Error 400 when using SAML based authentication with ADFS.
Verify via a SAML trace that the SAML response URL's includes the correct protocol HTTP(s) that ADFS required.
In issue was seen where the SAML trace had a response "http" eg... http://<YOUR ADFS SERVER>/adfs/services/trust. The URL that was used to register CWA included "https" httpS://<YOUR ADFS SERVER>/adfs/services/trust
The IDP metadata will include the URL that is required for the configuration
Support can verify and update the IDP registration for CWA CWP by having the customer send in their metadata from ADFS.
If the update does not work, support can remove the existing registration, create a fresh registration and share the new ACS and entry ID with the customer so they can update ADFS.
Follow the SSO integration guide for Cloud Workload Assurance: CWA IDP configuration
Broadcom KB: How to gather a SAML trace.