Sharepoint 2013 with ADFS gives "Sorry this site hasn't been shared with you"

Sorry- my post got eaten.  :(

I built a sharepoint 2013 farm and set it up for adfs

I created a web app- http://share2013.domain.com

I went into ADFS, set up relying party trust and the following rules (following this guide-http://technet.microsoft.com/en-us/library/hh305235.aspx)

In the Mapping of LDAP attributes to outgoing claim types section, underLDAP Attribute, select SAM-Account-Name.

• Under Outgoing Claim Type, select E-Mail Address.

• Under LDAP Attribute, select User-Principal-Name.

• Under Outgoing Claim Type, select UPN.

I set up adfs as a trusted identity provider-

PS C:\Users\accountname> $cert = New-Object System.Security.Cryptography.X509Certific
ates.X509Certificate2("C:\certs\signing.cer")
PS C:\Users\accountname> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certi
ficate $cert
PS C:\Users\accountname> $map = New-SPClaimTypeMapping -IncomingClaimType "http://sch
emas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisp
layName "EmailAddress" -SameAsIncoming
PS C:\Users\accountname> $map2 = New-SPClaimTypeMapping -IncomingClaimType "http://sc
hemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayNa
me "Role" -SameAsIncoming
PS C:\Users\accountname> $map3 = New-SPClaimTypeMapping -IncomingClaimType "http://sc
hemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName
"UPN" -SameAsIncoming
PS C:\Users\accountname> $map4 = New-SPClaimTypeMapping -IncomingClaimType "http://sc
hemas.microsoft.com/ws/2008/06/identity/claims/primarysid" -IncomingClaimTypeDis
playName "SID" -SameAsIncoming
PS C:\Users\accountname> $map4 = New-SPClaimTypeMapping -IncomingClaimType "http://sc
hemas.microsoft.com/ws/2008/06/identity/claims/primarysid" -IncomingClaimTypeDis
playName "SID" -SameAsIncoming
PS C:\Users\accountname> $realm = "urn:share2013:adfs"
PS C:\Users\accountname> $ap = New-SPTrustedIdentityTokenIssuer -Name "ADFS2" -Descri
ption "CLAIMS authentication" -realm $realm -ImportTrustCertificate $cert -Claim
sMappings $map,$map2,$map3,$map4 -SignInUrl "https://login.domain.com/adfs/ls" -I
dentifierClaim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddres
s
PS C:\Users\accountname>

Imported cert, extended to a new web app-

https://share.domain.com - using trusted identity provider ADFS2, no ntlm

created a site collection- http://share2013.domain.com/sites/team1

added site collection admin user@domain.com, selected from under ADFS2, email address field

Went to  https://share.domain.com/sites/team1 and was prompted to sign into login.domain.com (our adfs login page) then got Access Required - Sorry, this site hasn't been shared with you.

NTLM works, and I have a sharepoint 2010 farm that works with this ADFS server.

I tried re-running 1st config wizard (have not run 2nd) and bounced servers- no luck.

Help please.