Saml-session value are different in SP and IDP

I’ve implemented sso with component saml in SP, in order to test my SP, I created a simple IDP and published it to cloud.

The first sp inited login and sp inited logout can work, however, when sp is logged out and redirect back to idp’s login page, if I enter credentials in idp, I’ll get an error and can’t login again. The error is: An SP-initiated SAML response from xxx was received unexpectedly.

But if I close the browser and open another private window, I can do sp inited login and logout again.

I checked the saml-session cookies in my browser, it is with Samesite=None, but the value in sp is different from that of idp.

I am stuck here and have no idea at all regarding how to troubleshoot and how to fix.

Hope you guys can help me with this. Thanks.

It sounds like an issue with the saml-session cookie not being sent by the browser.

At your SP application, please enable SAML trace and send the generated log file as an email attachment to mentioning your forum post.

Also, please use the browser developer tools (F12) to capture the network traffic and send the saved HAR file. Include the full sequence ie successful SSO and SLO followed by failing SSO.