...
The user's certificate is defined to be included in a SubjectConfirmation of SAML Assertion or OpenID Connect id_token by defining the Subject element's KeyInfoConfirmationData attribute as true. User's certificate is used by SSO to write the audit log entry “certificate received”.
...