With the latest version you should be able to use different fields for the user name.
As you see in the code the module uses a 'principalValue' (SAML term), this is whichever field you have chosen in the Idp configuration, and the module will match that against any other mendix attribute value previously in the code. The module uses a two step approach
When receiving the SAML response, the module looks in the response and looks up the field that you have chosen as the 'principal field' let's say we use the phone nr of the person.
A few steps later the module executes an xpath Query and searches for the entity that you have selected with a constraint on the attribute and the value of the principal field.
For example: //Admin.Account[phoneNr='+18578578578']
Based on the account that has been found (or created) during the next step the module will lookup value of the System.User.Name attribute. We need this since we are using standard session management from the platfrom and that needs the System.User.Name for signin and lookup.
Once we have the System.User.Name we store that in the 'principalValue' attribute and lookup the user information and start the session.
You should be able to use any attribute, as long as you use a entity that inherits from System.User. If you are having trouble with that can you give a bit of clarification on your saml setup.
In your question you are referring to an NPE? In case this isn't a type, you cannot sign in with user information in a NPE. The module uses the standard user/session management functions and that only works if there is a record in the System.User table.
Did you file a support ticket? Because that is the most sure way that Jasper van der Hoek will fix this :)