> -----Original Message-----
> From: Discussion list for Shibboleth developments [mailto:JISC-
> [log in to unmask]] On Behalf Of Peter Schober
> Sent: 05 June 2015 12:23
>
> Next I'd look at where and how you determine who's assigned the common-
> lib-terms entitlement, e.g. in an LDAP directory, or "live" on each access in
> the SAML IDP.
>
> Then make sure the person has all the required attributes in your
> authoritative data source (e.g. HR) and any downstream systems (LDAP,
> etc) consulted by the SAML IDP.
>
[Andy Swiffin]
Are you setting the attribute in AD on people or generating it in the attribute resolver?
Like Peter says, is it there in AD in the first case! Or if generated on the fly in, e.g. a scriptlet (how we do it) are any conditions being met?
Have you tried checking with aacli what is being released for that user?
HTH
Andy
The University of Dundee is a registered Scottish Charity, No: SC015096
|