No signature verification certificate found for issuer

Question

I'm trying to setup Enterprise SSO with Firebase, and am running into some issues.

As with enterprise SSO authentication flows we want to make it work as follows:

1. user puts in their email to our application
2. website recognizes the email is that of a domain with SSO setup
3. user (which is an employee at said company) is redirected to that company's SSO page. (in this case our customer is using ADFS as their server)
4. They login ther and are redirected back to our page after login
5. The redirect is handled and associates the user to the firebase entry based on the XML/SAML provided after

Currently the user is being redirected back with an error in the SAML.

The logs are relatively vague for someone who hasn't done SSO before: https://firebase.google.com/docs/auth/web/saml

Nonetheless, we've tried setting it up as follows:

---

This is our SAML config. This specific JSON is printed from the node.js SDK (for google/firebase), but it is also represented in the GUI firebase, which I can provide (the GUI just didn't provide the enableRequestSigning key).

Current Config:  SAMLConfig {
  providerId: 'saml.PROVIDER-NAME',
  rpEntityId: 'https://MYFIREBASE-APP-NAME.firebaseapp.com/__/auth/handler',
  callbackURL: 'https://MYFIREBASE-APP-NAME.firebaseapp.com/__/auth/handler',
  idpEntityId: 'http://adfs.COMPANYURL.com/adfs/services/trust',
  ssoURL: 'https://adfs.COMPANYURL.com/adfs/ls',
  enableRequestSigning: true, // This was changed to true
  x509Certificates: [
    '-----BEGIN CERTIFICATE-----CERTIFICATE PROVIDED BY OUR CUSTOMER'S IT DEPARTMENT, ALSO FOUND IN THEIR XML METADATA FILE-----END CERTIFICATE-----'
  ],
  enabled: true,
  displayName: 'COMPANY NAME'
}

On our end the SAML status just reads: <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder" /> which is an error code without any additional details of the error. however, when looking at the logs on the customer IT department side, we get MSIS0037: No signature verification certificate found for issuer

The certificate on our side represents the certificate provided in their XML file with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" added accordingly. Note we also tried using the certificate downloaded from their adfs page, however, that did not change the issue...

We weren't exactly certain what certificate they needed on the customer's side. However, we put the certificate downloaded from the firebase callback URL AKA: https://MYFIREBASE-APP-NAME.firebaseapp.com/__/auth/handler. Note we also tried using the SSL certificate from our hosting platform, AKA the one downloaded from the our own website URL without any fix...

Other:

• We're using React frontend
• Firebase is being used for auth
• Heroku & onrender have both been used for the host (both using automatic certificate management)
• Our customer is using an ADFS IDP

The attached files represent the errors & setup from the client side (https://photos.app.goo.gl/ZzRWtrmWkHFD2gHUA)

p.s. lol, I realize the redaction doesn't matter it literally says our name there