Hi Frank, > In my situation the audience URI and the URL(!) of the page being accessed > > are indeed different. I would expect that to be the case in most > > situations. Furthermore, why does Fediz associate the URL of the page > being > > accessed with the Audience Restriction in the SAML token? Fediz should > look > > at the configured AudienceItems in its configuration.
The logging you're seeing is just a statement that the audience restriction URI + the request URL are different. It doesn't have any implications, beyond a statement of fact. Fediz does look at the configuration to match the URI in the token. Colm. On Fri, Mar 1, 2013 at 3:26 AM, frank <[email protected]> wrote: > Hi Colm, > > I am indeed using an older version of Fediz (1.0.2). > > However, it seems strange that logging is produced that has no real > significance as far as I can deduce. > > I.e. why is this logging produced? > > Cheers, > > Frank > > On Wed, Feb 27, 2013 at 6:31 PM, Colm O hEigeartaigh > <[email protected]>wrote: > >> Hi Frank, >> >> What version of Fediz are you using? Looking at the code it appears to >> handle audience restriction correctly. If you are using an older version >> of >> Fediz, could you see if it's fixed in 1.0.3? >> >> Colm. >> >> On Wed, Feb 27, 2013 at 6:43 AM, frank <[email protected]> wrote: >> >> > Hi, >> > >> > I am observing some odd logging behaviour associated with Audience >> > URI/Restriction. >> > >> > - Fediz receives a SAML token with an Audience Restriction element. >> > - The Fediz configuration has this exact element (to b precise: it's >> > content) configured. >> > >> > The logging comes up with the following: >> > >> > *FINE: Token AudienceRestriction doesn't match with request URL >> <configured >> > audience URI> <actual URL(!) of the application being accessed>* >> > ** >> > Although this suggests that something is wrong (as far as Fediz is >> > concerned), access is provided. >> > >> > In my situation the audience URI and the URL(!) of the page being >> accessed >> > are indeed different. I would expect that to be the case in most >> > situations. Furthermore, why does Fediz associate the URL of the page >> being >> > accessed with the Audience Restriction in the SAML token? Fediz should >> look >> > at the configured AudienceItems in its configuration. >> > >> > Any clues? >> > >> > Cheers, >> > >> > Frank >> > >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
