The following issue was observed in an Iris Hotfix-1 environment (note - we upgraded mod-login-saml to mod-login-saml-2.1.2 due to issues noted
When SSO settings are configured to use User Property "Email"
POST request to /saml/callback?client_name= always fails with 400 error and message "No user found by email = 'users email address'"
From logs, found that attempt is being made to locate the user with the following request to users
GET <okapi>/users?query=email=='users email address' which will always return 0 results
The request should instead look up as follows
GET <okapi>/users?query=personal.email=='users email address'
Steps to Reproduce:
Configure SSO settings to use User Property "Email"
Users are looked up by mod-login-saml by email in mod-users
Users are not found and a status 400 is returned