IDP4 and onelogin
Cantor, Scott
cantor.2 at osu.edu
Tue May 5 11:38:22 EDT 2020
On 5/5/20, 11:30 AM, "users on behalf of Jerry Bailie" <users-bounces at shibboleth.net on behalf of jebailie at vassar.edu> wrote:
> The assertion from OL to our IDP works
If that were true, the log message you posted would be impossible since that's code from the validation of the proxied assertion by the IdP.
Either you fed OneLogin the wrong entityID to act on or it's not including the entityID in an AudienceRestriction condition in the assertion in accordance with the specification. Probably the latter given that OneLogin is commercial SAML, and therefore more or less non-compliant by definition.
-- Scott
More information about the users
mailing list