[ https://issues.apache.org/jira/browse/FEDIZ-218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16480407#comment-16480407 ]
Arnaud MERGEY commented on FEDIZ-218: ------------------------------------- Okta is conforming to this, I experienced an issue this with samling tool (a simple serverless SAML tool). I already raised issues on it, for some part of specifications not conform, in the response token the tool was sending, I missed this one, sorry if my bug is not valid > Support SAML Token without Audience Restriction in plugin > --------------------------------------------------------- > > Key: FEDIZ-218 > URL: https://issues.apache.org/jira/browse/FEDIZ-218 > Project: CXF-Fediz > Issue Type: Bug > Components: Plugin > Affects Versions: 1.4.3 > Reporter: Arnaud MERGEY > Priority: Major > > FEDIZ-168 descrived Fediz only supported SAML with an audience restriction. > It said > _Fediz Plugin should accept SAML token without audience restrictions as valid > (if all other security requirements are met) and the Fediz IDP should be > configurable to request SAML token from the STS without audience > restrictions._ > It seems it was fixed on IDP side, but not on plugin side as SAML token > without audience restriction is not accepted. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)