Azure AD uses this attribute to populate theInResponseToattribute of the returned response. ID must not begin with a number, so a common strategy is to prepend a string like "id" to the string representation of a GUID. For example,id6c1c178c166d486687be4aaf5e482730is a valid ID.
The SAML ID is prefixed with the hostname of the docker container. Which in my case was auto-generated starting with a number. When I consoled into my container and ran cat /etc/hostname I could see the mysterious number that was breaking my SAML auth with:
'AADSTS7500529: The value '1a480d8dd87f.4.DA3C17FD-8DE5-4E39-8F52-5EF91CD63A51' is not a valid SAML ID. The ID must not begin with a number.'