Tuesday, 25 March 2014

ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris.

After installing a new environment today, I got this error in one of our services:
ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris.
I thought: that's a new one.

This was a very simple one to solve, though, it turns out that the AudienceUri needs to match the text, casing included, of the uri in the federationmetadata file, otherwise you get this error, who knew?

Relevant extract from FederationMetadata.xml file:

entityID="https://testserver.test.local/UAT/Scheduling.Service/Scheduler.svc"

Relevant extract from the web.config file:

<microsoft.identityModel>
 <service name="SchedulingService.Scheduler">
  <audienceUris>
   <add value="https://testserver.test.local/uat/Scheduling.Service/Scheduler.svc />
 </audienceUris>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
 <trustedIssuers>
 <add thumbprint="abcdef790108485dee20eeca19c8132e11abcdef"  name="http://adfs.test.local/adfs/services/trust" />
 </trustedIssuers>
 </issuerNameRegistry>
 <certificateValidation certificateValidationMode="None" />
 </service>
</microsoft.identityModel>

As you can see uat is not capitalized in the audienceUri which is enough to cause the issue.

Posted by at 01:15
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)