When enabling SAML authentication in the Web Security Service, you might experience a browser stuck in a redirect loop for some subdomains.
For example, test.blogspot.com
SAML authentication uses redirects and cookies to authenticate the user. (Anatomy of a SAML Transaction)
Cookies are used as a surrogate credential and are set at the domain level in the browser. For example, if you visit subdomain.example.com, the cookie is set against .example.com.
Setting the cookie at the domain level reduces the amount of redirects required when visiting other subdomains because the browser automatically presents the cookie for any other subdomain of example.com and therefore is not required to go through the authentication/redirect mechanism again.
However, it is not possible to set domain wide cookies on some domains that are considered Effective TLDs (for example, blogspot.com is an effective TLD):
Public Suffix List
As a cookie cannot be set for sub-domains at the domain level for effective TLDs, the browser keeps attempting to access the subdomain.blogspot.com without the cookie, and is redirected through the authentication mechanism again. This is what causes the re-direct loop.
There are two fixes to this problem: