I tried to debug a little more, this time with SFDC as SP and Chrome SAML debug on a PC, result is the same is in Android Enterprise:
first request after SP gives error 404:
GET https://idp.mobl-service.eu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=fZLbcqowFIZfhck9CBRbylQ7IlYRUJSDyg2DEDQSCBLQ6tMXdXdP977omslF1uFffzLf2%2FtnjpkTrCgiRQ8IHA8YWMQkQcWuBzz3g5XBe%2F%2BNRjkulUFT74slPDaQ1kw7V1DlXuiBpioUElFElSLKIVXqWHEGlqmIHK%2BUFalJTDBgBpTCqm4XDUlBmxxWDqxOKIbe0uyBfV2XVOl0aAlRvIcVm8ATCxMuv3A0wpCmpIohF5P8nZIez2v8hr%2BHfLhQwGitJVRE9f0V31IoKbmcbDFLH3s42NxyndZRijDs3CyKnSVMUAXjuuM4c8DoWg%2BE4nDQxkpIJun2bI3ks7WSzpY2uB3J5TPpVn7SXzKzmHZfJqo7L01PTDA2LEFM42M22mcqfp7FMXuh9jVYD2nohvuDauc7dmBFB8O28alG8qa7CzUpTqlxTEMiVuFmnQWl6mjjJ%2B9QjXX%2BY0qk1dzXFkc5zELBXKU7Tf20N1d%2Fs5TXemlCaEldA4kz0aXl7JIEyDdKnB5PuJ5cL%2Fx0HnvGE331q10Xn49TJMof7GKLo9FSQOPQI9ed6Us6Gxujiz6jgaSii7kt3fEEz4eZpkZ%2B5ZTsmmjGa%2BoFwXnhBY3jTWu05PVF%2B1uUNlAvaB0VdQ%2BIvPDK8jIrPrv8i9LtKoLAPXf5ADD2HwZUVDzI%2Bg2Y7aOJKhPXtVl77riA8b8JbRvAg0flvrz6AeLvstE3faD%2Fl7V26D%2B63jo%2FtPuP27%2Fk978A&RelayState=%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=QY0KqYrk4gEjp56evRUhRnC1e3kxzGTxijisPJYQ545zjKtmc6n2TjOTxJwnUSK0FmY55rD4G0Vo3g%2BK0NdBBquwPnCiAWbgTQIJTbqpinzj1tT1PeusOZxDxiiwNqDTxxQE5dIrhWETt4D1WEpJQjqAS3HjVf7QbHuaMD%2FpYvlAf61zNdbivDQSoMII2RaOxRZQ8dPOgVbL5THMh8DdrtHKyRdHUDyPxeYmkXal0k9BLlpbZd2G%2Bq1IloptyHFqz75CYScM82M5CkHpFUbpAl%2FTPWCLjTTnDAwNEBOng8IYNQGW0a2f2uHQg1uOvOu8BLcE%2Bx2%2BgWiAiwdZmm%2BfEe%2FFfxJOOl%2F9sVe4v%2Fls1RHJ0auqw0Ad%2FLcil7nNo3QdqAG7MWa9195a9VwyaAbKBaIZEEb5i57vO6w6FuSfPODO1HqgWteoV5Jj1G9v6mCzC4gHmWD381VRJndFooADPLcr9vYOVzhI95UfZLWgZKvGLO9szpT3MTsgtVQbK3galyz8W6yyQrMZwORPLw3Peq%2FIoIpVVzfSGgv79nzsseiwr0tRIRyRD%2FWVjZfTvD0JFi0odMp5mGIYAeU3qGdDSfT3hEmvK1uG%2Baih65l%2BdTq%2FEiWlBCvkeVYSaL42gj1gvTG%2FQdizQwGzuP0bgiJbQy7DAJXuYFdC0pKvPr5aIVY%3D HTTP/1.1
Upgrade-Insecure-Requests: 1
GET https://idp.mobl-service.eu/idp/profile/SAML2/Redirect/SSO;jsessionid=node01tabpldogjg4h6cr4gto9p45a12.node0?execution=e1s1 HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
HTTP/1.1 404 Not Found
second request always works, with 302 redirect:
GET https://idp.mobl-service.eu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=fZLbcqowFIZfhck9EFA8MMUOiC1aEQRsrTcOQixYSCAJ2vr0Rd3d070vumZykXX415%2FMd3f%2FURbCEVGWE2wARYJAQDghaY7fDLCKHsQBuB%2FdsbgsKt1seIYDVDeIcaGdw0y%2FFgzQUKyTmOVMx3GJmM4TPTTdua5KUK8o4SQhBRBMxhDl7aIxwawpEQ0RPeYJWgVzA2ScV0yXZVahPMkQFVN0FFEqlZ8SiwvE9oQmSEpIec%2BIAaENX%2BE1BodPBgS7tZTjmF9f8S2Vp5VUkl0hstseCTWXnNw62ucFki8WVTlAaU5RwuUw9IAwtQ2wVcdmGy9K6lRT050MTu5L9%2BTa5uV0I%2FjevZQ7XnneNNVwHWRrnqn1%2Fulx9hgGbulWgUlDkluTg3uqXWtaRiIJzra4sLw4Fg%2FwQYHL%2BTl9NRXiZF4V2Bsx9eGy3oqHtNcns%2FqTno7zAMbPqfU040rzdN7F9N2ziaMdFhaZ8G1%2BpAjO2ItGT9ZxPzY3z%2BXO9Zfb9zxzg%2FH0zbHPVXliHVQEHgt4f0Am2I80Nhz7Sr0ONz1xl5lO7IVOR6tV%2FNGxVv3FequoubX0Jp0SLlbD9UTZs163mdmveLVvlpvtQ8jMpabNnMohweKt%2FS3GGjTFjMeYG0CFylCEA1HtRbCva5quqZIy7G2A4P9hwMrxjazfgNndmpjuRJEv%2Bl4YAeH5m9C2Adx41K%2FL6Q8Qf5eNv%2BkDo7%2BstUP%2F0XUn%2F9Ae3W7%2Fkj%2F6Ag%3D%3D&RelayState=%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=KaMkbgJfUul8fpi2mTLWpgEPuiOKKJXdOkVI6%2FIssgZp2Tniobo8x%2B4PEoJ%2FPsfJW%2F%2BlFhKAdd43vfLgW95FVT8jGedhsQ72O6HzhIXN5k1RpDBj7MvViDW2WFvMjfx4atEjlVLwU6wKG%2BrddaYSi3peifunY71grp5ZRMEOsmTTnMl%2F591o%2FscbqiRO%2FcaUohA8eiCoZDZ%2BC%2B84nL7JQO6KJu584KYxiaM0GZ3pEo4vScwlGsbCgaVOHFN2vRQ6LC3D4tMG1StAcwftWxpLT624G4m4CDL6TBo3P8SUvC76BxJV4YjKTCjDK94pUIYbKADOHp7gOVOPQGAhIarc2x2c5rx3f9PkAn5VujrsTFcgU7w%2FYrqKA4fv8qiQ4QB5okyoqvAP2Kg708W%2B2lezzmGoYO7VuUJBUqKYfRIfMTq0665hSW181EfzwEpX0qqyFLgEPNsfH59VKZV5h4kcCtSPiw5TiKWku%2BAKDyPxvhBwHyHkICryAG4yW5tgjlIEHkjS6CxihDs7vHZraIxAa1a2ED9RknJ7D%2BjHdgJX53bSRGmMQoVx%2BuYn8Z5lRjy8zcIiGD026oS2t2PofP4esHVDriviitYoU2GtLeNpKBK5ICUeMJEQ5igavHSXgQNt8U%2Bdn7Y8j22hms%2BrMQmIszNWU4Bd8Uo4rTElR%2BvQSRw%3D HTTP/1.1
GET https://idp.mobl-service.eu/idp/profile/SAML2/Redirect/SSO?execution=e2s1 HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
HTTP/1.1 302 Found
Date: Mon, 26 Aug 2019 07:55:52 GMT
Server: server
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SameOrigin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-store
Location: https://idp.mobl-service.eu/idp/Authn/oxAuth?conversation=e2s1
Content-Length: 0
Content-Type: text/plain; charset=UTF-8
Connection: close
Then I can authenticate. Any idea how ti get the first one working?
Cheers
Markus