When the IDP valve sends back a saml response in post binding it does not clear the headers and status code set by nested valves. If the nested valves set a 302 (Moved temporarily) status code and a Location header, then the client is redirected to the "Location" instead of recieving the saml post binding form