Really strange authorization issue.
mat houser
mhouser at uwm.edu
Fri Aug 14 13:35:57 EDT 2015
Hi Shib Users.
I'm in the process of trying to figure out something really odd with a
particular SP, and I'm stumped at the moment.
IdP V3.1.2. Three servers configured identically with two behind an F5
ADC and the third a stand-alone test VM. IdP01 works perfectly well with
all SPs with the exception of alma.exlibrisgroup.com. Test and IdP02
both work fine, and 01 appears to be sending all the same attributes
including the patron ID that the SP is supposed to primary key from.
Users authenticated by idp01 just get the error "The user is not
authorized in Alma", even though the assertion definitely contains the
authorization attribute in the attribute statement.
None of the servers have any special relying party configuration for the
SP, and 01 fails auth both when a member of the pool and when accessed
directly.
Any ideas as to what could be going on here?
Thanks,
-mat
--
-------------
mat:houser
mhouser at uwm.edu
uwm:uits:iam-support
-------------
More information about the users
mailing list