The docs may be over-zealous about limitations when using Client-based sessions with Policies that use session properties.
It appears that session properties set during authentication (i.e. before JWT is minted) can be used in policy evaluations.
The limitation is that session properties cannot be modified in client-based sessions once minted.
- Create a policy that relies on session properties
- Switch AM to use Client-based sessions
- Evaluate the policy