Symptom
One of our users is unable to log on using SAML authentication. Their screen bounces between the login screen and the SAML auth screen in a loop.
Our SAML team took a look at the logs, and see that the SAML response seems to be as expected.
Resolution
Obtain SAML response with the results of them doing SQL query 'SELECT * from externaluserinfo3'
Compare SAML response with results from SQL. Typically, if a name change occurred, there may be a mismatch between the SAML response and the SQL query, for example:
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">XXXXXX</saml:NameID>
compare with column D (NameID) of the SQL query results.
Keywords
KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To