The following rules always return a RequestDenied regardless of group membership and I cannot figure out why. However; if I permit all users the response comes through correctly. This is an extremely simple thing and even using the built in ADFS options for setting it up give me the same results.
Transform Rules
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-21-154865993-911430437-929701000-56327", Issuer == "AD AUTHORITY"] => issue(Type = "PermitAccess", Value = "1", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, ValueType = c.ValueType);
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query = ";sAMAccountName,givenName,sn,mail;{0}", param = c.Value);Authorization Rules
c:[Type == "PermitAccess", Value == "1"] => issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");
~Preston