Hi, I'm using CXF 3.1.3 with JMS transport and SAML. For all incoming messages SAML audience restriction check fails on provider side.
In my case SAML assertion contains only one audience restriction string, the JMS URI of the endpoint, like this one: jms:jndi:dynamicQueues/example.queue?jndiInitialContextFactory=org.apache.activemq.jndi.ActiveMQInitialContextFactory&jndiConnectionFactoryName=ConnectionFactory&jndiURL=tcp://localhost:61616 The thing is that in case when JMS transport is used, CXF provides to wss4j only service QName in the list of audience restrictions. In case of HTTP transport it provides both service QName and the endpoint URL. Is it an expected behaviour? And if it is, what is the supposed way of handling the situation above? -- View this message in context: http://cxf.547215.n5.nabble.com/Using-JMS-URI-as-a-SAML-audience-restriction-tp5762392.html Sent from the cxf-user mailing list archive at Nabble.com.
