Signon Fails because the specified Audience is not present in AudienceUris
Solution 1
If I understand your situation, you've got a relying party (your webapp) sending to an identity provider (ADFS server), and once the relying party (your webapp) has authenticated you are redirecting the user to another app.
The error references the relying party’s config file AudienceUri section. A value is likely missing or is misspelled:
<configuration>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://**YourSiteHere**/" />
</audienceUris>
</identityConfiguration>
</system.identityModel>
</configuration>
HTH
Solution 2
Sometimes it could be because of the trailing slash "/" ... which was the problem in my case. Copied the URL from the error message and added it to the audienceUris
, and it started working fine.
user3527063
Updated on June 23, 2022Comments
-
user3527063 about 2 years
I have a webapp which does signin request/send to my ADFS server. On the return it is directed to another app url; which i configured in my IIS server. I.E. the same url is configured in ADFS server also.
This error message follows
ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris. Audience:
Here is the code. Why does it fail as such?
issuerLocation = "https://test12.login.mytest.edu/adfs/ls/"; realm = "https://domain/SSO_Test/"; this.Request.Url.AbsoluteUri.Remove(this.Request.Url.AbsoluteUri.IndexOf(this.Request.Url.Query, StringComparison.OrdinalIgnoreCase)); var contextId = Guid.NewGuid().ToString(); this.CreateContextCookie(contextId, this.Request.Url.AbsoluteUri); var message = new SignInRequestMessage(new Uri(issuerLocation), realm) { CurrentTime = DateTime.UtcNow.ToString("s", CultureInfo.InvariantCulture) + "Z", }; this.Response.Redirect(message.RequestUrl, false);
-
psaxton over 9 yearsI've been bit more than once by a trailing '/' either needing to be there or not.
-
Mohan over 6 years@caPorter, I am very new to adfs. I have setup my own adfs server, i have configured relying party trust with saml protocol. And in asp.net mvc code, I don't know, how to handle saml based authentication in callback method. for ws-fedaration based relying party I am able to parse the user information using ClaimsPrincipal.Current object but how to do for saml based protocol. Please help me.
-
Mohan over 6 yearsI want to integrate my asp.net mvc application for adfs authentication with saml based protocol. I did successfully for my own adfs server having ws-federation protocol and however I am able to read the response details using ClaimsPrincipal. But I failed when it one of my client is sending me saml based response, how to validate and filter the claims in callback method. Please help me.
-
CaPorter over 6 yearsHi @Mohan, if you've still got questions, if you'll submit your question on StackOverflow, and let me know, I'd be glad to help.
-
Mohan over 6 years@CaPorter, I have done everything for the authentication. But I am getting Null at the while converting User Object into ClaimsPrinciple. See the line as Var Claims = (User as ClaimsPrincipal).Claims. Please suggest the changes
-
ΩmegaMan almost 3 yearsTo be clear, did you add it to your local config, or the server config's?