Hi, Huy.
It appears you are manually generating a TARGET url.
If you did access http://dev-sso.acme.vm/index.html where the server has a dash/hyphen in it, then the Agent that is protecting that server would have encoded it as below.
TARGET=-SM-http%3a%2f%2fdev--sso%2eacme%2evm%2findex%2ehtml
It is an expected behavior that your TARGET=http%3a%2f%2fdev-sso%2eacme%2evm%2findex%2ehtml (note: only 1 hyphen) would redirect to http://devsso.acme.vm/index.html (note: no hyphen in the servername) because the agent would have removed its encoding character.
It would be safer approach to see how the target agent would construct the TARGET when redirecting to the login page and determine what should be the value of the TARGET.
Regards,
Kim