WIF Error: ID1038

ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris. Audience: ‘https://localhost/{assembly name}.Site’

form this blog blog:

This means that the WIF configuration doesn’t list the return address as a valid ‘audience uri.’ In your web.config, add the desired address (the one in the message) to the list:

<microsoft.identityModel <service> <audienceUris> <add value="" /> <add value="" /> <add value="https://casestudy.cloudapp.net/" /> </audienceUris>

You can have more than one value in here, but I suppose the most secure solution for a production deployment is to limit the list to the necessary value(s).

Another solution is to turn off the check altogether:

<audienceUris mode="Never">

But wait, what about a staging deployment? We don’t know the URL until we’ve deployed, and at that point we can’t enter the value in our web.config!

Am I doing this wrong? Do the MS example and see if it works in staging with ACS and the guid address.

I went with the latter solution, as it is more versatile, and our security is
based on shared keys with the “Audience Uri’s”


About Larry Louisiana

I'm a Microsoft Partner Consultant.
This entry was posted in Programming and tagged , , . Bookmark the permalink.

One Response to WIF Error: ID1038

  1. Pingback: WIF Errors & Fixes Index | Ely Bob's space

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s