Review comments resolved

Author: rahul-nagraj

articles/active-directory/develop/single-sign-on-saml-protocol.md

@@ -43,7 +43,7 @@ To request a user authentication, cloud services send an `AuthnRequest` element
 
 | Parameter | Type | Description |
 | --- | --- | --- |
-| ID | Required | Azure AD uses this attribute to populate the `InResponseTo` attribute of the returned response. ID must not begin with a number, so a common strategy is to prepend a string like "id" to the string representation of a GUID. For example, `id6c1c178c166d486687be4aaf5e482730` is a valid ID. |
+| ID | Required | Azure AD uses this attribute to populate the `InResponseTo` attribute of the returned response. ID must not begin with a number, so a common strategy is to prepend a string like "ID" to the string representation of a GUID. For example, `id6c1c178c166d486687be4aaf5e482730` is a valid ID. |
 | Version | Required | This parameter should be set to **2.0**. |
 | IssueInstant | Required | This is a DateTime string with a UTC value and [round-trip format ("o")](/dotnet/standard/base-types/standard-date-and-time-format-strings). Azure AD expects a DateTime value of this type, but doesn't evaluate or use the value. |
 | AssertionConsumerServiceURL | Optional | If provided, this parameter must match the `RedirectUri` of the cloud service in Azure AD. |
@@ -217,7 +217,7 @@ To generate this digital signature, Azure AD uses the signing key in the `IDPSSO
 
 #### Subject
 
-This specifies the principal that is the subject of the statements in the assertion. It contains a `NameID` element, which represents the authenticated user. The `NameID` value is a targeted identifier that is directed only to the service provider that is the audience for the token. It is persistent - it can be revoked, but is never reassigned. It is also opaque, in that it does not reveal anything about the user and cannot be used as an identifier for attribute queries.
+This specifies the principle that is the subject of the statements in the assertion. It contains a `NameID` element, which represents the authenticated user. The `NameID` value is a targeted identifier that is directed only to the service provider that is the audience for the token. It is persistent - it can be revoked, but is never reassigned. It is also opaque, in that it does not reveal anything about the user and cannot be used as an identifier for attribute queries.
 
 The `Method` attribute of the `SubjectConfirmation` element is always set to `urn:oasis:names:tc:SAML:2.0:cm:bearer`.
 

articles/active-directory/manage-apps/howto-enforce-signed-saml-authentication.md

@@ -1,5 +1,5 @@
 --- 
-title: enforce signed SAML authentication requests 
+title: Enforce signed SAML authentication requests 
 description: Learn how to enforce signed SAML authentication requests. 
 services: active-directory 
 author: AllisonAm 
@@ -31,47 +31,47 @@ If enabled Azure Active Directory will validate the requests against the public
 
 ## To configure SAML Request Signature Verification in the Azure portal 
 
-1. Inside the Azure Portal, navigate to **Azure Active Directory** from the Search bar or Azure Services. 
-
-![Azure Active Directory inside Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation1.png) 
-
+1. Inside the Azure portal, navigate to **Azure Active Directory** from the Search bar or Azure Services. 
+    
+    ![Screenshot of Azure Active Directory inside Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation1.png) 
+    
 2. Navigate to **Enterprise applications** from the left menu.  
-
-![Enterprise Application option inside Azure Portal Navigation](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation2.png) 
-
+    
+    ![Screenshot of Enterprise Application option inside Azure Portal Navigation](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation2.png) 
+    
 3. Select the application you wish to apply the changes.  
 
 4. Navigate to **Single sign-on.**  
 
 5. In the **Single sign-on** screen, there's a new subsection called **Verification certificates** under **SAML Certificates.** 
-
-![Verification certificates under SAML Certificates on the Enterprise Application page in the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation3.png) 
-
+    
+    ![Screenshot of Verification certificates under SAML Certificates on the Enterprise Application page in the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation3.png) 
+    
 6. Click on **Edit.**  
 
 7. In the new blade, you'll be able to enable the verification of signed requests and opt-in for weak algorithm verification in case your application still uses RSA-SHA1 to sign the authentication requests.   
 
 8. To enable the verification of signed requests, click **Enable verification certificates** and upload a verification public key that matches with the private key used to sign the request. 
-
-![Enable verification certificates in Enterprise Application within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation4.png) 
-
-![Upload certificates in Enterprise Application within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation5.png) 
-
-![Certificate upload success in Enterprise Application within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation6.png) 
+    
+    ![Screenshot of enable verification certificates in Enterprise Application within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation4.png) 
+    
+    ![Screenshot of upload certificates in Enterprise Application within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation5.png) 
+    
+    ![Screenshot of certificate upload success in Enterprise Application within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation6.png) 
 
 9. Once you have your verification certificate uploaded, click **Save.** 
-
-![Certificate verification save in Enterprise Application within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation7.png) 
-
-![Certificate update success in Enterprise Application within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation8.png) 
+    
+    ![Screenshot of certificate verification save in Enterprise Application within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation7.png) 
+       
+    ![Screenshot of certificate update success in Enterprise Application within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation8.png) 
 
 10. When the verification of signed requests is enabled, the test experience is disabled as the requests requires to be signed by the service provider.  
-
-![Testing disabled warning when signed requests enabled in Enterprise Application within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation9.png) 
-
+    
+    ![Screenshot of testing disabled warning when signed requests enabled in Enterprise Application within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation9.png) 
+    
 11. If you want to see the current configuration of an enterprise application, you can navigate to the **Single Sign-on** screen and see the summary of your configuration under **SAML Certificates**. There you'll be able to see if the verification of signed requests is enabled and the count of Active and Expired verification certificates. 
-
-![Enterprise application configuration in Single Sign-on screen within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation10.png) 
+    
+    ![Screenshot of eEterprise application configuration in Single Sign-on screen within the Azure Portal](./media/howto-enforce-signed-saml-authentication/samlsignaturevalidation10.png) 
 
 ## Next steps