I have a service that calls another one with an ActAs token provided by the ADFS STS (Kerberos endpoint). The token is a bearer type and the service gets called. But for some reason, the new token doesn't contain the roles claims even if the original ActAs token have them. The relying party is the same so the same rules should be appied ? How can I obtain the roles claims in the client ActAs service ?
The problem was that the claim rules on the ADFS wasn't set to pass roles. Problem solved