Sometimes a Role policy is created, but the Role policy is not enabled for Identity Server. When this happens, the trace looks similar to the following:
<amLogEntry> 2009-06-11T16:06:03Z INFO NIDS Application: AM#500199050: AMDEVICEID#9921459858EAAC29: AMAUTHID#YfdEmqCT2ZutwybD1eYSpfph8g5a5aMl6MGryq1hIqc= : IDP RolesPep.evaluate(), policy trace: ~~RL~0~~~~Rule Count: 0~~Success(67) </amLogEntry>
When you see Role policy traces that contain only the RL trace line, you need to enable the Role policy.