I got it working, what a mission.
I changed to not point to cert but add it in the .env.local file:
SAML_IDP_X509CERT=‘MIC…’
I also changed the following:
SAML_USERNAME_ATTRIBUTE=‘http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress’
SAML_USE_ATTRIBUTE_FRIENDLY_NAME=false
I am going to continue to test to see if possible to point to a certificate file rather than add the cert in the .env.local. Also for the cert there should be no line breaks that you would see when opening the cert in notepad.