AEM redirects the user to the original secured URL with an extra "?" after the IDP SAML Response POST back to AEM. This is breaking SAML auth. The extra "?" is set in the saml_request_path cookie.
The scenario goes like this:
This is a known AEM product bug GRANITE-14613.
Either install the latest AEM 6.2 Cumulative Fix Pack or contact AEM Customer Care for hotfix 13707.