Error: Assertion contains an unacceptable AudienceRestriction

Andrea Giammaria andrea.giammaria at
Mon Nov 2 10:47:30 UTC 2020

Ok so if my understanding is correct, to obtain the same result and avoid the use of override I just need to add:

ShibRequestSetting entityIDSelf "https://myappname.whatever/shibboleth"

In the vhost to get the same result?

And about the custom attribute mapping, you said I can use the (deprecated) Alias feature instead of override. I've read something about it ( but I didn't get how to use them and where (specifically in which configuration file), could you pleas make an example?


On 10/30/20, 11:10 AM, "users on behalf of Andrea Giammaria via users" <users-bounces at on behalf of users at> wrote:

>  I'm clearly not a shibboleth guru since I discovered it just some 
> months ago but I found that this configuration well suits my needs since it's easy to understand and to maintain. Should I be concerned for something?

The person you hand this to at some future point will have no idea how to deal with it because overrides are a total mystery to anybody starting out.

If you just want to vhost and establish unique entityIDs per vhost, the entityIDSelf setting applied to the vhost will auto-assign the entityID without needing an override.

-- Scott

More information about the users mailing list