Currently to log in through SAML the user needs to already exist in a directory configured in the product.

For synchronised LDAP/Crowd directories this means the user needs to have already been synchronised at least once from the remote server.

For delegated LDAP (aka 'Internal with LDAP authentication') this means the user can't log in until either manually created, or created as a part of non-SAML authentication (if 'Copy User on Login' is selected).

Instead as a part of the SAML login we should update/create the user from the remote LDAP/Crowd directory, as configured in the directory configuration - the behaviour should match the non-SAML login.