Audiencerestriction issue and I see that audience is populated and we have a saml rule

adonis.davis · November 2, 2022, 9:00pm

saml2:missing-required-field:audiencerestriction"

Seeing this error and as you can guess I am not seeing it in the saml being passed. I don’t understand why this error is appearing. I do see the audience value filled out in my new tenant config.

We have this configured in rules for our tenant and it should be passing the value for audience but it doesn’t seem to be reading the rule we have setup for saml. Example of the rule I am have in place is below.

function (user, context, callback) {
context.samlConfiguration = context.samlConfiguration || {};

context.samlConfiguration.mappings = {
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": “user_id”,
“firstName”: “user_metadata.given_name”,
“lastName”: “user_metadata.family_name”,
“email”: “email”
};

context.samlConfiguration.nameIdentifierProbes = [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
];

if (context.clientName === ‘{application name’) {
context.samlConfiguration.audience = “{metadata url}”;
}

callback(null, user, context);
}

konrad.sopala · January 8, 2024, 8:54am

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!