There are a couple of reasons why this can happen:
- Caching is enabled on the website.
When auto-redirect is enabled, the user is redirected to the IDP login page and after logging in back to the main site but as caching is enabled it redirects to the IDP login page hence a loop.
This happens when HTTPS is not enforced on the site but is configured on the IDP side with an HTTPS URL. This can be solved by enforcing HTTPS on the site by defining a redirect rule in the .htaccess file or at the Apache level.
3. Cookie adulteration:
The cookie created by the plugin after logging in the user is altered by another plugin which causes the user to not log in to the Joomla site but the session is created on IDP.