APM invalid credentials receive 'logged out' message

We have an access policy with LDAP Auth and Client Initiated Form SSO. When a user enters the wrong password they should see the "Access denied. This may be due to a failure to meet the requirements." message every time. Instead, they see this message sometimes, other times they get "Your session is finished. Logged out successfully." and other times (with IE or Edge) they get "we can't reach this page". The page it is going to is '/vdesk/hangup.php3'.

We see the same logs in /var/log/apm every time. There is nothing there to indicate why a failed login gets one of three responses.

F5 notice apd[7696]: 01490010:5: 496e3ee5: Username 'myUsername'
F5 err apd[7696]: 01490236:3: 496e3ee5: LDAP Module: Failed to bind with 'CN=Me,OU=MyOU'. Invalid credentials, 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1
F5 notice apd[7696]: 01490143:5: 496e3ee5: Logging Agent: Authentication failed with username 'myUsername'
F5 notice apd[7696]: 01490115:5: 496e3ee5: Following rule 'fallback' from item 'Logging Auth Failed' to terminalout 'Failure'
F5 notice apd[7696]: 01490005:5: 496e3ee5: Following rule 'Failure' from item 'User Authentication LDAP' to ending 'Deny'
F5 notice apd[7696]: 01490102:5: 496e3ee5: Access policy result: Logon_Deny

We have tried using AD Auth with the same results. It also doesn't matter if you set 'max logon attempts allowed' to 1 or 3.

How do I get F5 to show the correct message after an invalid credentials?