saml2 bearer oAuth : audience verification failed

0
votes

I try to implement a SSO mechanism with SAM2 bearer oAuth over WSO2.
1. User call WebAPP1
2. WebAPP1 (SP) redirect the user on the IDP login Page (OpenAM)
3. WebAPP1 (SP) call oAuth server (WSO2 IS or AM) with SAML2 to get oAuth token

At this step WSO2 IS (or AM) fails with the error : "SAML assertion audience verification failed".
I don't understand why because the audience value set in my SAML2 sent to oAuth server is the same as defined in the "Trusted Identity Provider" on IS or AM.

I don't understand why ... please help me !

Nicolas

1
oauthwso2saml-2.0wso2is

1 Answers

0
votes

I guess SAML assertion may not contain the all audience urls. In Trusted IDP UI, you can configure identity provider audiences. If you have defined them, those urls must be in the assertion. Also.. value that is defined by "OAuth2 Token Endpoint Name:" must be also as an audience url in assertion.