Where should the RelayState parameter be configured, at the Identity Provider (IdP) or Service Provider (SP) side?

The RelayState doesn't indicate a SPID, but the target page to which the IdP will send the browser to.

Here is a sample on how the RelayState can be configured. The RelayState should be set on SP in an SP initiated flow (1).

From the last log, the SPID needs to be set to

  https://mysp.example.com/


  [08/14/2019][09:51:45][10604][9564][<Transaction ID>]
  [SAMLTunnelClient.java][getServiceProviderInfoByID][Tunnel result code: 1.]


  [08/14/2019][09:51:45][10604][9564][<Transaction ID>]
  [SAMLTunnelClient.java][getServiceProviderInfoByID][SAMLTunnelStatus: 5, Failed to obtain Service Provider data by provider ID. Provider ID: https://mysp.example.com/]


  [08/14/2019][09:51:45][10604][9564][<Transaction ID>]
  [SAML2Base.java][getServiceProviderInfo][SAML2.0 SP Configuration is not in cache. Requesting to get from policy server [CHECKPOINT = SSOSAML2_SPCONFFROMPS_REQ]]


  [08/14/2019][09:51:45][10604][9564][<Transaction ID>]
  [SSO.java][processRequest][Transaction with ID: <Transaction ID> failed. Reason: NO_PROVIDER_INFO_FOUND]

 this error can happen if the JVM's does not have JCE patches applied. It can also happen  if there's an accentuated character in the SPID (2)(3)(4).

(1)

    TECH TIP: How to send a RelayState parameter on a SAML federation from Access Gateway?
    
    
(2)

    How To Become a SAML Service Provider
    
    
(3)
    
    SiteMinder SimpleSAMLPHP integration : No SAML2 provider information found for SP
    
    
(4)
    
    Tech Tip : CA Single Sign-On : Web Agent Option Pack return 403 when Service Provider has accentuated character