Hello @KhouM ,
Thanks for reaching out.
I believe this is an expected behavior, because this SHA-1 algorithm is older, and it's treated as less secure than SHA-256. If an application supports only this signing algorithm, you can select this option in the Signing Algorithm drop-down list. Azure AD then signs the SAML response with the SHA-1 algorithm.
Certificate signing algorithms: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/certificate-signing-options#certificate-signing-algorithms .
Hope this helps.
----------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.