adam

Asked: 2022-01-27 08:22:04 +0800 CST2022-01-27 08:22:04 +0800 CST 2022-01-27 08:22:04 +0800 CST

ADFS SSO error: Invalid audience for this response

My team are about to launch a new site, which authenticates users using SSO to our internal ADFS.

SSO works on our local and staging environments and now we're setting up what will be the live environment.

The site will be on a typical url (ie in the form www.example.com). While we're previewing it, it's temporarily on preview.example.com).

When attempting to login, we receive the error:

Invalid audience for this response
(expected 'https://www.example.com/login/saml2', got 'https://preview.example.com/login/saml2')

In my mind, there are three places this could occur:

In the web app (I think this is referred to as the Relying Party?)
In the ADFS configuration
Encoded in the certificates (we have idp_x509, pkey and x509)

We're pretty sure the web app is configured correctly. Our IT team think ADFS is correct (but are checking).

My question is do the certificates encode this data, such that they would need swapping out if the hostname of the relying party were to change? If so, which certificate would it likely involve?

ADFS SSO error: Invalid audience for this response

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

ADFS SSO error: Invalid audience for this response

0 Answers