I have downloaded the Base64 certificate from azure sso and added it to the example application service provider under azure ad configuration app settings json.
here is the SAML response:
<samlp:Response ID="_0cf0803c-3660-4fe2-96be-48c162cf9a64" Version="2.0" IssueInstant="2022-11-18T17:15:02.997Z" Destination="
https://localhost:44326/SAML/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
https://sts.windows.net/9146dd1a-609e-4748-b407-f23657ce3e60/ </Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <Assertion ID="_9563ae20-02b3-4b52-9a61-639d32138200" IssueInstant="2022-11-18T17:15:02.981Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> <Issuer>
https://sts.windows.net/9146dd1a-609e-4748-b407-f23657ce3e60/</Issuer> <Signature xmlns="
http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/> <SignatureMethod Algorithm="
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <Reference URI="#_9563ae20-02b3-4b52-9a61-639d32138200"> <Transforms> <Transform Algorithm="
http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestValue>prnCcKNUX+ LswV6cr1ibKgoWDJzmgzIVC2VbsBKkYYA= </DigestValue> </Reference> </SignedInfo> <SignatureValue>Au7eym35RkG23eK4XyY6bgnaPNhCX6ehZb2WOoo0+H+rUI9Yb/lFavV8KeRj9xN48m7nDVztEWFJlaOKadVus2ROA9jQOgfLuAS43iWTFcXsxEpVdOl+cHgH1QqFyueJqQZsaEpfIhbOPQyxJdchdddz7ZaL2W3hQzSpMn4JZ9pdHytJYXLinkBEgv9BNLrwrz27Y4lY43Jnw/w5R4g44jxkfbujKVKHS70B3R0ouiKlfoY1MRwULoe1+hcI75CJa3xmRfDSn/q9hYqS8ELohSSktGjfjmALVCneNAya0ppwcr3twWXSOx+QH8J775tf8xY2ZDXHUhoEGpcbX/ flRg== </SignatureValue> <KeyInfo> <X509Data> <X509Certificate>MIIC/jCCAeagAwIBAgIQCGehfcnv6r5My/fnrbfDejANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwp3d3cuc3AuY29tMB4XDTEzMTEyMjA4MjMyMVoXDTQ5MTIzMTE0MDAwMFowFTETMBEGA1UEAxMKd3d3LnNwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPm/ew9jaGWpQS1C7KtpvgzV4nSOIFPgRt/nlRYR+pUWdDEfSKmyjK28nkQ1KKujRJTnvnmZydmUrmEFpVv+giBiUkvCJY3PxZ/EDSsF3R/OzWhkUv5nfAXPnqkX9x22b6+vUof6WiLGyAW6lOYMCVADjTSl9pSaUtIaANdx9maERcT9eQbGSnjim0WurFRYs9ZE8ttErrMH9+Su4246YDqOPAkz6La4cHHMPQdcFQT5p/cuXBfU1vl1tWdBEgAY3xHYZE8u5TTJ/vp9UxyU1MwfeO2g9VDRcokLQHrj6wFxtvufA+WtUKYJGUu2p/qSuaw7eS6UFjUn49aVqg9OacCAwEAAaNKMEgwRgYDVR0BBD8wPYAQ1/S0ibdvfdFkJ9T9oIPluKEXMBUxEzARBgNVBAMTCnd3dy5zcC5jb22CEAhnoX3J7+q+TMv35623w3owDQYJKoZIhvcNAQELBQADggEBAAHlmVoAZUt6paeFvtQbc/iaJe/Fhd+JG1U0jyjlFDcCn8erLihEbhb3mFBBMF25oO67gfA1JJXZrmHry3NlOZuovqRqm8v7wg8n0nQa1HUWkUC2TBgfg1HE8/2rmSF2PngiEi18VOxRDxx0WXMNZX6JebJ1kCOCpT/x7aupS7T1GrIPmDLxjnC9Bet7pRynfomjP/6iU21/xOIF6xB9Yf1a/kQbYdAVt2haYKIfvaF3xsq1X5tCXc9ijhBMgyaoqA+bQJD/l3S8+yCmMxEYZjAVLEkyGlU4Uwo01cKEYbXIG/YVq+4CaIRxIfMvV+j8gzTLHTXI+ pHEMfMhyYa0pzM= </X509Certificate> </X509Data> </KeyInfo> </Signature> <Subject> <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">sidatp1262_outlook.com#EXT#@sidatp1262outlook.onmicrosoft.com </NameID> <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <SubjectConfirmationData NotOnOrAfter="2022-11-18T18:15:02.528Z" Recipient="
https://localhost:44326/SAML/AssertionConsumerService"/> </SubjectConfirmation> </Subject> <Conditions NotBefore="2022-11-18T17:10:02.528Z" NotOnOrAfter="2022-11-18T18:15:02.528Z"> <AudienceRestriction> <Audience>
https://ExampleServiceProvider</Audience> </AudienceRestriction> </Conditions> <AttributeStatement> <Attribute Name="
http://schemas.microsoft.com/identity/claims/tenantid"> <AttributeValue>9146dd1a-609e-4748-b407-f23657ce3e60</AttributeValue> </Attribute> <Attribute Name="
http://schemas.microsoft.com/identity/claims/objectidentifier"> <AttributeValue>6abd57c9-cc0a-40f2-805d-7242b448fd8b</AttributeValue> </Attribute> <Attribute Name="
http://schemas.microsoft.com/identity/claims/displayname"> <AttributeValue>Sid p</AttributeValue> </Attribute> <Attribute Name="
http://schemas.microsoft.com/identity/claims/identityprovider"> <AttributeValue>live.com</AttributeValue> </Attribute> <Attribute Name="
http://schemas.microsoft.com/claims/authnmethodsreferences"> <AttributeValue>
http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue> <AttributeValue>
http://schemas.microsoft.com/claims/multipleauthn</AttributeValue> <AttributeValue>
http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/unspecified</AttributeValue> </Attribute> <Attribute Name="
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"> <AttributeValue>Sid</AttributeValue> </Attribute> <Attribute Name="
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"> <AttributeValue>p</AttributeValue> </Attribute> <Attribute Name="
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"> <AttributeValue>
[email protected]</AttributeValue> </Attribute> <Attribute Name="
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"> <AttributeValue>sidatp1262_outlook.com#EXT#@sidatp1262outlook.onmicrosoft.com</AttributeValue> </Attribute> </AttributeStatement> <AuthnStatement AuthnInstant="2022-11-15T17:23:00.196Z" SessionIndex="_9563ae20-02b3-4b52-9a61-639d32138200"> <AuthnContext> <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef> </AuthnContext> </AuthnStatement> </Assertion></samlp:Response>