Major Description
According to the WS-Federation Standard 1.2 [1] the PassiveRequestorEndpoint at the ApplicationServiceType should be an address of the application capable of consuming the federation response (SAML token). The current implementation points to the URL of the IDP which is wrong.
[1] http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223174956
„The content of this element is an endpoint reference element as defined by [WS-Addressing] that identifies an endpoint address that supports receiving the Web (Passive) Requestor protocol messages described below in section 13.”