SP: Assertion contains an unacceptable AudienceRestriction
Brent Putman
putmanb at georgetown.edu
Fri Aug 14 17:11:10 EDT 2015
On 8/14/15 4:58 PM, Scott Gerlach wrote:
>
> >In fact it's not just the request issuer entityID that's
> different, it's other things like the request Destination and ACS
> URL. Were you deliberately obfuscating all of that in what
> you've been posting?
>
> I was, and failed miserably ultimately :$ (encoding/deflate got me on
> that one, I knew that was gonna happen...). The replaced strings are
> find/replace for actual servername, acs url, and destination and not
> hand replaced. I have closely checked the request and responses and
> they are not mispelled or mis-capitalized.
Ok. Well, again, just to be clear: You're saying that in the actual
messages that you trace, the AuthnRequest Issuer element value matches
*exactly*, character for character, what's in the issued Assertion's
Audience element value?
If so, I really have no explanation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150814/8ebc49e3/attachment.html>
More information about the users
mailing list