Hi Ben, first take the redirect to /SSO/ of your index.html and possibly only on your login.html (or a button on your login.html for SSO). Duplicate the login.html and rename for instance to login3.html, delete the redirect on this one so you can properly sign in again as Admin in the future. Then go in to the log of your SAML page and dig up the requests and response and start analysing...
It sounds like someone did, like below:
I would suggest to use SAML tracer a Firefox plugin to test your setup. And depending on what is on the other side (Office 365 or Azure has also some good tools to test).
Then about the setup. You do not need to touch the login page. You should use an URL like this to directly go to your app:
https://yourapp.mendixcloud.com/SSO/login?_idp_id=yourconfigname
That URL you should give to all SSO users. If you do not have a multi tenant app you can put a button on your regular login page to redirect to that URL. This way mobile phone users etc do not have to remember that URL but can just press that button when they want to login.
So your login page will still work for non SSO users. Do not forget to reset the passwords once you configured everything otherwise your SSO users could still login without using SSO.
Hope this helps.
Regards,
Ronald