Set Audience value
Michael Dahlberg
olgamirth at gmail.com
Mon Jan 23 11:26:06 EST 2017
On Fri, Jan 20, 2017 at 4:53 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 1/20/17, 4:49 PM, "users on behalf of Andrew Morgan" <
> users-bounces at shibboleth.net on behalf of morgan at orst.edu> wrote:
>
> > In relying-party.xml, this is how you do it:
>
> I assumed he was asking for the reference to point to, but I guess both
> bases are covered.
>
>
Scott:
Yes, I was just asking for the SAML reference. I read parts of it and the
only part that deals with Audience tag says the following:
Each bearer assertion MUST contain an <AudienceRestriction> including the
service provider's
unique identifier as an <Audience>.
Other conditions (and other <Audience> elements) MAY be included as
requested by the service
provider or at the discretion of the identity provider. (Of course, all
such conditions MUST be
understood by and accepted by the service provider in order for the
assertion to be considered valid.)
My reading (for what its worth) would suggest that an additional Audience
element may be added at the IdP's discretion. Is this incorrect? If not,
then why is adding the element that Andrew suggests a bug?
Thanks,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170123/9e2652f6/attachment.html>
More information about the users
mailing list