It's seems like an issue with incorrect relay state URL.. Did you use the relay state generator to generate the user access URL? You can use this portal to generate the same or use this URL
https://<adfs_server_fqdn>/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Dhttps%253A%252F%252Fsignin.aws.amazon.com%252Fsaml%26RelayState%3Dhttps%253A%252F%252Fappstream2.<Region>.aws.amazon.com%252Fsaml%253Fstack%253D<Stack_Name_Case_Sensitive>%2526accountId%253D<aws_accountid_without_hypen> and replace the values in placeholders. For further assistance please open a support case.
Hi, did tech support find a solution for you? We are currently experiencing the exact same problem at our site.
Issue with Enabling Identity Federation with AD FS 4.0 and Amazon AppStream 2.0asked a month ago
AppStream with SSO and Active Directory problemasked a year ago
AWS Integration with On-Prem Active Directoryasked 4 months ago
AWS SSO ERROR 403 with AD connectorasked 5 months ago
AWS Managed AD ADFS user sign-on URL is not accessible outside of ADFS server.asked 7 months ago
Unable to use AD groups after enabling Configurable AD Sync in SSOAccepted Answerasked 7 months ago
AWS SSO integration with QuickSightAccepted Answerasked 2 years ago
Enabling Identity Federation with AD FS 3.0 and Amazon AppStream 2.0asked 8 months ago
Forbbiden 403 access denied with AWS SSO SAML application from Gitlab integrationAccepted Answerasked 8 months ago
AWS SSO Issue with Office 365asked 4 years ago