In our SAML connection, Auth0 acts as a service provider with HelloID as the identity provider. Auth0 asks HelloID for authentication, and HelloID responds with SAML data that includes two audiences. The first is the Auth0 post-back URL itself and the second is the SAML entity ID for our connection. (Note that Auth0 requires that the audience be the SAML entity ID.)
In this scenario, Auth0 issues an “Invalid audience” error.
Is this problem because Auth0 doesn’t like SAML data with multiple audiences, or that it requires the first audience to be the entity ID? Is there any way to avoid the error when the SAML has multiple audiences?