Azure Single Sign On with SAML - IDX10214: Audience validation failed issue

Question

Hello,

I have a sample application that is trying to facilitate single sign on using SAML and I am able to authenticate the user, but when I am getting the SAML response back from Azure, I am facing the below error:

IDX10214: Audience validation failed. Audiences: 'spn:3xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'. Did not match: validationParameters.ValidAudience: '3xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'.

I have made sure that the application ID is correct. I have a simple .NET Framework 4.8 MVC application and I am using OWIN middleware(Microsoft.Owin.Security & other packages) to call Azure

HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/" },

WsFederationAuthenticationDefaults.AuthenticationType);

Following is my web.config

``

Could you please help me pinpoint what is causing this issue? I checked the Azure logs and I am able to sign in and I'm getting the MFA token, this issue is only coming when request is being redirected to the reply URL.

Answer

Hi @CHIRAG KALIA

Thank you for posting this in Microsoft Q&A.

I understand you are facing an issue with Azure Single Sign-On using SAML. Specifically, you are receiving an error message with the code IDX10214: Audience validation failed.

Can you please check audience and issuer values?

The Issuer value, the Audience value must exactly match one of the service principal names that represents the cloud service in Microsoft Entra ID. However, if the value of the Issuer element is not a URI value, the Audience value in the response is the Issuer value prefixed with spn:.

please refer this article: https://learn.microsoft.com/en-us/entra/identity-platform/single-sign-on-saml-protocol#audience

Hope this helps. Do let us know if you any further queries.

Thanks,

Navya.

Share via

Azure Single Sign On with SAML - IDX10214: Audience validation failed issue

1 answer