ComponentSpace

Forums



DisableAudienceRestrictionCheck attribute isn't working


DisableAudienceRestrictionCheck attribute isn't working

Author
Message
ecosta
ecosta
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Forum Members
Posts: 2, Visits: 9
Hi,
For a bad configuration of Idp, where I'm having an issue of wrong URI format, and to not stop my working I tried to use the property DisableAudienceRestrictionCheck as a workaround, but it didn't make the component stop to validate the Audience Restriction Check.

DEBUG INFO: 
dbug: ComponentSpace.Saml2.Utility.XmlSchema[0]
  The 'urn:oasis:names:tc:SAML:2.0:assertion:Audience' element is invalid - The value 'http://srv-stg-app1.infra-nprd.com:Legacy' is invalid according to its datatype 'http://www.w3.org/2001/XMLSchema:anyURI' - The string 'http://srv-stg-app1.infra-nprd.com:Legacy' is not a valid Uri value.

SYSTEM CONFIG:
I have included the option in the appConfig file -> "DisableAudienceRestrictionCheck": true,
In a second try, I have added this option via code in the startup as well
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The DisableAudienceRestrictionCheck disables the check of the audience restriction condition against the configured local provider name.

The exception you're seeing has occurred before this check. We check the received SAML message against the SAML XML schema and this check is failing.

According to the SAML XML schema, the Audience value should be a URI. The actual value "http://srv-stg-app1.infra-nprd.com:Legacy" isn't a URI.

Is "http://srv-stg-app1.infra-nprd.com:Legacy" the value you supplied to the IdP as the provider name (aka entity ID)?

If so, I recommend changing this to a legal URL (eg "http://srv-stg-app1.infra-nprd.com/Legacy") and providing this to the IdP and updating your LocalServiceProviderConfiguration.Name.

If this isn't possible, you'll have to disable the XML schema check by setting the LocalServiceProviderConfiguration.DisableSchemaCheck to true.

For example:

"LocalServiceProviderConfiguration": {
"Name": "https://ExampleServiceProvider",
"Description": "Example Service Provider",
"DisableSchemaCheck": true,





Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search