Sign-in using saml auth failed

I'm trying to SAML authentication working with Omnibus 8.3.2 following these instructions but get the following 422 error:

Sign-in failed because email can't be blank, email can't be blank, email is invalid, name can't be blank, notification_email can't be blank, notification_email is invalid.

I'm pretty sure the connection with the IDP is working because, if I add a logger to the saml.rb file in the callback_phase method, then I get a valid email, given name, family name and user name as expected from the @attributes and @name_id variables.

But if I put the same debugging code at the end of the file, say here, then all of the fields are nil and presumably this is what triggers the warning about the blank fields.

The relevant part of my gitlab.rb file is below and I believe this is a separate issue from #3306 (closed) because the user wasn't created when I look at the Gitlab log.

gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = true
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
gitlab_rails['omniauth_block_auto_created_users'] = true
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
gitlab_rails['omniauth_providers'] = [
  {
    "name" => "saml",
    args: {
            assertion_consumer_service_url: 'https://myserver/users/auth/saml/callback',
            idp_cert_fingerprint: 'idp_fingerprint',
            idp_sso_target_url: 'idp_url',
            issuer: 'https://myserver',
            name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
          },
     "label" => "My Org Login" # optional label for SAML login button, defaults to "Saml"
  }
]