Keeping multiple Audience in same SAML AudienceRestriction tag
Article ID: 127754
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
AXIOMATICS POLICY SERVER
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
We are looking to Keep multiple Audience in same SAML AudienceRestriction tag, but are not able to achieve that result in the assertion.
Currently we are getting it as below.
<ns2:Conditions NotBefore="***" NotOnOrAfter="***">
<ns2:AudienceRestriction>
<ns2:Audience>abc</ns2:Audience>
</ns2:AudienceRestriction>
<ns2:AudienceRestriction>
<ns2:Audience>abcd</ns2:Audience>
</ns2:AudienceRestriction>
</ns2:Conditions>
But we require as below.
<ns2:Conditions NotBefore="***" NotOnOrAfter="***">
<ns2:AudienceRestriction>
<ns2:Audience>abc</ns2:Audience>
<ns2:Audience>abcd</ns2:Audience>
</ns2:AudienceRestriction>
</ns2:Conditions>
Currently we are getting it as below.
<ns2:Conditions NotBefore="***" NotOnOrAfter="***">
<ns2:AudienceRestriction>
<ns2:Audience>abc</ns2:Audience>
</ns2:AudienceRestriction>
<ns2:AudienceRestriction>
<ns2:Audience>abcd</ns2:Audience>
</ns2:AudienceRestriction>
</ns2:Conditions>
But we require as below.
<ns2:Conditions NotBefore="***" NotOnOrAfter="***">
<ns2:AudienceRestriction>
<ns2:Audience>abc</ns2:Audience>
<ns2:Audience>abcd</ns2:Audience>
</ns2:AudienceRestriction>
</ns2:Conditions>
Environment
Policy Server and Federation version: R12.52SP1
Federation Partnership
Federation Partnership
Resolution
Policy Server will include both SPID and configured Audience in the assertion if SPID and Audience values are not the same.
Product is generating assertion as per the SAML specification. If one needs any modification to the product generated assertion, then s/he needs to use Assertion Generator Plugin (AGP).
Product is generating assertion as per the SAML specification. If one needs any modification to the product generated assertion, then s/he needs to use Assertion Generator Plugin (AGP).
Feedback
Yes
No
Powered by
