A little bit more information I've found.

If I authenticate to any of our other protected resources first, then I
am able to get to this specific resource. It seems that when I'm
redirecting to the login URL, it isn't storing the session information
and/or passing me the correct cookie so that when I hit this resource
again it knows what roles I belong to.

It doesn't sound ideal/elegant/efficient, but I'm going to try creating
a separate resource that is nothing but a page that redirects me back to
this resource when I hit it to see if that will fix the issue until a
better solution can be found.

djaquays's Profile: https://forums.netiq.com/member.php?userid=2530
View this thread: https://forums.netiq.com/showthread.php?t=48316