SAML Auth flow getting wrong ADFS endpoint

[zhenyatsk]

Describe the bug

According to debug log and code during step "SAML looking up IdP" VCD site return vcd domain instead of link to adfs.

During comparing flow in browser i found that Cookie with 'sso-preferred=yes; sso_redirect_org=<tenant_name>' is mandatory. If i add Cookie to Request, i get correct response with link to ADFS.

For example:
curl 'https://vcddomain/login/tenant/saml/login/alias/vcd?service=tenant:tenant'
-H 'Cookie: sso-preferred=yes; sso_redirect_org=tenant' -v
Return link to ADFS

Reproduction steps

1. compile saml_auth_adfs sample
2. execute GOVCD_LOG=1 ./auth --username test@domain.com --password pass --org tenant_name --endpoint https://vcd_domain/api
3. Got error authorizing SAML: SAML - could not get auth token from IdP (ADFS). Did you specify username in ADFS format ('user@contoso.com' or 'contoso.com\user')? : SAML - ADFS token request query failed for RPT ID ('<tenant_name>'): SAML request got error: { }

...

Expected behavior

Got info about NSX Edge in Tenant

Additional context

No response

[zhenyatsk]

also looks like
023/03/03 19:00:57 GET https://domain/login/tenant/saml/login/alias/vcd**?**&service=tenant:tenant

there is an extra ? before &service= param