SP: Assertion contains an unacceptable AudienceRestriction

Cantor, Scott cantor.2 at osu.edu
Fri Aug 14 17:21:24 EDT 2015

On 8/14/15, 5:11 PM, "users on behalf of Brent Putman" <users-bounces at shibboleth.net on behalf of putmanb at georgetown.edu> wrote:
>Ok.  Well, again, just to be clear:  You're saying that in the actual messages that you trace, the AuthnRequest Issuer element value matches *exactly*, character for character, what's in the issued Assertion's Audience element value?
>If so, I really have no explanation.

Nor I, but if you're sanitizing things, I can't really say more than you have a mismatch here, and that's all there is to it.

The change I suggested was not going to work, my mistake there, but it confirms that there's nothing really off here in terms of the SP. You're obviously able to edit the config of the SP that's throwing the error, so it rules out some of the really crazy stuff people have done like edit the wrong server's file.

There just isn't any question here, they don't match. If they look like they do, then there's a hidden character on one end, although I don't know if that's possible in an XML trace.

-- Scott

More information about the users mailing list