I have the same problem mentioned in Question, and I have configured and added the new code, but I still get the following message in the response:
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: 'IDX10214: Audience validation failed. Audiences: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Did not match: validationParameters.ValidAudience: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' or validationParameters.ValidAudiences: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.'
Edit: After parsing the response xml I found out that when I set issuer="xyz", the response in the Audience tag is returning spn:xyz, I do not know from where I get the prefex "spn:". I am using Azure AD as my ADFS.
Any idea how to solve this issue?
It is probably because old Microsoft SAML 2.0 code required an Issuer or Audience to be a valid URI, which is not required in the SAML 2.0 standard. From .NET Core Microsoft is aligned with the SAML 2.0 standard and accepts plain text strings.
I suppose you made it work by changing your Audience.