I am just referring to a forum post I found via Google here actually, so this post is more for me to easily remember what to do if I ever stumble upon this issue again.
I had created an Azure AD Enterprise Application for SAML. The person for whom I did the registration later asked if I could change the audience parameter. I had no idea there was a way to change the audience paramter, and from what I read (this link) it sounded like the parameter was set automatically:
One more link said the same:
In my case the Issuer (aka. “Identifier” or “Entity ID” on the SAML configuration page) was set to the Url so as far as I was concerned the audience parameter was set.
The requestor then mentioned she was seeing the audience as spn:
followed by a GUID (which turned out to be the ApplicationId). Googling on that got me to this forum post where I learnt that if I don’t tick the “Default” checkbox next to the Issuer Url (it seems to be ticked by default but in this particular case it wasn’t) the audience paramter is set to spn:<applicationId>
. So I ticked that box in my case and the problem was solved!