When the user ID length is more than 20 characters, the login to SSP fails. But if the user ID length is reduced in the AD, the login is successful.

Windows Active Directory does not allow to have a samAccountName's length more than 20 character.

Since the user ID is mapped to samAccountName in VIPEG, and samAccountName in AD is limited to 20 character of length, so it does not allow more than 20 character when someone tries to login to VIP EG SSP IDP.

Suggested customer to reduce the username length in AD, so that it would reduce the samAccountName and user would have no trouble accessing the SSP.