I ran into an issue where a user setup his app correct in AzureAD and in the Stadium Application Manager but when he logged in, " No matching state found in storage" was shown.
What happened here was that the user used his IP to navigate to his local SAM, i.e. https://127.0.0.1:8443/StadiumApplicationManager. The local certificate on SAM is attached to https://localhost:8443 and everything expects you to use this secured uri. From SAM, the user then used the ‘See it’ hyperlink or 
icon to navigate to the application. When clicked, the domain of the server, in this case 127.0.0.1:8443 was used to navigate to the application which then, as expected, was seen as unsecured. In turn, the application redirected to AzureAD for authentication. After logging in, AzureAD redirected to the secured localhost:8443 (as was defined in the AzureAD application) causing the No matching state found in storage problem.
Simply using the secured url for SAM and the application, i.e. https://localhost:8443/StadiumApplicationManager and https://localhost:8443/NewApplication , sorted the problem.