Since the SAML2 Addon mappings object can only work with root-level profile attributes, you will need to map the user_metadata properties to the event.user object using an Action.
Doing this will bubble up the attributes to the root level and allow them to be accessible from the mappings objects in the SAML2 Addon settings for login.
I have checked your settings and everything you have shared with me looks good.
At this point, I’d suggest using the Real-time Webtask Logs Extension to confirm that your Post Login Action script is executing inside the if-conditional statement. You could also use console.log() statements to verify the user_metadata values being read.
Finally, please take a look at this knowledge solution for a complete reference for mapping user_metadata/app_metadata into claims in the SAML response.