APIcast build includes some policies that have not passed through QE and thus are not supported:

• token introspection
• service-level rate limiting

Admin Portal UI loads policies from an APIcast instance, so as they are included in the build, they appear in the list of available policies. They are not marked in any way as "not supported", so there is no way of knowing that they are not, unless you go to the documentation to check (assuming that it will be there).

I think this may be a sources of confusion, and we need to think of a way to avoid this. The easiest short-term solution would be to include "not supported" or "tech preview" in the description of such policies. In long term we may want to think of a mechanism to limit the default list of policies to only supported ones, and make it easy to enable the additional ones.

Somewhat related issue for SaaS only: https://issues.jboss.org/browse/THREESCALE-843