Closed SeminDM closed 3 years ago
Like the Issuer value, the Audience value must exactly match one of the service principal names that represents the cloud service in Azure AD. However, if the value of the Issuer element is not a URI value, the Audience value in the response is the Issuer value prefixed with spn:
Hello! I want to use WS-Federation for authentication by Azure AD.
I have this code is Startup.cs
This code works correctly for auth by ADFS, but in case of Azure AD I have this error:
IDX10214: Audience validation failed. Audiences: 'spn:2c855e3f-...a17'. Did not match: validationParameters.ValidAudience: '2c855e3f-...a17' or validationParameters.ValidAudiences: 'null'.
I guess problem is in "spn:" preffix before audience in the SAML token. Why "spn:" is added to the audience value?Thank you!