SP: Assertion contains an unacceptable AudienceRestriction

Cantor, Scott cantor.2 at osu.edu
Thu Aug 13 13:13:10 EDT 2015

On 8/13/15, 12:25 PM, "users on behalf of Scott Gerlach" <users-bounces at shibboleth.net on behalf of sgerlach at gmail.com> wrote:

>Changed sections of shibboleth.xml
> <ApplicationDefaults entityID="https://myserver.com/"

I really don't advise trailing slashes in an entityID, it's very error prone, but that aside, the bottom line is that that's the value it's going to look for in the Audience. So if it's not there, and the IdP isn't Shibboleth, the problem is with the IdP end.

>Okta Side
>SSO URL: https://myserver.com/Shibboleth.sso/SAML2/POST
>Audience URI: https://myserver.com/

Well, that ain't working, basically.

>Any advice on where I messed this up / how to fix?

Trace the SAML and see what it's putting in there.

-- Scott

More information about the users mailing list