The PolicyServers listed in one host configuration object auto-restart unexpectedly after the following message shows up in smps.log:
"The IdentityMinder environment is not associated with the user's auth directory."
The IdentityMinder environments are on completely seperate policyserver and policystore.
There's no replication of the policy between the IDM policystore and the rest of the production policystore.
Only the UserStore is shared.
The solution to this problem was to remove the references to any Identity Minder environments in any SiteMinder (SM) policy domains, to ensure that IM checks will not be inadvertantly invoked.
It is recommended to always follow the appropriate procedure to uninstall IM and remove all components from the Policy Server.
It was determined that the follwomg scenario led to the problem:
Originally Identity Minder (IM) was installed and configured to connect to the production policy server.
Later it was decided to move IM to a dedicated policy server without removing the components of the IM install completely from the production policy server.
This implied that the extensions for the policy server and the IM objects were still in the policy store.
Additionally two policy domains were configured to point to IdentityMinder environments.
This is what ultimately caused the failure.
Effectively when a user attempts to access these domains, SM knows that the domain has an associated IdentityMinder environment.
SiteMinder then uses the IdentityMinder extensions for the policy server to do various checks for Identity Minder roles.
The problem was that the Identity Minder environment as such no longer existed, consequently leading to the "The IdentityMinder environment is not associated with the user's auth directory." errors and ultimately leading to the restart of the policy store.