Force Azure AD to verify the signature in the SAML request
Enable optional SAML request signature when federating with a SAML 2.0 IDP
SAML Authn request from AAD to a third party SAML 2.0 IDP are not signed. This leaves the third party IDP open to DoS attacks on their credential repository.
Thanks for the feedback.
We would like to hear why you absolutely need this option before you move to Azure AD.
Azure AD accepts a signed SAML request; however, it will not verify the signature. Azure AD has different methods to protect against malicious calls. For example, Azure AD uses the reply URLs configured in the application to validate the SAML request. Azure AD will only send a token to reply URLs configured for the application.
Michael Finney commented
This is blocking us from migrating the Oracle relying party trusts from ADFS to Azure AD. If it works in ADFS then it should work in Azure AD...if you want us to use Azure AD that is.