There is a limitiation with Active Directory User Store. For WS-Security Password Digest Authentication Scheme, the Authentication Scheme tries to retrieve attribute userPassword and compares the digest value that user sends a part of input request.
For Active Directory, UserPassword or unicodePwd attributes cannot be retrieved for security reasons.
WS-Security Username Password Authentication Scheme in Siteminder currently can support only cleartext form. We cannot support the Digest form because of these security reasons.
Below is link from Microsoft community :
"The users' password is stored in the Active Directory on a user object in the unicodePwd attribute. This attribute can be written under restricted conditions, but it cannot be read due to security reasons."