SP: Assertion contains an unacceptable AudienceRestriction

Cantor, Scott cantor.2 at osu.edu
Fri Aug 14 12:52:39 EDT 2015

On 8/14/15, 12:40 PM, "users on behalf of Scott Gerlach" <users-bounces at shibboleth.net on behalf of sgerlach at gmail.com> wrote:

>    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://myserver.com</saml:Issuer>

Well, there's nothing indicating it wouldn't be looking for that string in the Audience. As long as there's no ApplicationOverride there can only be one entityID configured, and that's what's going in Issuer. And that's what was in the Response. So I'm lost here, there's no explanation for that error to be happening.

As a sanity check, what I would probably do is edit security-policy.xml and comment out the Audience rule. If that works, then I guess one option might be to start manipulating that rule by trying to add an explicit Audience to check. If that doesn't work, then you're not modifying the config for the SP that's actually throwing this error.

-- Scott

More information about the users mailing list