1. Is the response getting triggered properly on PS side?
2. Was the website configured with CA SSO webagent configuration wizard or manually? Can u share applicationHost.config & web.config?
3. How are you reading headers?
4. Do you have any custom modules other than CA SSO configured in IIS?
5. Does it work in classic pipeline mode?