SAML Integration

I am having an issue with the SAML configuration. I can access the resources only when I enter the username (AD sAMAccountName) at the Logon Page because then it is storing that value in sAMAccountName variable in AD Query while assigning resources to the users

Here is the sample policy looks like

Instead of using sAMAccountName in AD Query I can use UserPrincipalName, but not sure what variable I can use in SearchFilter to use email address entered by the user in the previous SAML window. In order to accomplish that what variable I need to replace with session.login.last.username in the following SearchFilter Code?
(UserPrincipalName=%{session.login.last.username})

Thanks in advance,