Bug #611246 was fixed by adding a call to check if there was a LP user for a particular SSO account, and to create one if not.
Problem is SCA is currently only calling that when the username matches the openid_identifier, as it was incorrectly believed that django_openid_auth would create users with matching usernames and openid_identifiers if no nick was provided by SSO. It is instead creating them with usernames like 'openiduserN', with N getting incrementally bigger each time.
So LP accounts are currently not being created for non-LP users, hence people without a LP account associated to their SSO account will not be able to purchase software yet.
The current implementation also has the problem that user creation will get progressively slower, as it has to search longer each time for the first available 'openiduserN' username. Bug #652075 should fix this, but updating the username from the one LP returns would alleviate the issue considerably.