent will redirect the request for authentication and on return:
1. will send session-service request
2. send policyservice request.
Depending on the policyservice response, it will either return 403 error or allow access to the resource.
When running in sso-only mode, invalid policyservice response should be ignored. Only valid sessionservice response is required for sso-only.