WsFederation incorrectly redirecting sign-in to /

Question

I'm trying to use WsFederation on a "SSO Site" to authorize across a family of apps on the same domain. In my test configuration, I have the following setup:

SSO Site

example.com/SSOSite

Wtrealm is https://example.com/SSOSite

Wreply is https://example.com/SSOSite/signin-wsfed

Sample App

example.com/SampleApp

Wtrealm is https://example.com/SSOSite

Wreply is https://example.com/SSOSite/signin-wsfed?appName=SampleApp

Expected Result

1. An unauthenticated user navigates to example.com/SampleApp
2. The user is redirected into the Microsoft SSO login flow for example.com/SSOSite
3. Login process completes, sends user to example.com/SSOSite/signin-wsfed?appName=SampleApp
4. SSO Site application handles redirect back to Sample App site

Actual Result

In step 3 above, /signin-wsfed responds with a 302 pointing at / - that is, the root of example.com.

If I go directly to example.com/SSOSite, it completes the login as expected and /signin-wsfed passes control along to my own login controller method. It's only when the request begins at /SampleApp that signin-wsfed responds with the 302 to /

My Question

Why does this 302 to / happen? Is there a way to accomplish what I'm aiming for - using one realm to handle all logins and then send the user back to their desired application when the login completes?