SP: Assertion contains an unacceptable AudienceRestriction
Cantor, Scott
cantor.2 at osu.edu
Thu Aug 13 14:27:10 EDT 2015
On 8/13/15, 2:19 PM, "users on behalf of Scott Gerlach" <users-bounces at shibboleth.net on behalf of sgerlach at gmail.com> wrote:
>I was *very* careful to copy out the relevant sections that changed from default install. I only have the default entity set.
That's why my only thought was you had explicitly provided the entityID to the IdP somehow and that it was set wrong there.
>I don't have any Application Overrides set and the only mapping I have is to the default, as shown in config I posted
Yes. And it appeared that removing the trailing slash took effect, which means you're editing a file that apparently did in fact affect the running system.
>Any other logging I could turn up to be able to help troubleshoot this issue.
No. The audience set by default is just the SP's entityId setting. It's possible to add others in with some advanced configuration, but all you'd be adding is the same value it's already using.
I really have no explanation. Nothing fits but a mistyped string in a file.
I guess maybe some oddness with the XML from Okta could be involved. That can be subtle. Can you post the entire Response?
-- Scott
More information about the users
mailing list