Our identity server uses identity server 3 and implements sustainsys.saml2 for SAML integration. We have made an effort to move from v1 to v2 of the SustainSys.Saml2 NuGets. With v1, we explicitly set our audience restrictions by doing:
_spOptions.SystemIdentityModelIdentityConfiguration.AudienceRestriction = new AudienceRestriction
{
AllowedAudienceUris =
{
_audience,
new Uri(_entityId),
},
};
However, in v2.9.0 the SpOptions.SystemIdentityModelIdentityConfiguration property is no longer accessible.
Is there no longer a need to set the audience restriction? Or is there a different way to set it?
I'm not seeing anything in the docs... hopefully I'm not just blindly missing it.
v2 doesn't use System.IdentityModel, but instead the more modern Microsoft.IdentityModel nuget packages. The corresponding settings are now found in SpOptions.TokenValidationParametersTemplate.
Some parameters,like the audience restriction is set after the template is copied, but you can alter the values in the Unsafe.TokenValidationParametersCreated notification. The reason it is under "Unsafe" is because setting the wrong values in the TokenValidationParameters could remove important security checks.