patching 1.8.0-pl1 into 1.12.1

lib/onelogin/ruby-saml/response.rb

@@ -614,7 +614,7 @@ def validate_in_response_to
       def validate_audience
         return true if options[:skip_audience]
         return true if settings.sp_entity_id.nil? || settings.sp_entity_id.empty?
-
+        return true if settings.issuer_audience.empty? == false && audiences.include?(settings.issuer_audience)
         if audiences.empty?
           return true unless settings.security[:strict_audience_validation]
           return append_error("Invalid Audiences. The <AudienceRestriction> element contained only empty <Audience> elements. Expected audience #{settings.sp_entity_id}.")

lib/onelogin/ruby-saml/settings.rb

@@ -41,7 +41,9 @@ def initialize(overrides = {}, keep_security_attributes = false)
       attr_accessor :idp_attribute_names
       attr_accessor :idp_name_qualifier
       attr_accessor :valid_until
+
       # SP Data
+      attr_accessor :issuer_audience
       attr_writer   :sp_entity_id
       attr_accessor :assertion_consumer_service_url
       attr_reader   :assertion_consumer_service_binding