diff --git a/test/s3/iam/iam_config_distributed.json b/test/s3/iam/iam_config_distributed.json
index 8284c9e43..865733d65 100644
--- a/test/s3/iam/iam_config_distributed.json
+++ b/test/s3/iam/iam_config_distributed.json
@@ -4,7 +4,6 @@
     "maxSessionLength": 43200000000000,
     "issuer": "seaweedfs-sts",
     "signingKey": "dGVzdC1zaWduaW5nLWtleS0zMi1jaGFyYWN0ZXJzLWxvbmc=",
-    "sessionStoreType": "filer",
     "providers": [
       {
         "name": "keycloak-oidc",
@@ -34,12 +33,9 @@
     ]
   },
   "policy": {
-    "defaultEffect": "Deny",
-    "storeType": "filer"
-  },
-  "roleStore": {
-    "storeType": "filer"
+    "defaultEffect": "Deny"
   },
+  "roleStore": {},
 
   "roles": [
     {
diff --git a/weed/iam/integration/iam_manager.go b/weed/iam/integration/iam_manager.go
index fc4665232..4f29cc4cd 100644
--- a/weed/iam/integration/iam_manager.go
+++ b/weed/iam/integration/iam_manager.go
@@ -111,15 +111,15 @@ func (m *IAMManager) Initialize(config *IAMConfig) error {
 // createRoleStore creates a role store based on configuration
 func (m *IAMManager) createRoleStore(config *RoleStoreConfig) (RoleStore, error) {
 	if config == nil {
-		// Default to memory role store
-		return NewMemoryRoleStore(), nil
+		// Default to filer role store
+		return NewFilerRoleStore(nil)
 	}
 
 	switch config.StoreType {
-	case "", "memory":
-		return NewMemoryRoleStore(), nil
-	case "filer":
+	case "", "filer":
 		return NewFilerRoleStore(config.StoreConfig)
+	case "memory":
+		return NewMemoryRoleStore(), nil
 	default:
 		return nil, fmt.Errorf("unsupported role store type: %s", config.StoreType)
 	}
diff --git a/weed/iam/policy/policy_engine.go b/weed/iam/policy/policy_engine.go
index b2b07d27c..19dd7cd32 100644
--- a/weed/iam/policy/policy_engine.go
+++ b/weed/iam/policy/policy_engine.go
@@ -186,7 +186,7 @@ func (e *PolicyEngine) validateConfig(config *PolicyEngineConfig) error {
 	}
 
 	if config.StoreType == "" {
-		config.StoreType = "memory" // Default to memory store
+		config.StoreType = "filer" // Default to filer store for persistence
 	}
 
 	return nil
diff --git a/weed/iam/sts/constants.go b/weed/iam/sts/constants.go
index f26264c40..c684b45fe 100644
--- a/weed/iam/sts/constants.go
+++ b/weed/iam/sts/constants.go
@@ -30,10 +30,11 @@ const (
 
 // Default Values
 const (
-	DefaultTokenDuration    = 3600  // 1 hour in seconds
-	DefaultMaxSessionLength = 43200 // 12 hours in seconds
-	DefaultIssuer          = "seaweedfs-sts"
-	MinSigningKeyLength    = 16 // Minimum signing key length in bytes
+	DefaultTokenDuration      = 3600          // 1 hour in seconds
+	DefaultMaxSessionLength   = 43200         // 12 hours in seconds
+	DefaultIssuer            = "seaweedfs-sts"
+	DefaultStoreType         = StoreTypeFiler // Default store type for persistence
+	MinSigningKeyLength      = 16             // Minimum signing key length in bytes
 )
 
 // Configuration Field Names
diff --git a/weed/iam/sts/sts_service.go b/weed/iam/sts/sts_service.go
index 736a07a48..7f6d25e87 100644
--- a/weed/iam/sts/sts_service.go
+++ b/weed/iam/sts/sts_service.go
@@ -237,10 +237,10 @@ func (s *STSService) validateConfig(config *STSConfig) error {
 // createSessionStore creates a session store based on configuration
 func (s *STSService) createSessionStore(config *STSConfig) (SessionStore, error) {
 	switch config.SessionStoreType {
-	case "", StoreTypeMemory:
-		return NewMemorySessionStore(), nil
-	case StoreTypeFiler:
+	case "", DefaultStoreType:
 		return NewFilerSessionStore(config.SessionStoreConfig)
+	case StoreTypeMemory:
+		return NewMemorySessionStore(), nil
 	default:
 		return nil, fmt.Errorf(ErrUnsupportedStoreType, config.SessionStoreType)
 	}