Audience Child Element of SAML2SSOProfile
Ian MacDonald
ian+list at dotto-one.com
Mon Sep 8 10:29:01 EDT 2014
Thanks Scott,
On Mon, Sep 8, 2014 at 10:02 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> Look closer at the message and you'll see that's not true. It notes the
> namespaces of the content it will look for.
>
I had missed the subtle difference between the two clearly defined
namespaces shown at the top of relying-party.xml.
xmlns:*rp*="urn:mace:shibboleth:2.0:relying-party" xmlns:*saml*
="urn:mace:shibboleth:2.0:relying-party:saml"
For others, here is the Error message I glossed over quickly.
The root cause of this error was: org.xml.sax.SAXParseException:
cvc-complex-type.2.4.a: Invalid content was found starting with element
'rp:AudienceRestriction'. One of
'{"urn:mace:shibboleth:2.0:relying-party:saml":Audience,
"urn:mace:shibboleth:2.0:relying-party:saml":ProxyAudience}' is expected.
I am now testing the following which I believe should work
<rp:RelyingParty id="https://service.providerlogin.com" provider="
https://my.idp.com/idp/shibboleth"
defaultSigningCredentialRef="IdPCredential">
<rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
encryptAssertions="never" encryptNameIds="never">
<*saml*:Audience>https://saml2.providerlogin.com</*saml*
:Audience>
</rp:ProfileConfiguration>
</rp:RelyingParty>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140908/43091888/attachment.html
More information about the users
mailing list