Major Description
Configuring the manager.xml topology to use the SSOCookieProvider results in a NPE from the identity assertion provider. This is due to the service.xml definition file for the admin-ui application. The ordering of the policy roles within the definition has the federation provider specified at the end which means the identity isn't set until after identity assertion and authorization providers would be invoked.
This patch adjusts the ordering appropriately and removes the explicit selection of the Anonymous authentication provider on the routes as well.