Good afternoon,
I can duplicate the issue in a 9.3 Gateway with the URI that you provided. The issue is that the / is a reserved character and really should be treated like a space or a - which you have seen work find. You could look to base64 the UserID to ensure that no device sees the / as part of the URI. Also if you pass through the URI without the conversion %2F then the gateway will accept it. You can modify the policy to take the last 2 sections of the URI to do policy logic.
Sample policy to extract the userID from the URI:
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<wsp:All wsp:Usage="Required">
<L7p:Regex>
<L7p:AutoTarget booleanValue="false"/>
<L7p:CaptureVar stringValue="userID"/>
<L7p:OtherTargetMessageVariable stringValue="request.http.uri"/>
<L7p:Regex stringValue="/policies/(.*)"/>
<L7p:RegexName stringValue="Compose ID"/>
<L7p:Replacement stringValue=""/>
<L7p:Target target="OTHER"/>
</L7p:Regex>
<L7p:HardcodedResponse>
<L7p:Base64ResponseBody stringValue="JHtyZXF1ZXN0Lmh0dHAudXJpfQoke3VzZXJJRFsxXX0="/>
<L7p:ResponseContentType stringValue="text/plain; charset=UTF-8"/>
</L7p:HardcodedResponse>
</wsp:All>
</wsp:Policy>
Sincerely,
Stephen Hughes
Broadcom Support