SAML2 fails with IDp initiated login

Product: PowerShell Universal
Version: 3.3.3

I have setup SAML2 with Okta using the documentation. When I access PSU and am redirected to Okta login succeeds and I’m redirected to the desired page. When I click the app icon in Okta I end up on the /Saml2/Acs endpoint and SAML-tracer shows that I’m getting a 500 error.

In the log file there is a corresponding error generated:

2022-09-20 09:30:26.201 -05:00 [ERR] Connection id "0HMKR1PQ16I87", Request id "0HMKR1PQ16I87:0000000F": An unhandled exception was thrown by the application.
Sustainsys.Saml2.Exceptions.Saml2ResponseFailedValidationException: Unsolicited responses are not allowed for idp "".
   at Sustainsys.Saml2.Saml2P.Saml2Response.CheckIfUnsolicitedIsAllowed(IOptions options, IdentityProvider idp)
   at Sustainsys.Saml2.Saml2P.Saml2Response.CreateClaims(IOptions options, IdentityProvider idp)+MoveNext()
   at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
   at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
   at Sustainsys.Saml2.Saml2P.Saml2Response.GetClaims(IOptions options, IDictionary`2 relayData)
   at Sustainsys.Saml2.WebSso.AcsCommand.ProcessResponse(IOptions options, Saml2Response samlResponse, StoredRequestState storedRequestState, IdentityProvider identityProvider, String relayState)
   at Sustainsys.Saml2.WebSso.AcsCommand.Run(HttpRequestData request, IOptions options)
   at Sustainsys.Saml2.AspNetCore2.Saml2Handler.HandleRequestAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

I am tracking this here. SAML2 fails with IDp initiated login · Issue #1581 · ironmansoftware/issues · GitHub

I actually haven’t even tried to configure it via the IDp initiated login so I’m concerned we are missing something in PSU.