Why can’t patrons authenticate after a successful patron load?

Symptom

• Patron load completes without errors.
• Patrons receive login failures despite correct credentials.
• Review of patron data shows mixed case in idAtSource compared to IdP values.

Applies to

• WorldShare Management System (WMS)
• Tipasa

Resolution

The authentication system checks that the user ID in the patron record matches the one from your Identity Provider exactly, including uppercase and lowercase letters.  Case differences (e.g., JohnDoe vs johndoe) result in failed authentication.

1. Verify IdP Identifier Format:

   • Check the persistent identifier returned by your IdP (Active Directory, SAML, etc.).
   • Confirm whether it uses lowercase, uppercase, or mixed case.

2. Normalize Patron Data Before Load:

   • Ensure idAtSource values in the patron file match the IdP identifier exactly, including case.
   • Apply transformations (e.g., convert to lowercase) if your IdP enforces a specific format.

3. Reload Corrected Patron Records:

   • Update patron data files with the corrected case.
   • Reload affected records.

4. Validate Post-Load:

   • Test authentication for a sample patron to confirm successful login.

Additional information

Authentication methods and patron data load

Matching rules for patron data

Page ID