Azure AD is being used to implement SSO with Clarity, using SAML 2.0. An attribute called 'Login' is defined on the Azure end, which maps to 'user.principalname'. However, it is noticed that the Single Sign On does not work. When the Clarity Server URL is accessed via a browser, it is noticed that redirection does happen to the IdP, but the Clarity application page does not open. Instead redirection happens to the Error URL defined in the CSA.

'Login' attribute is mapped to source attribute 'user.principalname'. But the username in Clarity is derived from AD, by using LDAP. When the user information is received, the 'sAMAccountName' is used to fetch the usernames here.

Note:
This might not be an incorrect configuration always. It is recommended to obtain a SAML trace and determine the value being passed against the 'Login' attribute. Then compare this value with the username present in Clarity.

Use 'onPremisesSamAccountName' in Azure AD, as the source attribute.