SP: Assertion contains an unacceptable AudienceRestriction

Brent Putman putmanb at georgetown.edu
Fri Aug 14 17:11:10 EDT 2015

On 8/14/15 4:58 PM, Scott Gerlach wrote:
>     >In fact it's not just the request issuer entityID that's
>     different, it's other things like the request Destination and ACS
>     URL.  Were you deliberately obfuscating all of that in what
>     you've been posting?
> I was, and failed miserably ultimately :$ (encoding/deflate got me on
> that one, I knew that was gonna happen...). The replaced strings are
> find/replace for actual servername, acs url, and destination and not
> hand replaced. I have closely checked the request and responses and
> they are not mispelled or mis-capitalized.

Ok.  Well, again, just to be clear:  You're saying that in the actual
messages that you trace, the AuthnRequest Issuer element value matches
*exactly*, character for character, what's in the issued Assertion's
Audience element value?

If so, I really have no explanation.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150814/8ebc49e3/attachment.html>

More information about the users mailing list