Audience Rule
Identified by type="Audience"
, this rule processes SAML 1.x and 2.0 "AudienceRestriction" conditions. The set of allowed "audience" values are normally supplied within the rule configuration or can be supplied by unspecified means (e.g., the SP will normally ensure that its own entityID is an allowable value without special setup).
This is rarely required during normal use, and usually implies a misconfiguration by one or the other party.
Child Elements
Name | Cardinality | Description | |
---|---|---|---|
<saml:Audience>Â | 0 or more | Supplies additional audience values to be allowed when evaluating conditions. This replaces the deprecated mechanism of including this element directly within an <ApplicationDefaults> or <ApplicationOverride> element. |
Example
<PolicyRule type="Audience">
<saml:Audience xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://this.should.not.be.needed.com</saml:Audience>
</PolicyRule>
Â