SP: Assertion contains an unacceptable AudienceRestriction
putmanb at georgetown.edu
Fri Aug 14 19:33:59 EDT 2015
On 8/14/15 7:30 PM, Scott Gerlach wrote:
> Quick question on this topic, is the IdP/Browser supposed to be
> posting back to the /Shibboleth.sso/SAML/POST URI or the
> /Shibboleth.sso/Login URI? I was reading some other threads and
> though I thought I knew, I am now confused...
The former, at least for the SAML POST binding. That's what you would
likely see in the AuthnRequest as the AssertionConsumerServiceURL
(unless the requester indicated the ACS URL via metadata index rather
The latter is a LoginInitiator endpoint, which is a Shibboleth-specific
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users