An attempt to redirect login to Kaspersky in CCP v1 gives the error in Chrome browser:
Signed exchange response without "X-Content-Type-Options: nosniff" header is not supported.
SAML2Application does not support the 'nosniff' header. The issue is known under internal ID OA-5956.
Use a different browser until the issue is resolved.
In the long-term perspective, consider switching the SSO service to the new Identity Provider OA extension.