<p dir="ltr"></p>
<p dir="ltr">Hi, </p>
<p dir="ltr">I have a requirement to add the <saml2:Audience> restriction to my IDP's SAML2SSOProfile configuration. </p>
<p dir="ltr">From <a href="https://wiki.shibboleth.net/confluence/display/SHIB2/IdPSAML2SSOProfileConfig">https://wiki.shibboleth.net/confluence/display/SHIB2/IdPSAML2SSOProfileConfig</a> it looks to me like I should be able to simply add a child element to the Relying Party configuration. </p>
<p dir="ltr">I took my working RelyingParty configuration below:</p>
<p dir="ltr"> <rp:RelyingParty id="<a href="https://service.providerlogin.com/">https://service.providerlogin.com</a>" provider="<a href="https://my.idp.com/idp/shibboleth">https://my.idp.com/idp/shibboleth</a>" defaultSigningCredentialRef="IdPCredential"></p>
<p dir="ltr"> <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" encryptAssertions="never" encryptNameIds="never"/></p>
<p dir="ltr"> </rp:RelyingParty></p>
<p dir="ltr"> </p>
<p dir="ltr">And added the Audience Child Element similar to below:</p>
<p dir="ltr"> <rp:RelyingParty id="<a href="https://service.providerlogin.com/">https://service.providerlogin.com</a>" provider="<a href="https://my.idp.com/idp/shibboleth">https://my.idp.com/idp/shibboleth</a>" defaultSigningCredentialRef="IdPCredential"></p>
<p dir="ltr"> <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" encryptAssertions="never" encryptNameIds="never"></p>
<p dir="ltr"> <rp:Audience><a href="https://saml2.providerlogin.com/">https://saml2.providerlogin.com</a></rp:Audience></p>
<p dir="ltr"> </rp:ProfileConfiguration></p>
<p dir="ltr"> </rp:RelyingParty></p>
<p dir="ltr">What I end up with is a SAXParseException error on the relying-party.xml file that is confusing because it states that the element is incorrect, and then lists it as potentially acceptable elements.</p>
<p dir="ltr">I can't seem to find any good examples using the Audience child element. Any help appreciated. I'm expecting it's some simple attribute or namespace error not obvious to me.</p>
<p dir="ltr">cheers,<br>
Ian </p>