Due to some reason, Error 500 may appear on the IIS Agent consumer url /saml2/login , for example:
That is the default behavior of IIS web server on Error 500.
Unfortunately this is a very generic error and does not really reveal to root of the problem.
To retreive further details please follow these articles...
https://stackoverflow.com/questions/5385714/deploying-website-500-internal-server-error
https://serverfault.com/questions/810347/how-to-see-detailed-500-errors
Alternatively, we can can enable IIS Agent log to see the details...
For the particular error, we are almost sure that either DualShield server or IIS server has a time drift.