- SP sends the AuthnRequest to IdP1
- authentication fails
- user presses the return to login link
- correct credentials has been provided
- upon redirect to the SAML endpoint (which would actually create the SAMLResponse) the request goes to IdP2
Since the AuthnRequests are not saved in the SAMLv2Failover system, but only persisted in local caches, IdP2 will fail to recover the AuthnRequest, and the SAML authn will fail.
The SAML AuthnRequest should be saved in the SFO, when enabled.