Group SSO redirects to the sign in page instead of SSO sign in page even when enforced

Summary

Even when SSO is enforced, if a user visits the group page in some cases they get redirected to the regular sign in page instead of the group's SSO sign in page.

Steps to reproduce

1. Group has SSO SAML configured with SSO enforced.
2. New user visit group page.
3. User is redirected to SAML SSO sign in.
4. User signs in using SSO.
5. GitLab user account is created and they get a banner message telling them to confirm their email.
6. User confirms through the emailed confirmation link.
7. User gets redirected to sign in page with a banner to say their email is confirmed.
8. User visits their group page.
9. User gets redirected to regular sign in page with banner warning "You need to sign in or sign up before continuing".

Example Project

Customer reported via (internal) https://gitlab.zendesk.com/agent/tickets/299693

What is the current bug behavior?

User gets warning and redirected to sign in page.

What is the expected correct behavior?

User gets redirected to SAML SSO sign in page.

Relevant logs and/or screenshots

Output of checks

GitLab.com, GitLab Enterprise Edition 15.2.0-pre c6926f70

Possible fixes

We believe GitLab is seeing a session cookie and thinking the user should already be signed in. Perhaps we can ignore the session cookie in these cases?

Aside from redirect to the SAML SSO page, #238461 (closed) would resolve this issue since users wouldn't need to confirm their email when they sign in for the first time.

Possible workarounds

1. Visit the "GitLab single sign-on URL" instead of just the group. This is the group link that ends in something like token=GxQe139p. You can find this link on the SSO Settings page.
2. Click on the GitLab app on the Identity Provider's dashboard (if the tokenized link is set up as the login link).
3. Clear any GitLab cookies from the browser, then visit the group link.