Hello @Secfense ,
Thanks for reaching out.
By tracking the details from the backend for your tenant based on the correlation ID and the timeframe of the error you have provided, I can see incorrect audience sent in the SAML token like
"aud":["https://login.microsoftonline.com/login.srf"] , but it must be
urn:federation:MicrosoftOnline. So, could you please check what value was specified in your Identity provider's identity field (aks RealmID or entityID ) in your identity provider? also would request you to validate your identity provider compatibility with Azure AD since you are using Non-Microsoft identity provider for federation with Azure AD.
Additionally, ensure that your identity provider is sending proper values in the following fields in the token
saml:Audience as shown below. Also, make sure identity provider is using the right key algorithm for signing token like RSA. Here's sample-token.xml for reference which you can use to compare non-working token. For detailed information about compatibility, see Azure AD federation compatibility list and Azure AD identity provider compatibility docs. Hope this helps.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.