We are currently implementing a client to consume an external SOAP service which provides a SAML assertion in the response. The external service controls both the SP and IDP thus our client receives a single response with the data from the original request and a SAML assertion for use in subsequent requests.
Currently the checkAudienceRestrictions is failing on the response. We aware of the post recommending an override of the SamlAssertionValidator class's checkConditions method (http://cxf.547215.n5.nabble.com/CXF-Support-in-quot-Audience-Restriction-quot-of-SAML-2-td5742313.html) but are not certain this is the best approach for this problem. We have two goals. 1. Extract the audience being used by CXF to validate the audiences in the response. 2. Overwrite the default or, add to the CXF audience list the audience we expect from the SP. >From Colm's blog post (New SAML validation changes in Apache WSS4J and CXF) we understand the ability to supply audience restrictions was implemented in previous versions. Is this the better way to go about this and if so, how is a list of audience restrictions supplied? We are using AdoptOpenJDK 11 (LTS) and Apache CXF 3.3.4. Thanks, Rob ----- Regards, RobCodes -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
