Shibboleth Developers

["Scott Cantor" <>]

> In my case the entityID has to be the same in all the SPs, and I have to
> use a <saml:Audience> element to match the uri I specified when I've
> registered the application to the central service.

I don't understand why the entityID has to be the same, and it in fact
should not be, or you're going to be on your own making things work.

Using the Audience element override is like a red flag saying "do not do
this". It's really just there for dealing with broken products (of which
very old versions of Shibboleth are one example).

> If I try to put a <saml:Audience> element within an Applications element
> I got this error:
> 
> error on line 262, column 17, message: Element 'Audience' is not valid
> for content model:
>
'((Sessions,Errors,DefaultRelyingParty,Notify,Audience,MetadataProvider,Trus
>
tEngine,AttributeExtractor,AttributeResolver,AttributeFilter,CredentialResol
> ver),Application)'
> 
> that is strange because in the shibboleth-2.0-native-sp-config.xsd I see
> that I can put the element within an Applications o Application element.

Yes, if you put it in the right order/sequence. You're probably trying to
put it out of order.

-- Scott