Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Identified by type="Audience", this rule processes SAML 1.x and 2.0 "AudienceRestriction" conditions. The set of allowed "audience" values are normally supplied within the rule configuration or can be supplied by unspecified means (e.g., the SP will normally ensure that its own entityID is an allowable value without special setup).

This is rarely required during normal use, and usually implies a misconfiguration by one or the other party.

Child Elements

Name

Cardinality

Description

<saml:Audience> 

0 or more

Supplies additional audience values to be allowed when evaluating conditions. This replaces the deprecated mechanism of including this element directly within an <ApplicationDefaults> or <ApplicationOverride> element. Rarely required during normal use.

Anchor
example
example
Example

Code Block
languagexml
<PolicyRule type="Audience"/>>
    <saml:Audience xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://this.should.not.be.needed.com</saml:Audience>
</PolicyRule>