Customer tried to use validation Identity Mapping on a federation app, but user cannot be authorized.
From Release 12.8.03, Identity Mapping in a SAML 2.0 IdP -> SP federation partnership lets you authenticate users with one user directory and authorize them with another user directory at IdP. The assertion attributes are returned from the user directory that authorizes the user.
The following topics describe Identity Mapping in federation partnerships.
However, in the video, it stated that this feature added in Release 12.8.03, only supports Authentication-Authorization identity mapping, NOT Validation Mapping.
Release : 12.8
Component : SITEMINDER FEDERATION END POINT