When using SAML to connect to the AWI, an "access denied" message is received.

Release : All

The user/client/department is not setup correctly in the IdP. 

The trace logs (TCP/IP=5, DB=4) show that the connection to the IdP is successful and validated, but when it comes to the user we see:

U00045322 Assertion validation was successful. Starting with signature validation now.
          SAML - Start validating signature from Response.
          SAML - Signature Profile successfully validated.
          SAML - Signature successfully validated.
          SAML - Username from attribute 'aename' not found.
          SAML - Username from 'Subject Identifier' not found.
          SAML - Username from 'NameID' not found.
U00045329 User name from SAML response can not be extracted (no match found).
U00000009 'UC_DEPT': Access denied

Where 'UC_DEPT' is the department specified. 

The non-trace logs show:

U00045329 User name from SAML response can not be extracted (no match found).
U00000009 'UC_DEPT': Access denied

The messages are coming from the IdP. Engage the IdP admins/specialist to assist in setting up the users, client, and department correctly within the IdP.

For Azure specific, please see article: AZURE SAML Integration fails with U00045329 User name from SAML response can not be extracted