From 5134718b2c5fab91a019cfdebe7ca9fac3ecebb8 Mon Sep 17 00:00:00 2001
From: Deepak Prabhakara <deepak@boxyhq.com>
Date: Tue, 4 Oct 2022 21:12:01 +0100
Subject: [PATCH] saml id cannot start with a number -
 http://books.xmlschemata.org/relaxng/ch19-77215.html (#77)

---
 utils/response.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/utils/response.ts b/utils/response.ts
index 4715961..bcc49cc 100644
--- a/utils/response.ts
+++ b/utils/response.ts
@@ -6,6 +6,9 @@ import saml from '@boxyhq/saml20';
 const responseXPath =
   '/*[local-name(.)="Response" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
 
+const randomId = () => {
+  return '_' + crypto.randomBytes(10).toString('hex');
+};
 const createResponseXML = async (params: {
   idpIdentityId: string;
   audience: string;
@@ -78,7 +81,7 @@ const createResponseXML = async (params: {
     'samlp:Response': {
       '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',
       '@Version': '2.0',
-      '@ID': crypto.randomBytes(10).toString('hex'),
+      '@ID': randomId(),
       '@Destination': acsUrl,
       '@InResponseTo': inResponseTo,
       '@IssueInstant': authTimestamp,
@@ -95,7 +98,7 @@ const createResponseXML = async (params: {
       'saml:Assertion': {
         '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',
         '@Version': '2.0',
-        '@ID': crypto.randomBytes(10).toString('hex'),
+        '@ID': randomId(),
         '@IssueInstant': authTimestamp,
         'saml:Issuer': {
           '#text': idpIdentityId,