Error Logon using SAML failed. Error: The referenced account is currently disabled and may not be logged on to is shown after SAML authentication
The corresponding user account in "local" RAS domain is locked out.
Unlock the account.
Check events 4740 in Security log on Domain Controllers for more details: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4740