Really strange authorization issue.

Cantor, Scott cantor.2 at
Fri Aug 14 13:54:20 EDT 2015

On 8/14/15, 1:35 PM, "users on behalf of mat houser" <users-bounces at on behalf of mhouser at> wrote:
>IdP V3.1.2. Three servers configured identically with two behind an F5
>ADC and the third a stand-alone test VM. IdP01 works perfectly well with
>all SPs with the exception of Test and IdP02
>both work fine, and 01 appears to be sending all the same attributes
>including the patron ID that the SP is supposed to primary key from.

I guess I would diff a Response from them and see if you spot any important differences.

>Users authenticated by idp01 just get the error "The user is not
>authorized in Alma", even though the assertion definitely contains the
>authorization attribute in the attribute statement.

Well, we can't debug a message from an application. You're going to need them to debug what it actually thinks is wrong.

-- Scott

More information about the users mailing list