<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007IX1aTCATOkta Classic EngineSingle Sign-OnAnswered2022-03-01T20:30:22.000Z2021-11-22T22:37:30.000Z2022-03-01T20:30:22.000Z

LaineK.95757 (Customer) asked a question.

November 22, 2021 at 10:37 PM
SAML2 Signing: AudienceRestriction' of type 'null' in assertion

Hello,

 

 

 

I am getting the following errors when I am trying to authenticate using SAML2 (SP initiated) using Spring security:

 

 

 

OpenSamlAuthenticationProvider Found 1 validation errors in SAML response [id***************************]: [[invalid_assertion] Invalid assertion [idxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] for SAML response [id***************************]: Condition '{urn:oasis:names:tc:SAML:2.0:assertion}AudienceRestriction' of type 'null' in assertion 'idxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' was not valid.: None of the audiences within Assertion 'idxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' matched the list of valid audiances]

 

2021-11-22 15:15:32,537 http-nio-0.0.0.0-8080-exec-1 DEBUG  DefaultAuthenticationEventPublisher No event was found for the exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException

 

2021-11-22 15:15:32,537 http-nio-0.0.0.0-8080-exec-1 TRACE  Saml2WebSsoAuthenticationFilter Failed to process authentication request org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException: Invalid assertion [idxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] for SAML response [id***************************]: Condition '{urn:oasis:names:tc:SAML:2.0:assertion}AudienceRestriction' of type 'null' in assertion 'idxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' was not valid.: None of the audiences within Assertion 'idxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' matched the list of valid audiances

 

>  at org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.createAuthenticationException(OpenSamlAuthenticationProvider.java:694)

 

>  at org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.process(OpenSamlAuthenticationProvider.java:516)

 

>  at org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.authenticate(OpenSamlAuthenticationProvider.java:444)

 

>  at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182)

 

 

  • 2 answers
  • 4.6K views
This question is closed.
Loading
SAML2 Signing: AudienceRestriction' of type 'null' in assertion