Fix SAML login (#4037)

* after first login the user is read from the db and hence we need to inspect the `emailVerified` attribute as well.

* fixed mapping documentation for SAML, the current mapping is not right and is causing confusion

apps/web/docs/saml-setup.md

@@ -18,10 +18,10 @@ This guide explains the settings you need to use to configure SAML with your Ide
 
 **Mapping Attributes / Attribute Statements:**
 
-id -> user.id
+http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier -> id
 
-email -> user.email
+http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -> email
 
-firstName -> user.firstName
+http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname -> firstName
 
-lastName -> user.lastName
+http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname -> lastName

apps/web/pages/api/auth/[...nextauth].tsx

@@ -328,7 +328,7 @@ export default NextAuth({
         if (account.provider === "saml") {
           idP = IdentityProvider.SAML;
         }
-        user.email_verified = user.email_verified || profile.email_verified;
+        user.email_verified = user.email_verified || user.emailVerified || profile.email_verified;
 
         if (!user.email_verified) {
           return "/auth/error?error=unverified-email";