Debugging SAML with Open Distro

I am trying to use SAML as auth domain for opendistro 1.1.0 on ELK 7.1.1. I have followed the procedure as mentioned on opendistro website and i think i am very close to make it working. There is still error i am getting when i try to login to kibana using SAML SSO.

I have enabled debug logs for saml so i can see the handshake with the responses in the logs. I see that it is able to identify me and return roles=[All AD groups i am part of] but then i get final SAML response status as
StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Responder”
and then i see it retries 6 times before giving up. Everytime i see JWT token which then gets decoded to something in this format: {“nbf”:1566330778,“exp”:1566334378,“sub”:“domain\myntid”,“saml_nif”:“u”,“saml_si”:"_7cfe7e99…6b8e1e6d678f",“roles”:[“grp1”,“grp2”…“grpn”]}

For security reasons i have replaced real values of AD groups, my ntid and domain.

Can anyone suggest a solution here or what i may be doing wrong? My security config is as shown below:

meta:
type: “config”
config_version: 2

config:
dynamic:
authc:
basic_internal_auth_domain:
description: “Authenticate via HTTP Basic against internal users database”
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: internal
saml_auth_domain:
description: “SAML Authentication”
http_enabled: true
order: 1
http_authenticator:
type: saml
challenge: true
config:
idp:
metadata_url: ‘https://xxxxxxxx.domain.com/FederationMetadata/2007-06/FederationMetadata.xml
entity_id: http://xxxxxxxx.domain.com/adfs/services/trust
enable_ssl: false
sp:
entity_id: kibana-saml
forceAuthn: true
kibana_url:
roles_key: ‘Roles’
exchange_key: ‘ahlh1231423fjsgha…SNSJGHNSKHSsaadfdsfsgs’
authentication_backend:
type: noop

authz:
  Everything disabled here.....

@nbp Indentation for yaml is every important so please make sure the yml is indented correctly. It would be very helpful to debug if you could provide the relevant parts of kibana.yml, elasticsearch.yml and securityconfig/config.yml