3710901 - Federation error "No user found for name ID '<nameID>' (format: unspecified)" when mapping user to table USREXTID

1. SAML2 SSO is configured with the following:
   • On ABAP system (transaction SAML2):
     • NameID Format is set to "Unspecified";
     • User ID Mapping Mode is set to "Mapping in USREXTID table, type SA";
   • On Identity Provider (IDP), NameID Format is also set to "Unspecified".
     
     
2. During SAML2 authentication, after IDP redirects back to the ABAP system, there's a "401 Unauthorized" error, a logon screen, or a logon popup.
   
   
3. In a Security Diagnostic Tool trace,  messages such as the below ones can be found:
   • SAML20 SP (client <client number> ): Federation error: No user found for name ID '<nameID>' (format: unspecified). Details: No user found for name ID '<nameID>' (format: unspecified).
   • SAML20 SP (client <client number> ):  Exception raised:
     SAML20  SAML20 CX_SAML20_FEDERATION: No user found for name ID '<nameID>' (format: unspecified). Long text: No user found for name ID '<nameID>' (format: unspecified). 

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

• SAP NetWeaver
• ABAP platform

No user found for name ID, (format: unspecified), Federation error, Exception raised, SAML20  SAML20 CX_SAML20_FEDERATION, USREXTID, RSUSREXT, VUSREXTID,  , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , Problem