Validate audience with entityIssuer if present, use redirectURI otherwise

2017-04-06 14:04:20 -07:00
parent 40f0265ab4
commit 47897f73fa
2 changed files with 8 additions and 2 deletions
--- a/Documentation/saml-connector.md
+++ b/Documentation/saml-connector.md
@@ -40,6 +40,8 @@ connectors:
    # insecureSkipSignatureValidation: true

    # Optional: Issuer value for AuthnRequest
+    # Must be contained within the "AudienceRestriction" attribute in all responses
+    # If not set, redirectURI will be used for audience validation
    entityIssuer: https://dex.example.com/callback

    # Optional: Issuer value for SAML Response