There is a bug in the 3.2.1-57 + IR1-201 release (and probably earlier)
where Roles fail to be assigned when they're based on attributes which
contain special characters in the returned value. This has been
duplicated by NetIQ and engineering are working on the fix. In the
meantime, use Authorization policies if you can (MAG policies work, IDS
policies fail) or try and avoid configuring this until the fix has been

ScorpionSting's Profile:
View this thread: