SAML SSO Logins Fail With: *** ERROR *** *** Script: User: xxxxxxxx not found DescriptionUsing SAML SSO login, users fail to login, the node logs show the following error: *** ERROR *** *** Script: User: xxxxxxxx not found You have confirmed that in the SAML Response received from the Identity Provider (IdP) NameID tag has a valid value to match the lookup criteria defined in the IdP records's Advanced tab "User Field". You have cross-checked the sys_user table and the lookup by the "User Field" value returns an Active and valid user that matches. For example the SAML Response has this in the NameID tag: <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">myuser@mydomain.com</saml:NameID> The Identity Provider record has Advanced tab "User Field" = email You go to the sys_user table list view and lookup by email is myuser@mydomain.com and you find only one user with that email value and that user is Active and not locked out. From this it seems inexplicable as to why the user is not found.Release or EnvironmentApplies to any release.CauseIn this case there was a custom Query type business rule on the sys_user table that required a custom sys_user.<column> field to be set to true for the lookup of that record to be successful. As in this example scripting: current.addQuery('u_custom_field_active,1); For the users who could not login the sys_user.<column> value was set to false, in the example used above the field is sys_user.u_custom_field_active. This caused the system's lookup of that user by the "User Field" value in the sys_user table to fail, resulting in the User not found error.ResolutionThere are two solutions to this issue: (1) Deactivate the Query business rule. (2) Set the custom sys_user.<column> value to true for the users you want to be able to login using SAML SSO, this will cause the Query business rule to allow the system's query into the sys_user table, allowing the user to be found.