"Service Provider could not handle the request.: org.picketlink.common.exceptions.ProcessingException: Wrong audience" - JBoss Picketlink parsing SAML response

Solution Unverified - Updated -

Issue

When configuring JBoss EAP 7.0 with Microsoft Active Directory Federation Services (ADFS) for SAML authentication, the client receives an HTTP 500 error.

The JBoss logs report the following ERROR:

ERROR [org.picketlink.common] (default task-12) Service Provider could not handle the request.: org.picketlink.common.exceptions.ProcessingException: Wrong audience [https://server.example.org/myapp/]

Environment

  • OCP 3.7
  • JBoss EAP 7.0
  • JBoss image from RH Container Catalog - eap70 1.5-18
  • JBoss Picketlink SAML Authentication
  • Microsoft Active Directory Federation Services (ADFS)
  • JBoss configured as a SAML Service Provider (SP)

JBoss configured for SAML V2 SSO

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.