When you try to initiate an OpenID Connect session, you receive a Browser error that says too many redirects. The logs show the following:

[03/29/2018][20:57:49][6762][140511575152384][120cd330-a359313a-b0216797-dbd47d46-4a765a0a-f861][AuthorizationService.java]
[processAuthentication][OpenIDConnect Authorization Service Service redirecting to authentication URL: https://<federation_idp_web>/affwebservices/secure/secureredirect?SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&
SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&
SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&
SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&
SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&SMASSERTIONREF=QUERY&
response_type=code&client_id=<client_id>&redirect_uri=https%3A%2F%2F<client_url>%2Fservices%2Fauthcallback%2FFusionFull&scope=
openid&state=<encrypted_state_id>]

Siteminder release: 12.8.x

Component: SMPLC \ Federation 

OS: All

The federation Authentication URL was not protected, causing a loop between Federated Web Services (FWS) and the Authentication URL.  This will occur for any federation profile that leverages an Authentication URL.  This looping will also occur if the session that a user receives upon requesting the Authentication URL is not valid for the FWS URL, such as would occur if the Authentication URL and FWS URL are in different cookie domains and no cookie provider is configured.

Make sure the Authentication URL is a protected resource.  Make sure the sessions generated from requesting the Authentication URL are valid for the FWS URL.