Error “invalid SAML Assertion 13” could mean your Cisco WebEx AuthnContextClassRef (authentication context class reference) doesn’t match your SAML assertion (ADFS response)

Windows integrated authentication (ADFS)
urn:federation:authentication:windows

Password Protected Transport (ADFS Proxy)
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

If you have both ADFS and ADFS proxy servers you can enter both authentication context classes in the WebEx Federated Web SSO Configuration AuthnContextClassRef field separated by a semicolon.

urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport