Unable to authenticate using SAML2

Configured SAML2 provider in LibreNMS 24.4.0 to provide authentication to user through ForgeRock.

I followed this article Oauth/SAML support - LibreNMS Docs

when I try to authenticate using saml2, it returns following error from librenms.log

Server responded with an unsuccessful status: urn:oasis:names:tc:SAML:2.0:status:Requester, message: Creation of NameID is not allowed per AuthnRequest. {"exception":"[object] (LightSaml\\Error\\LightSamlValidationException(code: 0): Server responded with an unsuccessful status: urn:oasis:names:tc:SAML:2.0:status:Requester, message: Creation of NameID is not allowed per AuthnRequest. at /opt/librenms/vendor/socialiteproviders/saml2/Provider.php:623)"}

Here are few pictures show our configs

and when I added SESSION_SAME_SITE_COOKIE=none I got the following error

{"exception":"[object] (Laravel\\Socialite\\Two\\InvalidStateException(code: 0):  at /opt/librenms/vendor/socialiteproviders/saml2/Provider.php:578)"}

can anyone tell me how to troubleshoot why I’m getting exception error