ComponentSpace

Forums



The audience URI is not included in the audience restrictions


The audience URI is not included in the audience restrictions

Author
Message
syncbase
syncbase
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 17
Hello,

I am getting an exception with the message "The audience URI is not included in the audience restrictions". I review the Developer Guide and I couldn't find anything related to the audience attribute. My code works fine with the example SAML. I copied the code to my application and I am getting the exception mentioned again. Any idea what I can do to solve this issue?

Thanks.



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The SAML assertion may include an audience restriction condition. If it does then this should specify the name of your service provider. If it doesn't then you'll get the exception you are seeing. The most likely cause is a configuration mismatch between your site and the partner identity provider.
Could you please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning this topic? We can then determine exactly what is being sent. Thanks.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace


Regards
ComponentSpace Development
syncbase
syncbase
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 17
You were right the was a configuration mismatch between our site and the partner identity provider. Thanks for the help on solving this.

akcatchme
akcatchme
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Awaiting Activation
Posts: 5, Visits: 45
ComponentSpace - 1/4/2016
The SAML assertion may include an audience restriction condition. If it does then this should specify the name of your service provider. If it doesn't then you'll get the exception you are seeing. The most likely cause is a configuration mismatch between your site and the partner identity provider.
Could you please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning this topic? We can then determine exactly what is being sent. Thanks.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace

Client is sending Audience Restriction URL -  https://example.com  but we are looking for  https://example.com?clientid=abc.
Is there way to match audience only URL and ignore query portion(?clientid =abc) ?  

I can change code to  match for https://example.com but all other client is sending me with query and hard to ask other client to change URL.
So I want match either  "https://example.com" or "https://example.com?clientid=abc"

I am using component space 2.06 net core  

Thank you.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
We use a string comparison as the audience should be a URI but isn't always.
The best option is to disable this check by adding the following to your SAML configuration for the partner IdP.
"DisableAudienceRestrictionCheck": true

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search