Sadly OpenAM Snapshot 9 is shipped with a small Federation bug, which shows up in the following form:
When a user came from an SP, the login form is showed up, but when he tries to submit the form, the page is simply reloaded and the GET parameters are gone, so when he tries to login again, then the login works, but the browser is redirected to the default success URL and not the original SP-protected page. Also if you check your webcontainer log files, then you should see something like this:
[WARNING] Could not load ViewBean class "com.sun.identity.authentication.UI. RedirectViewBean" via Class.forName(); attempting to use current thread's context class loader
The problem is that the browser was redirected to /opensso/UI/Redirect instead of /opensso/UI/SSORedirect. This issue is known (OPENAM-3), and it is already resolved in OpenAM trunk, so if you need a patch for this, then here it is, apply it, and federation will work as good as in the old days.