WS-Fed Resource Partner is not authenticating the user, resulting in 500 error. FWSTrace.log indicates the user is failing assertion-based authentication.
The NameID was in email format, but the user lookup within the WS-Fed auth scheme was for UID, not email.
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Once the user lookup was set to 'mail=%s', the user was authenticated and successfully accessed the WS-Fed target.