SP: Assertion contains an unacceptable AudienceRestriction

Brent Putman putmanb at georgetown.edu
Fri Aug 14 19:33:59 EDT 2015

On 8/14/15 7:30 PM, Scott Gerlach wrote:
> Quick question on this topic, is the IdP/Browser supposed to be
> posting back to the /Shibboleth.sso/SAML/POST URI or the
> /Shibboleth.sso/Login URI? I was reading some other threads and
> though I thought I knew, I am now confused...

The former, at least for the SAML POST binding.  That's what you would
likely see in the AuthnRequest as the AssertionConsumerServiceURL
(unless the requester indicated the ACS URL via metadata index rather
than value).

The latter is a LoginInitiator endpoint, which is a Shibboleth-specific

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150814/b92cc649/attachment.html>

More information about the users mailing list