My application supports both SP and IDP initiated authentication, using a common AssertionConsumerService endpoint.
Both flows work fine, except in one situation.
If a user causes an SP initiated auth request to be sent to the IDP, but then while sitting on the IDP's auth page navigates to that same IDP's site that generates an IDP initiated request, then when my assertion consumer method does the ReceiveSSO call, it gets an error saying that an unexpected IDP initiated response was received.
If i clear all the cookies (from my provider site) and go to the IDP site and do IDP initiated again, it will work.
I hope that made sense.
It's probably a little edge-casey, but is that the expected behavior?