Use SSO and internal login side by side

Hello everyone,
I successfully implemented SSO and now I want trigger login via a button on the login panel, to use both authentication methods side by side. I set an redirect entry point to the SSO login page, but after logging in, I’m not redirected to the content and hippo login page is shown. Authentication manager says I’m logged in, but the cms doesn’t realize it and the authentication is not validated by RespositorySecurityProvider

My filterchain is looking like this.

 open fun configure(http: HttpSecurity): SecurityFilterChain {
        val authenticationProvider = OpenSaml4AuthenticationProvider()
        authenticationProvider.setResponseAuthenticationConverter(groupsConverter())
        val authenticationEntryPoint = RedirectAuthenticationEntrypoint()
        return http.csrf().disable()
                .exceptionHandling()
                .defaultAuthenticationEntryPointFor(authenticationEntryPoint,  AntPathRequestMatcher("/auth/**"))
                .and()
                .authorizeHttpRequests()
                .requestMatchers("/auth/**").authenticated()
                .and()
                .authorizeHttpRequests()
                .requestMatchers(
                        AntPathRequestMatcher("/saml2**"),
                        AntPathRequestMatcher("/login**"),
                        AntPathRequestMatcher("/**"),
                        AntPathRequestMatcher("*.ico"),
                        AntPathRequestMatcher("*.gif"),
                        AntPathRequestMatcher("*.jpg"),
                        AntPathRequestMatcher("*.jpeg"),
                        AntPathRequestMatcher("*.png"),
                        AntPathRequestMatcher("*.js"),
                        AntPathRequestMatcher("*.css")
                ).permitAll()
                .and()
                .addFilterAfter(LoginSuccessFilter(), AuthorizationFilter::class.java)
                .saml2Login { saml2 ->
                    saml2
                            .authenticationManager(CmsAuthenticationManager(authenticationProvider))
                }
                .saml2Logout(withDefaults())
                .build()

Any ideas, what is missing there ? Is the redirect entrypoint the way to do it?
many thanks in advance
Henriette