Azure AD Single Sign On Issue - User ID is incorrect



I tried to integrate AEM with Azure AD and configure Single Sign On -



In "Adobe Granite SAML 2.0 Authentication Handler" settings, I checked "Autocreate CRX Users".

I added a user to Azure AD, and tested the user was signed in AEM,

Then it was successfully signed in and AEM user was automatically created, but userid was encrypted... 


I opened another browser, and tested same user, then another user was created in AEM.

I confirmed the SAML response data with FireFox SAML Tracer add-on, it seemed that it was normally returned,

Mail address and upn data and so on were contained with SAML format.

But I configured a logger for SAML in AEM, a following message is written in SAML log:

19.09.2018 17:30:06.797 *DEBUG* [qtp2142656484-3363] com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.

Please point me where I missed (SAML 2.0 Authentication Handler? Certification or Trusted Store? Or any other settings?)

Best regards