ValidateAudience: No allowed audience for client
Schofield, Richie
Richie.Schofield at netapp.com
Wed Jun 8 19:36:37 UTC 2022
Awesome, that has unblocked me. Thank you very much for your help, Scott.
I’ve got one more thing that I need help with.
I’m getting this error below but I did exactly what was in the initial setup doc. I didn’t modify oidc.properties and I generated a new version of the jwk files.
Any idea of what I can do to troubleshoot this? (side note, marking encryption as optional allows me to complete the workflow)
2022-06-08 15:31:35,601 - 10.249.157.188 - WARN [org.opensaml.xmlsec.impl.BasicEncryptionParametersResolver:243] - Validation failure: Failed to resolve an encryption key
From: Cantor, Scott <cantor.2 at osu.edu>
Date: Tuesday, June 7, 2022 at 3:01 PM
To: Schofield, Richie <Richie.Schofield at netapp.com>, Shib Users <users at shibboleth.net>
Subject: Re: ValidateAudience: No allowed audience for client
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
On 6/7/22, 2:46 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
> I cannot, however, find examples of setting an audience using the oidc-client.json or in the
> OAuthRPMetadataProfile doc.
I fixed the missing reference in the profile page. The Client Credentials docs mention the JSON claim:
"There is no standard metadata representation for allowed audience, so this is an extension. In the case of JSON metadata, a claim called “audience” is used, while in SAML format, the <saml:Audience> element is used."
I'll add some metadata examples to the page when I have more time.
-- Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220608/75ca3427/attachment.htm>
More information about the users
mailing list