A misconfigured AssertionConsumerService URL points to a protected application within the SAML application.
As the browser tries to POST the SAML response to the SAML App it triggers another SAMLRequest to be sent.
This starts the loop because the new request also goes to a protected location.
The AssertionConsumerService (ACS) URL needs to be configured correctly within the application settings in Cloud Access Manager. This URL should be provided by the SAML service provider.