---
title: Disable Audience Claim Validation
description: The claims to validate in the ID token containing the end user's session:
component: web-agents
version: 2025.11
page_id: web-agents:properties-reference:com.forgerock.agents.jwt.aud.disable
canonical_url: https://docs.pingidentity.com/web-agents/2025.11/properties-reference/com.forgerock.agents.jwt.aud.disable.html
---

# Disable Audience Claim Validation

The claims to validate in the ID token containing the end user's session:

* `0`: Validate the `aud` and `nonce` claim.

* `1`: Validate the `nonce` claim; don't validate the `aud` claim.

During an authentication request, AM creates an ID token that contains, among others, the end user's session, and the `aud` claim. The `aud` claim is set to the agent profile of the agent that made the request. When AM returns the ID token to the end user's user-agent, it appends a `nonce` parameter to the request, which is a one-time-usable random string that is understood by both AM and the agent that made the authentication request.

When the agent receives a request to access a protected resource, the agent checks that the audience (the `aud` claim) of the ID token and the value of the `nonce` are appropriate. For example, it checks that the value of the `aud` claim is the name of its own agent profile.

In environments where several agents protect the same application, this validation poses a problem; even if the ID token is valid and contains a valid session, an agent cannot validate a ID token created for a different agent because the audience would not match. Therefore, the agent redirects the end user to authenticate again.

|   |                                                                                          |
| - | ---------------------------------------------------------------------------------------- |
|   | For security reasons, agents should validate as many claims in the ID token as possible. |

Default: `0`

|                    |                                                                      |
| ------------------ | -------------------------------------------------------------------- |
| Property name      | `com.forgerock.agents.jwt.aud.disable`   Introduced in Web Agent 5.7 |
| Function           | Profile                                                              |
| Type               | Integer                                                              |
| Bootstrap property | No                                                                   |
| Required property  | No                                                                   |
| Restart required   | No                                                                   |
| AM console         | Tab: `Global`Title: `Disable Audience Claim Validation`              |