Hello,
I am getting an exception with the message “The audience URI is not included in the audience restrictions”. I review the Developer Guide and I couldn’t find anything related to the audience attribute. My code works fine with the example SAML. I copied the code to my application and I am getting the exception mentioned again. Any idea what I can do to solve this issue?
Thanks.
The SAML assertion may include an audience restriction condition. If it does then this should specify the name of your service provider. If it doesn’t then you’ll get the exception you are seeing. The most likely cause is a configuration mismatch between your site and the partner identity provider.
Could you please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning this topic? We can then determine exactly what is being sent. Thanks.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace
You were right the was a configuration mismatch between our site and the partner identity provider. Thanks for the help on solving this.
[quote][/quote]
The SAML assertion may include an audience restriction condition. If it does then this should specify the name of your service provider. If it doesn't then you'll get the exception you are seeing. The most likely cause is a configuration mismatch between your site and the partner identity provider.
Could you please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning this topic? We can then determine exactly what is being sent. Thanks.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Could you please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning this topic? We can then determine exactly what is being sent. Thanks.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Client is sending Audience Restriction URL - https://example.com but we are looking for https://example.com?clientid=abc.
Is there way to match audience only URL and ignore query portion(?clientid =abc) ?
I can change code to match for https://example.com but all other client is sending me with query and hard to ask other client to change URL.
So I want match either "https://example.com" or "https://example.com?clientid=abc"
I am using component space 2.06 net core
Thank you.
We use a string comparison as the audience should be a URI but isn’t always.
The best option is to disable this check by adding the following to your SAML configuration for the partner IdP.
“DisableAudienceRestrictionCheck”: true