Red Hat Single Sign-On 7.3 added a feature called Client Scopes which is adding default mappers for email_verified property which takes precedence over the user configured mappers on the client.

Because of this step #5 in section 5.4 is now incomplete:
https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.6/html/creating_the_developer_portal/authentication#rhsso

The following changes are needed:
1) Adding a email_verified mapper is typically unnecessary since it's part of the "email" client scope which is present by default
2) In the last paragraph of step 5 it says if you are using User Federation you need to either configured a different mapper. Either:

• configure the User Federation mapping to set the Email Verified attribute to true
  OR
• configure a hardcoded claim in the client created previously for 3scale SSO integration, with the token name email_verified and the claim value set to true.

The client scope doesn't affect the first option, but the second option won't work because the default "email" client scope already is mapping the email_verified claim with a higher priority which obscures any manually configured mappers like the hardcoded claim mapper.

To resolve you need to remove "email" from the default client scope in the client configuration. (i.e. Client > <your client> > Client Scope)