SAML Auth flow getting wrong ADFS endpoint

[zhenyatsk]

Describe the bug

According to debug log and code during step "SAML looking up IdP" VCD site return vcd domain instead of link to adfs.

During comparing flow in browser i found that Cookie with 'sso-preferred=yes; sso_redirect_org=' is mandatory. If i add Cookie to Request, i get correct response with link to ADFS.

For example: curl 'https://**vcddomain**/login/**tenant**/saml/login/alias/vcd?service=tenant:**tenant' \ -H 'Cookie: sso-preferred=yes; sso_redirect_org=tenant**' -v Return link to ADFS

Reproduction steps

1. compile saml_auth_adfs sample
2. execute GOVCD_LOG=1 ./auth --username test@domain.com --password pass --org tenant_name --endpoint https://**vcd_domain**/api
3. Got error authorizing SAML: SAML - could not get auth token from IdP (ADFS). Did you specify username in ADFS format ('user@contoso.com' or 'contoso.com\user')? : SAML - ADFS token request query failed for RPT ID (''): SAML request got error: { }

...

Expected behavior

Got info about NSX Edge in Tenant

Additional context

No response

[zhenyatsk]

also looks like 023/03/03 19:00:57 GET https://**domain**/login/**tenant**/saml/login/alias/vcd**?**&service=tenant:**tenant**

there is an extra ? before &service= param