SAML IDP Sends No Audience

rueben.tiow · April 2, 2024, 5:24pm

Problem statement

This article explains why a SAML connection with an Identity Provider who’s SAML response doesn’t include an audience or Audience Restriction attribute, which causes the flow to throw an error with invalid audience.

Symptoms

A SAML connection with an Identity Provider who’s SAML response doesn’t include an audience or Audience Restriction attribute, which causes the flow to throw an error with invalid audience.

Troubleshooting

The Identity Provider says that this attribute shouldn’t be required by the SP, according to SAML protocol.

Solution

There’s a connection option you can enable with this Management API endpoint.

Using GET, add the connection options object first and add the following key-value pair:

"options" : { 
     ...,
     "checkAudience": false
   }

With this option, the Audience restriction attribute will not be checked.

Note : If you use the options parameter, the entire options object is overridden . To avoid partial data or other issues, ensure all parameters are present when using this option.

Topic		Replies	Views
SAMLResponse Audience is invalid Help connections , saml-enterprise-connection	2	4054	February 14, 2023
“Audience is invalid” Error in SAML with custom domain Help connections , saml-enterprise-connection	3	562	February 15, 2024
"Audience is invalid" Error in SAML and Entity ID Knowledge Articles audience-is-invalid , saml-enterprise-connections , entity-id	1	1541	May 2, 2023
SAML Post-Back URL receiving two audiences causes “Invalid audience” error even though one audience is correct Help saml , audience-is-invalid	4	5323	March 2, 2018
IdP-Initiated SSO - Audience is Ignored Help saml , jwt , sso , access-token , samlp	3	4013	March 2, 2018

SAML IDP Sends No Audience

Problem statement

Symptoms

Troubleshooting

Solution

Related Topics