CA API Management: Audience Restriction Check Failed
Article ID: 103982
Updated On:
Products
CA API Gateway (Layer 7)
SA94 to API SECURITY
STARTER PACK-7
CA Rapid App Security
MOBILE API GATEWAY
CA Mobile - API Gateway
CA API Gateway
Issue/Introduction
When using the OAuth SAML grant you may receive the below error when exchanging the SAML assertion for an access token:
20180629 16:58:02.044 WARNING 6104 SAML token validation errors: SAML Constraint Error: Audience Restriction Check Failed received [Layer7] expected one of [https://GatewayHostName]
Where Layer7 will be your SAML audience defined in the assertion.
20180629 16:58:02.044 WARNING 6104 SAML token validation errors: SAML Constraint Error: Audience Restriction Check Failed received [Layer7] expected one of [https://GatewayHostName]
Where Layer7 will be your SAML audience defined in the assertion.
Environment
Release:
Component: APIESM
Component: APIESM
Resolution
The gateway is setup to validate SAML assertions it has generated. If the audience does not match the Gateway URL as returned by ${request.url.host} the validation will fail.
Please make sure you are using a valid SAML assertion with a properly defined audience.
Please make sure you are using a valid SAML assertion with a properly defined audience.
Feedback
Yes
No
Powered by
