I am just setting up 10.7 Portal federated to 10.7 Server. I am using Integrated Windows Authentication. My users have been added to domain groups and those groups have been joined to specific groups in Portal.
Admin accessing any services shared through portal have no issues but when anyone lower than an admin tries the layers will not load in a map. A 403.2 is issued in a web debugger. The web debugger shows the authentication and tokens go through fine. The content they are trying to access is shared with their group. Changeing their level to admin allows them to access the services but as soon as I put them back toa lower level they lose access to the services.