The following rules always return a RequestDenied regardless of group membership and I cannot figure out why. However; if I permit all users the response comes through as expected.
Transform Rules
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-21-154865993-911430437-929701000-56327", Issuer == "AD AUTHORITY"] => issue(Type = "PermitAccess", Value = "1", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, ValueType = c.ValueType);
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query = ";sAMAccountName,givenName,sn,mail;{0}", param = c.Value);
Authorization Rules
c:[Type == "PermitAccess", Value == "1"] => issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");
~Preston