So, a couple of things: I'm not familiar with OneLogin, but recently did an integration with PingID fed and ran into a couple of things not documented.
1. You have to send the X.509 cert in the SAML insertion.
2. Ensure that the right encoding is used in the SAML insertion also
![Screenshot 2019-10-30 at 16.50.01.png Screenshot 2019-10-30 at 16.50.01.png](https://community.meraki.com/t5/image/serverpage/image-id/10283iB1EB21ECC002D0A1/image-size/large?v=v2&px=999)
(sorry for the heavy redaction)
If you go to Org > Administrators > SAML login history, you should be able to get the raw SAML XML