SAML fingerprint mismatch with Azure AD

Hey Guys I seem to have same problem.
I’m using this module via gitlab and I’m trying to authenticate via SAML to Azure AD

And gitlab still says Fingerprint mismatch, however after decoding answer from Azure
Could you please help me to debug it?
I already addressed this issue on Github because I’m not sure if this is gitlab bug or bug in gem

thanks for your help

<?xml version="1.0" encoding="UTF-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_c0aae85a-4d5a-4a65-a76f-fb1131334472" Version="2.0" IssueInstant="2017-10-30T16:38:17.354Z" Destination="http://gitlab.localhost/users/auth/saml/callback" InResponseTo="_1f34e0ba-1af4-47a6-b1cd-bd2d5fee12ca">
   <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/TENANTID/</Issuer>
   <samlp:Status>
      <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
   </samlp:Status>
   <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_b10005ce-ebcd-4df5-92d4-f209e9e96de1" IssueInstant="2017-10-30T16:38:17.338Z" Version="2.0">
      <Issuer>https://sts.windows.net/tenantID/</Issuer>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
         <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
            <Reference URI="#_b10005ce-ebcd-value">
               <Transforms>
                  <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                  <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
               </Transforms>
               <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
               <DigestValue>HpiUuZARXcbb/pw+DigestValue=</DigestValue>
            </Reference>
         </SignedInfo>
         <SignatureValue>Z4NKQtDsOee24wYBA6uWhvIs6xxHa8b SIGNATURE</SignatureValue>
         <KeyInfo>
            <X509Data>
               <X509Certificate>MIIDBTCCAe2gAwIB CERTIFICATE</X509Certificate>
            </X509Data>
         </KeyInfo>
      </Signature>
      <Subject>
         <NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">qPDMo2bppJqmqnFOK1kui6bB7uttrDsZ-VALUE</NameID>
         <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <SubjectConfirmationData InResponseTo="_1f34e0ba-1af4-47a6-b1cd-bd2d5VALUE" NotOnOrAfter="2017-10-30T16:43:17.338Z" Recipient="http://gitlab.localhost/users/auth/saml/callback" />
         </SubjectConfirmation>
      </Subject>
      <Conditions NotBefore="2017-10-30T16:33:17.323Z" NotOnOrAfter="2017-10-30T17:33:17.323Z">
         <AudienceRestriction>
            <Audience>https://gitlab.localhost</Audience>
         </AudienceRestriction>
      </Conditions>
      <AttributeStatement>
         <Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid">
            <AttributeValue>b5c21891-value</AttributeValue>
         </Attribute>
         <Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier">
            <AttributeValue>47b622c2-value</AttributeValue>
         </Attribute>
         <Attribute Name="http://schemas.microsoft.com/identity/claims/displayname">
            <AttributeValue>2 2</AttributeValue>
         </Attribute>
         <Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider">
            <AttributeValue>https://sts.windows.net/tenantID/</AttributeValue>
         </Attribute>
         <Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferences">
       <AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue>
         </Attribute>
         <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
            <AttributeValue>2</AttributeValue>
         </Attribute>
         <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
            <AttributeValue>2</AttributeValue>
         </Attribute>
         <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
            <AttributeValue>testuser2@payconiq.com</AttributeValue>
         </Attribute>
      </AttributeStatement>
      <AuthnStatement AuthnInstant="2017-10-30T16:01:23.096Z" SessionIndex="_b10005ce-ebcd-4df5-92d4-f209eVALUE">
         <AuthnContext>
            <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
         </AuthnContext>
      </AuthnStatement>
   </Assertion>
</samlp:Response>