...
- It suggests you change AuthnRequestsSigned and WantAsssertionsSigned from true to false
- It suggests you remove the NameIDFormat's NameIDFormats that it doesn't support, and add the one that it does.
- It provides a signing key which only has 1024-bits, but never signs an AuthnRequest so KeyInfo is not required.
...