Really strange authorization issue.
Cantor, Scott
cantor.2 at osu.edu
Fri Aug 14 13:54:20 EDT 2015
On 8/14/15, 1:35 PM, "users on behalf of mat houser" <users-bounces at shibboleth.net on behalf of mhouser at uwm.edu> wrote:
>
>IdP V3.1.2. Three servers configured identically with two behind an F5
>ADC and the third a stand-alone test VM. IdP01 works perfectly well with
>all SPs with the exception of alma.exlibrisgroup.com. Test and IdP02
>both work fine, and 01 appears to be sending all the same attributes
>including the patron ID that the SP is supposed to primary key from.
I guess I would diff a Response from them and see if you spot any important differences.
>Users authenticated by idp01 just get the error "The user is not
>authorized in Alma", even though the assertion definitely contains the
>authorization attribute in the attribute statement.
Well, we can't debug a message from an application. You're going to need them to debug what it actually thinks is wrong.
-- Scott
More information about the users
mailing list