After upgrading to Orlando, SSO logins are immediately redirected to the logout screen.

Orlando

In the Orlando release, there is additional code in the SAML scripts that verify the 'sso_source' field.
If that field happens to contain the sys_id of another Identity Provider record and not the one that had processed the SAMLResponse, the instance logs will have the following:

SEVERE *** ERROR *** *** Script: Ensure that the user you are trying to login is from the correct source, as mentioned in company's sso source field for user in servicenow instance.

To address this error message, you can either update the 'sso_source' value in the user/company record to the correct sys_id of Identity Provider record or remove the current value.