<div dir="ltr"><div class="gmail_extra">Thanks Scott, <br><div class="gmail_quote"><br></div><div class="gmail_quote">On Mon, Sep 8, 2014 at 10:02 AM, Cantor, Scott <span dir="ltr"><<a href="mailto:cantor.2@osu.edu" target="_blank">cantor.2@osu.edu</a>></span> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div id=":r9" class="" style="overflow:hidden">Look closer at the message and you'll see that's not true. It notes the<br>
namespaces of the content it will look for.</div></blockquote></div><div class="gmail_extra"><br></div><div class="gmail_extra">I had missed the subtle difference between the two clearly defined namespaces shown at the top of relying-party.xml. </div><div class="gmail_extra"><div class="gmail_extra"><br></div><div class="gmail_extra">xmlns:<b>rp</b>="urn:mace:shibboleth:2.0:relying-party" xmlns:<b>saml</b>="urn:mace:shibboleth:2.0:relying-party:saml"</div><div><br></div><div>For others, here is the Error message I glossed over quickly. </div></div><div class="gmail_extra"><br></div>The root cause of this error was: org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'rp:AudienceRestriction'. One of '{"urn:mace:shibboleth:2.0:relying-party:saml":Audience, "urn:mace:shibboleth:2.0:relying-party:saml":ProxyAudience}' is expected.<br></div><div class="gmail_extra"><br></div><div class="gmail_extra">I am now testing the following which I believe should work</div><div class="gmail_extra"><br></div><div class="gmail_extra"><div style="font-family:arial,sans-serif;font-size:13px"> <rp:RelyingParty id="<a href="https://service.providerlogin.com/" target="_blank">https://service.providerlogin.com</a>" provider="<a href="https://my.idp.com/idp/shibboleth" target="_blank">https://my.idp.com/idp/shibboleth</a>" defaultSigningCredentialRef="IdPCredential"></div><div style="font-family:arial,sans-serif;font-size:13px"> <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" encryptAssertions="never" encryptNameIds="never"></div><div style="font-family:arial,sans-serif;font-size:13px"> <<b>saml</b>:Audience><a href="https://saml2.providerlogin.com/" target="_blank">https://saml2.providerlogin.com</a></<b>saml</b>:Audience><br></div><div style="font-family:arial,sans-serif;font-size:13px"> </rp:ProfileConfiguration><br></div><div style="font-family:arial,sans-serif;font-size:13px"> </rp:RelyingParty></div></div></div>