[
https://issues.apache.org/jira/browse/FEDIZ-218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16480351#comment-16480351
]
Colm O hEigeartaigh commented on FEDIZ-218:
-------------------------------------------
The SAML Profiles spec says that:
The assertion(s) containing a bearer subject confirmation MUST contain an
<AudienceRestriction> including the service provider's unique identifier as an
<Audience>.
Does Okta not conform to this?
> Support SAML Token without Audience Restriction in plugin
> ---------------------------------------------------------
>
> Key: FEDIZ-218
> URL: https://issues.apache.org/jira/browse/FEDIZ-218
> Project: CXF-Fediz
> Issue Type: Bug
> Components: Plugin
> Affects Versions: 1.4.3
> Reporter: Arnaud MERGEY
> Priority: Major
>
> FEDIZ-168 descrived Fediz only supported SAML with an audience restriction.
> It said
> _Fediz Plugin should accept SAML token without audience restrictions as valid
> (if all other security requirements are met) and the Fediz IDP should be
> configurable to request SAML token from the STS without audience
> restrictions._
> It seems it was fixed on IDP side, but not on plugin side as SAML token
> without audience restriction is not accepted.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
