Audience Child Element of SAML2SSOProfile

Ian MacDonald ian+list at
Mon Sep 8 10:29:01 EDT 2014

Thanks Scott,

On Mon, Sep 8, 2014 at 10:02 AM, Cantor, Scott <cantor.2 at> wrote:

> Look closer at the message and you'll see that's not true. It notes the
> namespaces of the content it will look for.

I had missed the subtle difference between the two clearly defined
namespaces shown at the top of relying-party.xml.

xmlns:*rp*="urn:mace:shibboleth:2.0:relying-party" xmlns:*saml*

For others, here is the Error message I glossed over quickly.

The root cause of this error was: org.xml.sax.SAXParseException:
cvc-complex-type.2.4.a: Invalid content was found starting with element
'rp:AudienceRestriction'. One of
"urn:mace:shibboleth:2.0:relying-party:saml":ProxyAudience}' is expected.

I am now testing the following which I believe should work

   <rp:RelyingParty id="" provider=""
      <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
encryptAssertions="never" encryptNameIds="never">
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list