We have a demo SA2500 from Juniper and I must be missing something very fundamental here.
We have several users setup in in the system local db.
We have a user realm of: Staff, Techs, Management
The staff realm has role mapping set to "username is *" and it assigns the roles: staff
Staff role has the web access feature enabled, and has 12 bookmarks.
BUT, any user who logs into the VPN doesn't see the bookmarks.
You should run a Policy Trace to ensure you are getting the roles you think you are and ensure that bookmarks are enabled.
Policy Tracing - First have the user logout of the system.
Go to Maintenance-->Troubleshooting-->Users Sessions-->Policy Tracing. Plug in the username, Realm, and choose the top 3 options (Pre-Authentication, Authentication, Role Mapping) and then click "Start Recording". Once the user logs in go back to Policy Tracing and choose "View Log" and read through to determine if you are getting the role you think you should be getting.
Check the role:
Go to Users-->Users Roles--><pick a role>-->General and make sure there is a checkbook next to "Web".
Thank you for the information, though it simply took me waiting and the bookmarks showed up. I would have thought it would have been an instant update.