diff --git a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs
index 675b8e01d3..171b0a7a5f 100644
--- a/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs
+++ b/src/Microsoft.IdentityModel.Tokens.Saml/Saml2/Saml2SecurityTokenHandler.cs
@@ -646,9 +646,10 @@ protected virtual Saml2Conditions CreateConditions(SecurityTokenDescriptor token
 
             if (tokenDescriptor.Audiences.Count > 0)
             {
-                conditions.AudienceRestrictions.Add(new Saml2AudienceRestriction(tokenDescriptor.Audiences));
+                var audienceRestriction = new Saml2AudienceRestriction(tokenDescriptor.Audiences);
                 if (!string.IsNullOrEmpty(tokenDescriptor.Audience))
-                    conditions.AudienceRestrictions.Add(new Saml2AudienceRestriction(tokenDescriptor.Audience));
+                    audienceRestriction.Audiences.Add(tokenDescriptor.Audience);
+                    conditions.AudienceRestrictions.Add(audienceRestriction);
             }
             else if (!string.IsNullOrEmpty(tokenDescriptor.Audience))
                 conditions.AudienceRestrictions.Add(new Saml2AudienceRestriction(tokenDescriptor.Audience));