Issue
SSO login fails for some users but works for others .
Checking the logs on the instance, the below error is seen :
Error SAML2Error: SAML failed to login, Status code is urn:oasis:names:tc:SAML:2.0:status:Responder. When it is supposed to be urn:oasis:names:tc:SAML:2.0:status:Success SAML2
SAML Response contains the below status code :
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied" /></samlp:StatusCode>
Cause
This is a user specific issue on the ADFS/IDP end .
Resolution
Please contact the IDP admin to check why the status code "RequestDenied" is sent for specific users (could be specific to user profile permissions . )