Did you set the request handlers? This part of the documentation:
Regards,
Ronald
We have a related issue, if the user is already authenticated in the IDP (a single instance of AD) then the SSO works as expected and the user gets to the app's home page. However, if the user is not authenticated yet, we get a message "Unable to validate SAML message", whereas the desired behaviour is then to redirect to the AD page where the user could enter his/her credentials to continue the SSO process. Any ideas where we could look for the solution to this?