diff --git a/api/api-iam/iam-external/src/main/java/fr/gouv/vitamui/iam/external/server/rest/IdentityProviderExternalController.java b/api/api-iam/iam-external/src/main/java/fr/gouv/vitamui/iam/external/server/rest/IdentityProviderExternalController.java
index 3b140b4d73d..1e056b2dbe3 100644
--- a/api/api-iam/iam-external/src/main/java/fr/gouv/vitamui/iam/external/server/rest/IdentityProviderExternalController.java
+++ b/api/api-iam/iam-external/src/main/java/fr/gouv/vitamui/iam/external/server/rest/IdentityProviderExternalController.java
@@ -124,6 +124,9 @@ public ResponseEntity<Void> checkExist(final String criteria) {
         throw new UnsupportedOperationException("checkExist not implemented");
     }
 
+    /**
+     * In this method, exceptionally, we disable content sanitization because we are dealing with SAML-type providers whose XML configuration file might contain HTML content.
+     */
     @Override
     @PostMapping
     @Secured(ServicesData.ROLE_CREATE_PROVIDERS)
@@ -139,6 +142,9 @@ public IdentityProviderDto update(final @PathVariable("id") String id, final @Va
         throw new UnsupportedOperationException("update not implemented");
     }
 
+    /**
+     * In this method, exceptionally, we disable content sanitization because we are dealing with SAML-type providers whose XML configuration file might contain HTML content.
+     */
     @Override
     @PatchMapping(CommonConstants.PATH_ID)
     @Secured(ServicesData.ROLE_UPDATE_PROVIDERS)
diff --git a/api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/rest/IdentityProviderInternalController.java b/api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/rest/IdentityProviderInternalController.java
index bde826061c3..5aa44a76b94 100644
--- a/api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/rest/IdentityProviderInternalController.java
+++ b/api/api-iam/iam-internal/src/main/java/fr/gouv/vitamui/iam/internal/server/rest/IdentityProviderInternalController.java
@@ -134,7 +134,7 @@ public ResponseEntity<Void> checkExist(final String criteria) {
     }
 
     /**
-     * {@inheritDoc}
+     * In this method, exceptionally, we disable content sanitization because we are dealing with SAML-type providers whose XML configuration file might contain HTML content.
      */
     @Override
     @PostMapping
@@ -154,7 +154,7 @@ public IdentityProviderDto update(final @PathVariable("id") String id,
     }
 
     /**
-     * {@inheritDoc}
+     * In this method, exceptionally, we disable content sanitization because we are dealing with SAML-type providers whose XML configuration file might contain HTML content.
      */
     @Override
     @PatchMapping(CommonConstants.PATH_ID)
@@ -164,7 +164,6 @@ public IdentityProviderDto patch(final @PathVariable("id") String id,
         LOGGER.debug("Patch {}", id, partialDto);
         ParameterChecker.checkParameter("The Identifier is a mandatory parameter: ", id);
         SanityChecker.checkSecureParameter(id);
-        SanityChecker.sanitizeCriteria(partialDto);
         Assert.isTrue(StringUtils.equals(id, (String) partialDto.get("id")),
             "The DTO identifier must match the path identifier for update.");
         return internalIdentityProviderService.patch(partialDto);