Skip to main content

SAML Error- error: String:'' does not match pattern for [xs:ID]

Use Case

For an integration with another SAML compatible solution, the SecureAuth appliance is a SAML provider with the other party as the SAML consumer. User login attempts may not always be successful and therefore sometimes fails with this error:


SAML Error -error: String:" does not match pattern for [xs:ID]


The reason for this issue is that some of the third party SAML solutions do not accept the assertion(s) IDs (xs:ID) that start with a coefficient or integer. This is a restriction that applies only to first character of the string, specifically specifying the first character of the string must be a letter or "_" only.


SecureAuth can always force the assertion string to begin with an alpha character (e.g.: A). Two SecureAuth custom code files can be placed in the "D:\SecureAuth\SecureAuthX\Customized" directory.

  • SAML20IdPInit.aspx (applicable to all versions)

There are two corresponding configuration changes that need to be put in place via the SecureAuth WebAdmin PostAuth tab. The Authenticated User Redirect field should be set to Use Custom Redirect from the dropdown selection and the Redirect To field should point to Customized/SAML20ldp.aspx