Running AdminUI, for the sake of configuring the D-Sig Info of a SAML 2.0 Authentication Scheme, why the certificate is needed, if the Root (CA) and Intermediate certificate are already present in the Certificate Data Store (CDS)?

Having the certificate itself in the CDS, means that "this is the certificate to use", and having the 3, including the Root (CA) and intermediaries in the CDS, means that the certificate "is trusted".

This is a security feature.

This is to ensure that the assertion with its signature come from the expected IdP.

Some people relate the same question over the internet, about security concerns of being able to only retrieve the certificate from the Assertion itself (1).

The presence of the 3 certificates in the Certificates Store means that the SP side, "trusts" the certificate used to sign (2).

1. How do I ensure a SAML Assertion's Identity Provider with an embedded X509 Certificate is Legitimate?
      
2. SAML 2.0 Signing Settings