You have configured SAML Authentication in AEM and after logging in IDP, you get a 403 response from AEM during the SAML POST to /saml_login or /content/saml_login (or other URL configured for the iDP to post back to).
The problem only happens when authenticating via the dispatcher enabled URL.
In the dispatcher.log, you find this text:
Filter rejects: POST
The dispatcher /filter section allows POST requests to */saml_login.
Add the following rule to the dispatcher farm configuration (.any files) /filter section: