SAML has the "audience" tag as shown in the below example:
<saml:AudienceRestriction> <saml:Audience>https://sp.example.com/SAML2</saml:Audience> </saml:AudienceRestriction>
Can someone explain what is the use of this tag? And how can we validate this tag in Apigee ?
Dear @AMAR DEVEGOWDA ,
See similar question answered here in Security Stack Exchange. A blog article related to same that has good explanation.
Cheers,
Anil Sagar
Thanks for sharing the links.
Adding to Anil's answer,
In simple terms - it basically identifies the audience [Service providers] to whom this assertion is intended for.
Typically, you will identify your service in your identity provider by a name [for eg, https://sp.example.com/SAML2], IDP can add audience element with this identifier. So in this case, if you are validating at Apigee - you would, typically, have an id associated for Apigee [lets say http://sp.apigee.net/saml], you can check if your ID is present in the Audience element.
Pls refer http://apigee.com/docs/api-services/reference/saml-assertion-policy on SAML validation
This policy does not validate the Audience, so you can extract the Audience using XPath and check for the validity of the same.
Thanks for answering both the questions. I will try to use XPath to validate the audience tag.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |