SAML / WS-Federation reply messages containing a token are often encrypted and/or signed. The signning certificate is embedded in the message so the receiver can use it to verify the content of the message (assertions) hasn't been altered.
Paste in the SAML / WS-Federation message containing a X509Certificate element to extract the certificate, read the details and download.

Specifications of the SAML 2.0 can be read here: SAML 2.0
Specifications of the WS-Federation 1.2 can be read here: WS-Federation 1.2