Error: Assertion contains an unacceptable AudienceRestriction
andrea.giammaria at avanade.com
Mon Nov 2 10:47:30 UTC 2020
Ok so if my understanding is correct, to obtain the same result and avoid the use of override I just need to add:
ShibRequestSetting entityIDSelf "https://myappname.whatever/shibboleth"
In the vhost to get the same result?
And about the custom attribute mapping, you said I can use the (deprecated) Alias feature instead of override. I've read something about it (https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeExtractor) but I didn't get how to use them and where (specifically in which configuration file), could you pleas make an example?
On 10/30/20, 11:10 AM, "users on behalf of Andrea Giammaria via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
> I'm clearly not a shibboleth guru since I discovered it just some
> months ago but I found that this configuration well suits my needs since it's easy to understand and to maintain. Should I be concerned for something?
The person you hand this to at some future point will have no idea how to deal with it because overrides are a total mystery to anybody starting out.
If you just want to vhost and establish unique entityIDs per vhost, the entityIDSelf setting applied to the vhost will auto-assign the entityID without needing an override.
More information about the users