Really strange authorization issue.
mat houser
mhouser at uwm.edu
Fri Aug 14 14:18:06 EDT 2015
Thanks to Mr Koranda this seems sorted out.
The clock on the failing node was just a little under a minute in the
future, which most SPs didn't seem to care about, but exlibris evidently
did.
Thanks,
-mat
--
-------------
mat:houser
mhouser at uwm.edu
uwm:uits:iam-support
-------------
On Fri, 14 Aug 2015, Cantor, Scott wrote:
On 8/14/15, 1:35 PM, "users on behalf of mat houser" <users-bounces at shibboleth.net on behalf of mhouser at uwm.edu> wrote:
>
>IdP V3.1.2. Three servers configured identically with two behind an F5
>ADC and the third a stand-alone test VM. IdP01 works perfectly well with
>all SPs with the exception of alma.exlibrisgroup.com. Test and IdP02
>both work fine, and 01 appears to be sending all the same attributes
>including the patron ID that the SP is supposed to primary key from.
I guess I would diff a Response from them and see if you spot any important differences.
>Users authenticated by idp01 just get the error "The user is not
>authorized in Alma", even though the assertion definitely contains the
>authorization attribute in the attribute statement.
Well, we can't debug a message from an application. You're going to need them to debug what it actually thinks is wrong.
-- Scott
More information about the users
mailing list