What might I be doing wrong here? My test webex account and my learning management system are both configured to use the same IdP. I set up an SP to get the same attributes as those that the IdP sends to webex. I configured the IdP to include the webex entityID in the AudienceRestriction part of the assertion.
After authenticating in my learning management system, I get the assertion (starting with <saml2:Assertion...) and base64 encode it. I then send that base64 encoded assertion to the webex in an AuthenticateUser call using the API test form. I do that before the assertion expires.
Despite numerous attempts with minor adjustments, nothing works. I always get "<serv:exceptionID>AS0062</serv:exceptionID><serv:reason>Validate assertion failed</serv:reason>". Shouldn't these steps work? Am I supposed to use a different assertion?