Trying to create a Federation Partnership between an external IdP Identity Provider and internal SiteMinder Service Provider SP.

It seems that the Federation Service is not able to read or understand the RelayState URL sent with the request.

From the logs, the Web Agent Option Pack gets the SAMLResponse, it decodes it and then throws the following error:

[AssertionConsumer.java][getRealmForTarget][targetURL:https%3A%2F%2Fserver.example.com%2Fpac usingRelayState: true] [FWSBase.java][validateTarget][Invalid TARGET resource Requested. Target=https%3A%2F%2Fserver.example.com%2Fpac.] [AssertionConsumer.java][getRealmForTarget][Invalid target URL: https%3A%2F%2Fserver.example.com%2Fpac] [AssertionConsumer.java][getRealmForTarget][Ending SAML2 AssertionConsumer Service request processing with HTTP error 400] 

[AssertionConsumer.java][getRealmForTarget][Transaction with ID: 1e8a707c-706bddb3-ad8d1738-f8658f95-f287cea3-c18 failed. Reason: ACS_INVALID_TARGET] 

The RelayState value was URL-encoded twice, causing Federation Services FWS to attempt to process the encoded value which it did not recognize as a valid URL.

The RelayState value should only be URL-encoded once.