0

I have a sample application that is trying to facilitate single sign on using SAML and I am able to authenticate the user, but when I am getting the SAML response back from Azure, I am facing the below error:

IDX10214: Audience validation failed. Audiences: 'spn:3xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'. Did not match: validationParameters.ValidAudience: '3xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'.

I have made sure that the application ID is correct. I have a simple .NET Framework 4.8 MVC application and I am using OWIN middleware(Microsoft.Owin.Security & other packages) to call Azure

HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" },WsFederationAuthenticationDefaults.AuthenticationType);

Following is my web.config

<add key="ida:ADFSMetadata" value="https://login.microsoftonline.com/6xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/federationmetadata/2007-06/federationmetadata.xml?appid=3xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" />`
<add key="ida:Wtrealm" value="3xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" />

Could you please help me pinpoint what is causing this issue? I checked the Azure logs and I am able to sign in and I'm getting the MFA token, this issue is only coming when request is being redirected to the reply URL.

1
  • To resolve this issue, you need to ensure that the audience specified in the SAML token matches the identifier of your application. You can check the identifier of your application in the Azure portal. You should also ensure that the identifier is correctly specified in your web.config file
    – Rukmini
    Commented Jun 4 at 8:51
Related questions
1
How to configure the ITfoxtec sample application "TestWebAppCore" with Azure AD as IdP
4
AzureAD Authentication: Audience validation failed. Audiences Did not match
2
Azure Mobile App Service - Custom Authentication - Valid Audiences
Load 7 more related questions Show fewer related questions

0

Reset to default