Hello @Venkatesh Naik,
Thank you for posting your query on Microsoft Q&A.
Based on your description, I understand that when you upload the metadata XML file in Entra under Enterprise Applications, the Basic SAML Configuration URLs are being updated, but the SAML certificate in Azure is not. This is expected behavior because, when you add a new application from the gallery and configure SAML-based sign-on (by selecting Single sign-on > SAML from the application overview page), Microsoft Entra ID automatically generates a self-signed certificate for the application, valid for three years. If you prefer to use your own certificate instead of the one generated by Azure, you will need to manually upload the certificate under the SAML certificates section by clicking the Edit icon (the pencil).
When you upload the application metadata XML file to Azure, only the Identifier (Entity ID), Reply URL (Assertion Consumer Service URL), Sign-on URL, Relay State, and Logout URL are uploaded if these values are present in the XML. As mentioned earlier, when creating an application from either the gallery or non-gallery, Microsoft Entra ID will automatically generate a self-signed certificate for the application that is valid for three years. The certificate which is present in Entra need to be uploaded in service provider (application) end.
Please refer to the screenshot below to upload your own certificate for your SAML application.
Manage certificates for federated single sign-on
Advanced certificate signing options in a SAML token
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Thanks,
Raja Pothuraju.