error 'invalid ciphertext' in APM with ACCESS::policy evaluate

there are some trouble with ACCESS::session create if "Accept-Language" is not set in HTTP_REQUEST event... try this:

if { [HTTP::header value "Accept-Language"] eq "" } then {
     A "Accept-language" header is not present. Injecting language code = none
    HTTP::header insert "Accept-Language" "none"
}
set flow_sid [ACCESS::session create -timeout 600 -lifetime 3600]
ACCESS::policy evaluate -sid $flow_sid -profile /Common/access_aa session.logon.last.username [HTTP::username] session.logon.last.password [HTTP::password] session.server.landinguri [string tolower [HTTP::uri]]

Why do you set a lifetime to 3660 and a timeout to 600? try to change these values to lower.

set flow_sid [ACCESS::session create -timeout 60 -lifetime 120]

Look at this code as example of working command