diff --git a/login/apps/login/src/lib/saml.ts b/login/apps/login/src/lib/saml.ts
index 3bbc1cdca1..c89eefd2ae 100644
--- a/login/apps/login/src/lib/saml.ts
+++ b/login/apps/login/src/lib/saml.ts
@@ -44,6 +44,8 @@ export async function setSAMLFormCookie(value: string): Promise<string> {
       name: uid,
       value: value,
       httpOnly: true,
+      secure: process.env.NODE_ENV === "production", // Required for HTTPS in production
+      sameSite: "lax", // Allows cookies with top-level navigation (needed for SAML redirects)
       path: "/",
       maxAge: 5 * 60, // 5 minutes
     });
diff --git a/login/apps/login/src/lib/zitadel.ts b/login/apps/login/src/lib/zitadel.ts
index 59b3c2801e..bad773092c 100644
--- a/login/apps/login/src/lib/zitadel.ts
+++ b/login/apps/login/src/lib/zitadel.ts
@@ -1016,44 +1016,10 @@ export async function startIdentityProviderFlow({
 
           return `${redirectUrl}?${params.toString()}`;
         } catch (stringifyError) {
-          console.error("Failed to stringify formData.fields:", {
-            error: stringifyError,
-            formDataFields: formData.fields,
-            formDataUrl: formData.url,
-            fieldsType: typeof formData.fields,
-            fieldsConstructor: formData.fields?.constructor?.name,
-          });
-
-          // Try to create a safe serialization by converting to plain object
-          try {
-            const safeFields: Record<string, string> = {};
-            const fieldsObj = formData.fields || {};
-
-            // Convert each field to a string if it's not already
-            for (const [key, value] of Object.entries(fieldsObj)) {
-              safeFields[key] =
-                typeof value === "string" ? value : String(value);
-            }
-
-            console.log(
-              "Using safe serialization for formData.fields:",
-              safeFields,
-            );
-
-            const safeStringified = JSON.stringify(safeFields);
-            const dataId = await setSAMLFormCookie(safeStringified);
-            const params = new URLSearchParams({
-              url: formData.url,
-              id: dataId,
-            });
-
-            return `${redirectUrl}?${params.toString()}`;
-          } catch (fallbackError) {
-            console.error("Safe serialization also failed:", fallbackError);
-            throw new Error(
-              `Failed to serialize SAML form data: ${stringifyError instanceof Error ? stringifyError.message : String(stringifyError)}`,
-            );
-          }
+          console.error("JSON serialization failed:", stringifyError);
+          throw new Error(
+            `Failed to serialize SAML form data: ${stringifyError instanceof Error ? stringifyError.message : String(stringifyError)}`,
+          );
         }
       } else {
         return null;