We have configured a SAML connection. Users are correctly redirected to the idP. But when the SAML response is posted to auth0, users are redirected with the error message “Audience is invalid”. with the audience set as per the documentation urn:auth0:TENANT:CONNECTION_NAME
When trying to confirm the entityID (corresponding to the audience if our understanding is correct) by querying ‘https://TENANT.auth0.com/api/v2/connections/CONNECTION_ID’, we cannot see the entityId while it is apparently supposed to be there.
For information, we are using a custom domain with the /authorize request and the ACS URL with our identity provider matching.
Please ensure you have set the necessary entity id on the IdP end, it may appear also appear as audience. The IdP will then send this to auth0 in the SAML response.
We confirmed that the issue was coming from a mismatch between the registered Entity ID on the IdP side and ours. Our misunderstanding came from the error message: “audience is invalid. Configured urn:auth0::<tenant_name>:<connection_name>" was actually referring to the configured value on our side, not the value configured on their side that would be invalid.