When using the OAuth SAML grant you may receive the below error when exchanging the SAML assertion for an access token:

WARNING 6104 SAML token validation errors: SAML Constraint Error: Audience Restriction Check Failed received [Layer7] expected one of [https://GatewayHostName]

Where Layer7 will be your SAML audience defined in the assertion.

Release:
Component: Gateway

The gateway is setup to validate SAML assertions that was generated by the same gateway.  If the audience does not match the Gateway URL as returned by ${request.url.host} the validation will fail.

Please make sure you are using a valid SAML assertion with a properly defined audience.