After a user resets their password at our IdP they get sent to our home page. When clicking to go to a page that is login protected we get this error. Then, if I change the URL to another page, they seem to be logged in. Also, it doesn't look like there is a new flow because I don't see anything in SAML-tracer (app). Is there a way to suppress the error so I can log it but allow the user to continue?
The SAML message InResponseTo _6331583f-435a-4440-8cd0-5064bd0804af doesn't match the expected InResponseTo _cc53630b-fe97-4d9b-972e-6888e14f3de7.