a.k.a. "the Wordpress method"
I have a standard CMS page with a friendly error message for when the user isn't found locally
The AD part never gets involved
The idp token contains the email address so assuming it's valid I can look up the member and log them in, then redirect
I just injected my own SAML Controller to deal with the responses.
I can't say for SS4, because I don't know what the code does specifically. On the SS3 activedirectory module, I've got a site working like that.
So the local users are managed locally, but the authentication is carried out by the idp
You'd just be using the SAML side of it, essentially
Did the server log reveal anything?
I don't know if that's a module you have to install separately, is it?