WebSphere Application Server & Liberty

Hi friends , i am configuring  SAML in websphere  for enable sso . my env is :

I already followed the steps in:
https://www.ibm.com/docs/en/was-nd/9.0.5?topic=swss-enabling-your-system-use-saml-web-single-sign-sso-feature

I got below log in acs-server(WebSphereSamlSP)

[23-5-27 11:48:02:534 CST] 000000bc WebCollaborat >  SetUnauthenticatedSubjectIfNeeded Entry
[23-5-27 11:48:02:534 CST] 000000bc WebCollaborat 3   Invoked and received Subject are null, setting it anonymous/unauthenticated.
[23-5-27 11:48:02:534 CST] 000000bc WebCollaborat <  SetUnauthenticatedSubjectIfNeeded:true Exit
[23-5-27 11:48:02:534 CST] 000000bc WebCollaborat 3   com.ibm.ws.security.web.WebCollaborator.WebComponentMetaData attribute is set.
[23-5-27 11:48:02:534 CST] 000000bc EJSWebCollabo 3   WebComponentMetaData
                                 com.ibm.ws.webcontainer.metadata.WebComponentMetaDataImpl@fdfc8966[WebSphereSamlSP#WebSphereSamlSPWeb.war#IBMWebSphereSamlACSListenerServlet]
[23-5-27 11:48:02:535 CST] 000000bc EJSWebCollabo 3   preInvoke pushing app name WebSphereSamlSP
[23-5-27 11:48:02:535 CST] 000000bc WebSecurityCo 3   Setting pushed security to "true" for: com.ibm.ws.security.web.WebSecurityContext@9a32fef3
[23-5-27 11:48:02:535 CST] 000000bc EJSWebCollabo 3   preInvoke
                                 app_name=WebSphereSamlSP isAdminApp=false isAppSecurityOn=false
[23-5-27 11:48:02:535 CST] 000000bc EJSWebCollabo 3   preInvoke
                                 Skip authorization for non-system apps when app security is disabled.
[23-5-27 11:48:02:535 CST] 000000bc IBMWebSphereS >  handleRedirect Entry
[23-5-27 11:48:02:536 CST] 000000bc IBMWebSphereS 3   samlres[not null]
[23-5-27 11:48:02:536 CST] 000000bc IBMWebSphereS 3   target[null]
[23-5-27 11:48:02:537 CST] 000000bc IBMWebSphereS 3   RelayState[http://mas76/maximo]

So ,  in second line , I notice the acs server get null subject from my SAMLResponse. There is no authenticated token generated , so when web is redirected  to my application , it 's not authenticated.  Is my understanding right?

this is my SAMLResponse , i post it to the Assertion Consumer Service, i didn't know whether the  format or subject  is correct .
can anyone  give some advices ? Thank you very much.

i used email entity and  login the EAM7.6 successfully.

[23-5-27 11:48:02:534 CST] 000000bc WebCollaborat >  SetUnauthenticatedSubjectIfNeeded Entry[23-5-27 11:48:02:534 CST] 000000bc WebCollaborat 3   Invoked and received Subject are null, setting it anonymous/unauthenticated.[23-5-27 11:48:02:534 CST] 000000bc WebCollaborat <  SetUnauthenticatedSubjectIfNeeded:true Exit[23-5-27 11:48:02:534 CST] 000000bc WebCollaborat 3   com.ibm.ws.security.web.WebCollaborator.WebComponentMetaData attribute is set.[23-5-27 11:48:02:534 CST] 000000bc EJSWebCollabo 3   WebComponentMetaData                                 com.ibm.ws.webcontainer.metadata.WebComponentMetaDataImpl@fdfc8966[WebSphereSamlSP#WebSphereSamlSPWeb.war#IBMWebSphereSamlACSListenerServlet][23-5-27 11:48:02:535 CST] 000000bc EJSWebCollabo 3   preInvoke pushing app name WebSphereSamlSP[23-5-27 11:48:02:535 CST] 000000bc WebSecurityCo 3   Setting pushed security to "true" for: com.ibm.ws.security.web.WebSecurityContext@9a32fef3[23-5-27 11:48:02:535 CST] 000000bc EJSWebCollabo 3   preInvoke                                 app_name=WebSphereSamlSP isAdminApp=false isAppSecurityOn=false[23-5-27 11:48:02:535 CST] 000000bc EJSWebCollabo 3   preInvoke                                 Skip authorization for non-system apps when app security is disabled.[23-5-27 11:48:02:535 CST] 000000bc IBMWebSphereS >  handleRedirect Entry[23-5-27 11:48:02:536 CST] 000000bc IBMWebSphereS 3   samlres[not null][23-5-27 11:48:02:536 CST] 000000bc IBMWebSphereS 3   target[null][23-5-27 11:48:02:537 CST] 000000bc IBMWebSphereS 3   RelayState[http://mas76/maximo]