Verify your attributes and claims use a proper schema in the claim name, and that you have a properly mapped claim for “user.mail” as in the example below. An indicator that this is necessary is when an authentication attempt returns the response: “assertion does not meet requirements for user lookup”.