0

I have the same problem mentioned in Question, and I have configured and added the new code, but I still get the following message in the response:

Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: 'IDX10214: Audience validation failed. Audiences: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Did not match: validationParameters.ValidAudience: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' or validationParameters.ValidAudiences: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.'

Edit: After parsing the response xml I found out that when I set issuer="xyz", the response in the Audience tag is returning spn:xyz, I do not know from where I get the prefex "spn:". I am using Azure AD as my ADFS.

Any idea how to solve this issue?

Shadib
  • 77
  • 7

1 Answers1

1

It is probably because old Microsoft SAML 2.0 code required an Issuer or Audience to be a valid URI, which is not required in the SAML 2.0 standard. From .NET Core Microsoft is aligned with the SAML 2.0 standard and accepts plain text strings.

I suppose you made it work by changing your Audience.

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25