CA API Management: Audience Restriction Check Failed

Document ID : KB000103982
Last Modified Date : 27/07/2018
Show Technical Document Details
When using the OAuth SAML grant you may receive the below error when exchanging the SAML assertion for an access token:

20180629 16:58:02.044 WARNING 6104 SAML token validation errors: SAML Constraint Error: Audience Restriction Check Failed received [Layer7] expected one of [https://GatewayHostName]

Where Layer7 will be your SAML audience defined in the assertion.
The gateway is setup to validate SAML assertions it has generated.  If the audience does not match the Gateway URL as returned by ${} the validation will fail.

Please make sure you are using a valid SAML assertion with a properly defined audience.