[Shib-Users] assertion contains unacceptable audience restriction!

[Hafeez ur Rehman]

Hi,

I am using shibbolteh- sp2.3 and when I communicate with Idp-2.3 after authentication while returning the SAML response, It gives the following error message,

opensaml::FatalProfileException at (https://sp-test.polito.it/securePEPS/Shibboleth.sso/SAML2/POST)
 'Assertion contains an unacceptable AudienceRestriction.'

my apache log shows the following message,
[error] [client 127.0.0.1] File does not exist: /opt/shibboleth-sp2/share/doc/shibboleth, referer: https://sp-test.polito.it/securePEPS/Shibboleth.sso/SAML2/POST

I checked the file shibboleth in /opt/shibboleth-sp2/share/doc/ but It is shibboleth-2.3.1 how to solve this issue?

reg,
Hafeez

[Scott Cantor]

> I am using shibbolteh- sp2.3 and when I communicate with Idp-2.3 after

There is no IdP 2.3. My guess is the IdP is 1.3.

> authentication while returning the SAML response, It gives the following
> error message,
>
> opensaml::FatalProfileException at (https://sp-
> test.polito.it/securePEPS/Shibboleth.sso/SAML2/POST)
> 'Assertion contains an unacceptable AudienceRestriction.'

Your metadata at the IdP is inconsistent with your SP's configuration, the
entityID's don't match.

> my apache log shows the following message,
> [error] [client 127.0.0.1] File does not exist: /opt/shibboleth-
> sp2/share/doc/shibboleth, referer: https://sp-
> test.polito.it/securePEPS/Shibboleth.sso/SAML2/POST

That has nothing to do with it.

> I checked the file shibboleth in /opt/shibboleth-sp2/share/doc/ but It is
> shibboleth-2.3.1 how to solve this issue?

Fix your web server's alias to that directory?

-- Scott

[Hafeez ur Rehman]

Hi,

The Idp is 2.0 but I resolved the error, thankx for the help.

reg,

Hafeez