Really strange authorization issue.

mat houser mhouser at
Fri Aug 14 13:35:57 EDT 2015

Hi Shib Users.

I'm in the process of trying to figure out something really odd with a
particular SP, and I'm stumped at the moment.

IdP V3.1.2. Three servers configured identically with two behind an F5
ADC and the third a stand-alone test VM. IdP01 works perfectly well with
all SPs with the exception of Test and IdP02
both work fine, and 01 appears to be sending all the same attributes
including the patron ID that the SP is supposed to primary key from.

Users authenticated by idp01 just get the error "The user is not
authorized in Alma", even though the assertion definitely contains the
authorization attribute in the attribute statement.

None of the servers have any special relying party configuration for the
SP, and 01 fails auth both when a member of the pool and when accessed

Any ideas as to what could be going on here?


mhouser at

More information about the users mailing list