Skip to main content
OCLC Support

Why am I getting the "Inter-institutional access failure. Please contact your system administrator for assistance." error when using SAML authentication and EZproxy?

Symptom
  • After submitting credentials on my SAML SSO login screen, I get the error message "Inter-institutional access failure. Please contact your system administrator for assistance."
Applies to
  • EZproxy
Resolution

Follow these steps:

  1. Check your messages.txt file to see what errors you are getting
  2. Generate new metadata from your SSO system and load it to your EZproxy server
  3. Generate new metadata from your EZproxy system and load it to your SSO system
  4. If version 6.6.2 or newer, update the shibboleth metadata directives -SignResponse=false -SignAssertion=true -EncryptAssertion=false \ based upon the error in the messages.txt file.
Additional information

The certificates that are being used for SAML authentication have been changed on one or both of the systems and the metadata available has not been updated to reflect the new certificates

If the error in the messages.txt file states SAML Assertion is not signed, signature is required. Change the flag for -SignAssertion= from true to false and this is true of all of the flags.

Page ID
28723