ComponentSpace

Forums



How do I configure multiple audience


How do I configure multiple audience

Author
Message
felipe98
felipe98
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 8
I have the following configuration and I have played around with it but I still get the audience mismatch exception. 

    var samlConfiguration = new SAMLConfiguration
    {
      LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration
      {
       Name = local.Name,
       AssertionConsumerServiceUrl = local.AssertionConsumerServiceUrl,
       LocalCertificateFile = local.LocalCertificateFile
      }
    };

    foreach (var serviceProvider in samlConfig.ServiceProvider)
      samlConfiguration.AddPartnerServiceProvider(new PartnerServiceProviderConfiguration() {
       Name = serviceProvider.Name,
       AssertionConsumerServiceUrl = serviceProvider.AssertionConsumerServiceUrl,
       LocalCertificateFile = serviceProvider.LocalCertificateFile
      });

    samlConfiguration.AddPartnerIdentityProvider(
      new PartnerIdentityProviderConfiguration()
      {
       Name = samlConfig.IdentityProvider.Name,
       SignAuthnRequest = samlConfig.IdentityProvider.SignAuthnRequest,
       WantSAMLResponseSigned = samlConfig.IdentityProvider.WantSAMLResponseSigned,
       WantAssertionSigned = samlConfig.IdentityProvider.WantAssertionSigned,
       WantAssertionEncrypted = samlConfig.IdentityProvider.WantAssertionEncrypted,
       SingleSignOnServiceUrl = samlConfig.IdentityProvider.SingleSignOnServiceUrl,
       SingleLogoutServiceUrl = samlConfig.IdentityProvider.SingleLogoutServiceUrl,
       PartnerCertificateFile = samlConfig.IdentityProvider.PartnerCertificateFile,
       DisableAudienceRestrictionCheck = samlConfig.IdentityProvider.DisableAudienceRestrictionCheck
      });

Is the only way to support multiple audience via multiple configurations with each audience configure using LocalServiceProviderConfiguration?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
As per the SAML specification, the audience restriction in the SAML assertion should match the local service provider name.
If it doesn't you get the exception you're seeing unless you set DisableAudienceRestrictionCheck to true.
I wouldn't recommend setting up multiple configurations.
Instead, you should check with the IdP why they're setting the audience restriction to an unexpected value.
The worst case scenario is that you have to set DisableAudienceRestrictionCheck to true.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 3 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search