- User access the Protected resource or a SAML Service Provider.
- User log in to the IDP server
- User is redirected to AAF for second factor authentication
- After authenticating to the AAF server user lands to the NIDP portal in place of redirect to AG Protected Resource or SAML Service Provider
LB is not sticking to same IDP server. The request to OAuth Callback lands to another IDP server which has not provided the authentication. In this scenario the IDP server need to proxy the callback request to another IDP server used for the Authentication. This proxy request fails and as a result user is redirected to the NIDP portal page.