IIS WPA4 can not read userid attribute out of policy response if com.sun.identity.agents.config.userid.param.type=LDAP
It tries to read it earlier than that data is available (from cache)
when userid value is read from SESSION - everything is fine.
This was discovered when trying to set up Basic authentication.
Parameters for the agent are:
The information comes back correctly from OpenAM in a policy Response:
The agent should then set the user context and the logs show:
but it does not appear.