You can configure validation for the AudienceRestriction value in a SAML response.
For any identity provider (IdP) connection configured with multiple virtual server IDs, the AudienceRestriction value in a SAML response must match the virtual server ID information embedded in the protocol endpoint at which PingFederate receives the message.
You can disregard this validation condition on a per-connection basis.