Error: "The XML is malformed" importing SAML2 metadata from 3rd party Service Provider

  • 7012757
  • 02-Jul-2013
  • 02-Jul-2013


NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Identity Server
NetIQ Access Manager 3.2 Support Pack 2 applied


Trying to build a SAML setup between the NAM Identity (IDP) server and a 3rd party SAML2 Service Provider (SP). After adding the new SP, and pasting the metadata to the metadata field, the following error appeared after clicking the next field:

The XML is malformed. cvc-datatype-valid.1.2.1: '' is not a valid value for 'NCName'.

Looking at the metadata, the URL referenced below was part of the ID in the EntityDescriptor header shown below:

<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor
<ds:SignedInfo xmlns:ds="">


The ID field within the metadata is a unique identifier for that document only. Remove any reference to the ':' or '/' character and import the metadata again.

This is a NAM defect because technically the docs do not state what characters should or should not be used in the metadata ID field. from the metadata specs:

The specs do not stipulate what it has to be 

 2.3.2 Element <EntityDescriptor>
The <EntityDescriptor> element specifies metadata for a single SAML entity. A
single entity may act
in many different roles in the support of multiple profiles. This specification
directly supports the following
concrete roles as well as the abstract <RoleDescriptor> element for
extensibility (see subsequent
sections for more details):
• SSO Identity Provider
• SSO Service Provider
• Authentication Authority
• Attribute Authority
• Policy Decision Point
• Affiliation
Its EntityDescriptorType complex type consists of the following elements and
entityID [Required]
Specifies the unique identifier of the SAML entity whose metadata is described
by the element's
ID [Optional]
A document-unique identifier for the element, typically used as a reference
point when signing.