Problems in implementing SAML2-single-sign-on Netweaver Gateway 7.4 with IdP = AzureAD

Our mobile Backend-environment includes SAP Netweaver Gateway 7.4 and SAP Web Dispatcher.

Through Web Dispatcher our Gateway is reachable from internet.

For several reasons we want to use SAML2 with identity provider „Microsoft AZURE Active Directory“ for single-sign-on Authentication.

We found some documents for implementing SAML2 on Netweaver Gateway.

Configuration is almost finished, but now are facing communication-issues between SAP and Microsoft

and single-sign-on is still not working:

Configuring SAML2 includes to specify NameID-Format on both sides. Because we want to use SAP Username to single-sign-on,

as identity federation "Unspecified" and changed its authentication-context to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.

a Request on Gateway-SICF-Node is already redirected to our Identity Provider https://login.microsoftonline.com...)
after success on Login with AD-Credentials we are facing two different problems, regarding on configuration in one specific point:
- in case we deactivate the Authentication-context NameIDFormat
  -> after Login User is redirected to Fiori-Launchpad-App on Gateway, but there it is asked for SAP-Loginname/Password ->not what we want
- in case we activate the Authentication-context NameIDFormat
  -> after Login Microsoft shows following error message and user is not redirected to Gateway:
  AADSTS50130: The claim value(s)
  ',urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' cannot be interpreted as known auth method(s).
  - Although this urn is specified by Microsoft itself
    https://msdn.microsoft.com/en-us/library/azure/dn195589.aspx

So, who has experience with this setup (Gateway <> AzureAD) and has a hint for me in solving this issue?

Thank you very much!

Another question: would it be possible to use email-adress as assertion attribute too?