Keeping multiple Audience in same SAML AudienceRestriction tag

book

Article ID: 127754

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We are looking to Keep multiple Audience in same SAML AudienceRestriction tag, but are not able to achieve that result in the assertion.

Currently we are getting it as below. 

<ns2:Conditions NotBefore="***" NotOnOrAfter="***"> 
<ns2:AudienceRestriction> 
<ns2:Audience>abc</ns2:Audience> 
</ns2:AudienceRestriction> 
<ns2:AudienceRestriction> 
<ns2:Audience>abcd</ns2:Audience> 
</ns2:AudienceRestriction> 
</ns2:Conditions> 

But we require as below. 

<ns2:Conditions NotBefore="***" NotOnOrAfter="***"> 
<ns2:AudienceRestriction> 
<ns2:Audience>abc</ns2:Audience> 
<ns2:Audience>abcd</ns2:Audience> 
</ns2:AudienceRestriction> 
</ns2:Conditions> 

Environment

Policy Server and Federation version: R12.52SP1
Federation Partnership

Resolution

Policy Server will include both SPID and configured Audience in the assertion if SPID and Audience values are not the same.

Product is generating assertion as per the SAML specification. If one needs any modification to the product generated assertion, then s/he needs to use Assertion Generator Plugin (AGP).