Beware that when using SAML 2.0, AD-FS (coming with Windows Server 2012 R2 in my case) when used as IDP will not be able to handle the Scoping attribute in the SAMLAuthenticationRequest. You will need to have a ServiceProviderAdapter to strip the scoping attribute from the request before it is sent to the AD-FS IDP.
This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.