Federation request is looping between the Authentication URL (redirect.jsp) and saml2sso URL. The Web Agent error log shows the following error:
Agent failed to process request with return code: '-1'.
The Access Gateway agent was configured to use an ACO (Agent Configuration Object) that was not based on the SPSDefaultSettings ACO template. This can cause odd behavior around authentications that take place on the Access Gateway Web Agent.
The ACO used by the Access Gateway Agent should always be based on the SPSDefaultSettings ACO template. Rebuilding the ACO based on this template resolved the issue.