I got the below error while I was trying to authenticate through IBM Security Access Manager (using Sustainsys.Saml2.Owin)
Here is the Link of error code
I tested the code on another IDP https://stubidp.sustainsys.com/ and it's working.
Maybe the difference is with the test IDP (Stupidp) it was a solicited response but from IBM Security Access Manager was Unsolicited (Idp-initiated).
But I already set AllowUnsolicitedAuthnResponse = true
Here is the metadata that attached on IBM Security Access Manager
I find the solution I was sent a wrong metadata, the right one if you use SustainSys.Saml2 is to hit your SP URL "https://SP.com/Saml2" this will generate your SP metadata file.
The AssertionConsumerService was wrong was the action to be landed after login on the IDP, but the right one should be "https://SP/Saml2/Acs"