Thanks for chiming in. Took a bit, but finally realized that my problem wasnt the policy, but rather the test machine I was using. I completely overlooked the fact that it had 2 AV products loaded (and apparently active.) So, the rule as written was actually correct. Now I have to figure our why there is almost a 1 minute delay between the time the user enters the credentials and when the role mapping actually takes place. Policy trace shows the gap, but nothing in terms of an explanation as to why.
... View more