API Gateway 10.5 | Using API Gateway | Usage Scenarios | SAML SSO | How to enable SAML SSO in API Gateway? | Troubleshoot tips for SSO configuration
 
Troubleshoot tips for SSO configuration
Issue
Symptom
Solution
org.opensaml.common.SAMLException: Local entity is not the intended audience of the assertion in at least one AudienceRestriction.
The audience URL in the SAML assertion does not match with the Service provider identity in API Gateway.
Make sure the Service provider identity in API Gateway matches with the audience URL.
Note:
In case, if there is any other exception, check the sag_osgi.log at <SAGInstallDir>\profiles\IS_default\logs directory to trouble shoot.