ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CA API Management: Audience Restriction Check Failed


Article ID: 103982


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


When using the OAuth SAML grant you may receive the below error when exchanging the SAML assertion for an access token:

20180629 16:58:02.044 WARNING 6104 SAML token validation errors: SAML Constraint Error: Audience Restriction Check Failed received [Layer7] expected one of [https://GatewayHostName]

Where Layer7 will be your SAML audience defined in the assertion.


Component: APIESM


The gateway is setup to validate SAML assertions it has generated.  If the audience does not match the Gateway URL as returned by ${} the validation will fail.

Please make sure you are using a valid SAML assertion with a properly defined audience.