Skip to main content
OCLC Support

Why am I getting Inter-institutional access failure. Please contact your system administrator for assistance. when using SAML authentication and EZproxy

Symptom
  • After submitting credentials on my SAML SSO login screen I get this error message Inter-institutional access failure. Please contact your system administrator for assistance.
Applies to
  • all EZproxy versions.
Resolution

Short introduction or instructions to follow these steps:

  1. Generate new metadata from your SSO system and load it to your EZproxy server
  2. Generate new metadata form your EZproxy system and load it to your SSO system
  3. If version 6.6.2 or newer, update the shibboleth metadata directives -SignResponse=false -SignAssertion=true -EncryptAssertion=false \ based upon the error in the messages.txt file.
Additional information

The certificates that are being used for SAML authentication have been changed on one or both of the systems and the metadata available has not been updated to reflect the new certificates

If the error in the messages.txt file states SAML Assertion is not signed; signature is required, Change the flag for -SignAssertion= from true to false and this is true of all of the flags.

Page ID
28723