Hi Chris,
I reviewed your case that you created with support.
One important item that you forgot to mention here is that your security zone IS different in Web Service and User App (Normal Web Agent).
After doing some test , I can see what the problem is and how to get this working.
Test 1
=======
Web Agent Security Zone : TST , So SSO Token Name : TSTSESSION
SPS Web Service Security Zone : SM (Default ), SO SSO Token Name : SMSESSION
Now, on replaying the TSTSESSION generated by web agent in the WebService, it couldn't authenticate the user with the following error in the trace log :
[04/16/2015][11:15:27][3396][3876][239b0220000081f50000000081f5239b-0d44-552f0d2f-0f24-036e6784][CSmHttpPlugin::ProcessSessionCookie][SMSESSION cookie - mismatched SSOZone 'TST'.]
[04/16/2015][11:15:27][3396][3876][239b0220000081f50000000081f5239b-0d44-552f0d2f-0f24-036e6784][CSmHttpPlugin::EstablishSession][Failed to process service session.]
I also tried setting SSOTRustedZone=TST in WebService , but that still didn't work.
Note, with the normal web agent this would have worked with the SSOTrustedZone setting in place.
Test 2
=======
Next, I modify the WebService security zone to match the Web Agent as below :
Web Agent Security Zone : TST , So SSO Token Name : TSTSESSION
SPS Web Service Security Zone : TST , SO SSO Token Name : TSTSESSION
Now, on replaying the TSTSESSION generated by web agent in the WebService, it CAN authenticate the user successfully :
[04/16/2015][11:20:53][3744][3432][239b0220000081f50000000081f5239b-0ea0-552f0e75-0d68-009c5f90][CSmHttpPlugin::ProcessSessionCookie][Decoded TSTSESSION cookie - User = 'guest', IP address = '155.35.245.129'.]
[04/16/2015][11:20:53][3744][3432][239b0220000081f50000000081f5239b-0ea0-552f0e75-0d68-009c5f90][CSmHttpPlugin::EstablishSession][Service session processing complete.]
[04/16/2015][11:20:53][3744][3432][239b0220000081f50000000081f5239b-0ea0-552f0e75-0d68-009c5f90][AuthenticateUser][Validating session '2b83w0pMRE1Kk1wZzreulkC7o1E=' for user 'guest' in zone 'TST'.]
[04/16/2015][11:20:53][3744][3432][239b0220000081f50000000081f5239b-0ea0-552f0e75-0d68-009c5f90][AuthenticateUser][User 'guest' is authenticated by Policy Server.]
Next Action
=============
1. Match Security Zone of Web Agent and Web Service
Good Luck.
Cheers,
Ujwol Shrestha