Hello,
Trying to authenticate against a PingFed server fails.
Cause of the error is explained in their KB
https://ping.force.com/Support/PingFederate/Administration/Request-or-response-rejected-with-the-log-message-String-does-not-match-pattern-for-xs-IDNEW
It seems sometimes UUID is not valid when it starts with a number
<saml2p:AuthnRequest
AssertionConsumerServiceURL="http://localhost:8088/app/welcome"
ForceAuthn="false" ID="*795bdcc6-258f-492b-a738-b11c40454ee1***"
IsPassive="false" IssueInstant="2019-03-29T10:30:25.425Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" >
Another question it seems NamedID policy is hard-coded with
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" Is there any way
to configure another valid policy like
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified ? (it seems they
would prefer that way)
Thanks,
Arnaud