Thanks, I've added "Allow Empty" referrer according to the link you kindly provided. This cleared the 403 error.
However now - accessing login.html enters into a loop of constantly redirecting to sso/saml IDP login page.
There is nothing in SAML logs:
08.03.2023 15:40:22.581 *INFO* [CM Event Dispat...