Hi Frank, What version of Fediz are you using? Looking at the code it appears to handle audience restriction correctly. If you are using an older version of Fediz, could you see if it's fixed in 1.0.3?
Colm. On Wed, Feb 27, 2013 at 6:43 AM, frank <[email protected]> wrote: > Hi, > > I am observing some odd logging behaviour associated with Audience > URI/Restriction. > > - Fediz receives a SAML token with an Audience Restriction element. > - The Fediz configuration has this exact element (to b precise: it's > content) configured. > > The logging comes up with the following: > > *FINE: Token AudienceRestriction doesn't match with request URL <configured > audience URI> <actual URL(!) of the application being accessed>* > ** > Although this suggests that something is wrong (as far as Fediz is > concerned), access is provided. > > In my situation the audience URI and the URL(!) of the page being accessed > are indeed different. I would expect that to be the case in most > situations. Furthermore, why does Fediz associate the URL of the page being > accessed with the Audience Restriction in the SAML token? Fediz should look > at the configured AudienceItems in its configuration. > > Any clues? > > Cheers, > > Frank > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
