Nextcloud + single sign on

ucs: 4.4-3 errata438, nextcloud: 17.0.2-0

configured as described here
Result of check ucr get saml/idp/entityID stored in Nextcloud installations options
Running url with “” in browser shows correct metadata.

starting from ucs portal --> app nextcloud --> SSO & SAML Anmeldung --> ucs-sso login screen --> access denied error
All users & admin marked for access nextcloud in user options.

How could I fix this issue ?

the url after login in the ucs-sso login screen contain