Thanks for the log.
This is a known issue in the .NET framework’s System.Security.Cryptography.Xml.SignedXml class. It’s been reported to Microsoft but there isn’t a fix yet. https://github.com/dotnet/corefx/issues/41668
The issue is related to “ ” carriage return entity references that are included by some Java implementations.
The best option is to ignore the SAML message signature and only verify the SAML assertion signature. This doesn’t present any security issues.
You could ask the identity provider to sign the SAML assertion only.
Alternatively, change the PartnerIdentityProviderConfiguration to: