The Okta Release 2017.27, released to production on Jul 13, introduced a failure in a SAML ForceAuthn flow. If a RelayState is used in the SAML flow, the RelayState is dropped when the SAML assertion is sent after the re-authentication. This will cause a failure in the flow (i.e. "400 Bad Request).
If experiencing this issue, please contact Okta Support to reconfigure your Okta Tenant to prevent this from happening while a code fix is being put in place.