Thanks for sending the log. I've copied the relevant obfuscated section below.
At 01:51:49, InitiateSsoAsync is called and the SAML authn request is sent. The saml-session cookie value is af9ad8b5-1d2b-499c-b2c4-f30984238379 and the corresponding SAML session state is in memory.
Ten seconds later, ReceiveSsoAsync is called and the SAML response is received. No saml-session cookie is included with the HTTP Post of the SAML response. Therefore, a new saml-session cookie with value 1c14cdb6-51a0-4499-b266-c8840c281813 is set. There is now no corresponding SAML session state in memory.
As a SAML response is received and we have no SAML session state, we throw the "An SP-initiated SAML response from
https://XXXXXX.hijkl was received unexpectedly" exception.
This is as expected. If the browser is closed and therefore the saml-session and all other session cookies are deleted, we don't have SAML session state and cannot process the SAML response.
The user shouldn't close the browser half way through SSO. However, it is ok to complete SSO, close the browser and complete SSO a second time.
2021-12-31 01:51:49.201 -05:00 [DBG] SAML session state (af9ad8b5-1d2b-499c-b2c4-f30984238379):
SP state:
Pending response state:
Action: ReceiveSamlResponse
Partner name:
https://XXXXXX.hijklRelay state:
In response to: _74018add-79b1-4df6-8469-eb16a24c183b
SSO session state:
Partner name:
https://XXXXXX.hijklName ID: <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">XXXX</saml:NameID>
Session index: _afac68ac-b320-42c3-8d07-93bef9cabdfd
2021-12-31 01:51:49.204 -05:00 [DBG] Initiation of SSO to the partner identity provider
https://XXXXXX.hijkl has completed successfully.
2021-12-31 01:51:59.083 -05:00 [DBG] The SSO session ID 1c14cdb6-51a0-4499-b266-c8840c281813 has been saved to the saml-session cookie.
2021-12-31 01:51:59.086 -05:00 [DBG] HTTP cookie: saml-session=1c14cdb6-51a0-4499-b266-c8840c281813; Path=/; SameSite=None; Secure; HttpOnly
2021-12-31 01:51:59.089 -05:00 [DBG] SSO session state is being initialized.
2021-12-31 01:51:59.091 -05:00 [DBG] SSO session state for saml-session-1c14cdb6-51a0-4499-b266-c8840c281813-SamlState is being saved to the distributed cache.
2021-12-31 01:52:14.677 -05:00 [DBG] Receiving an SSO response from a partner identity provider.
2021-12-31 01:52:14.689 -05:00 [DBG] SAML session state (1c14cdb6-51a0-4499-b266-c8840c281813):
SP state:
Regards
ComponentSpace Development