Hi Martin, thanks
yes, I ran the trace and I see saml token is created, my test user ID mapped correctly, but at the end I see strange message:
<Testuser1> " SAML20 SP (client 010 ): Current request method is POST, request method as read by OUC cookie is . Request URL from OUC cookie: . Form fields from OUC cookie: "
and then
<No user> "SAML20 SP (client 010 ): SAML2 session exist in client: 010, no policy specified "
so SSO does not work a all - either way 
thanks