Our federated application request flow seems to be working successfully right up until the user is redirected to the Target URL after being authenticated via the received assertion. A RelayState value is included in the authnrequest (SAMLRequest), however, as the SP we are not allowing the RelayState to override the Target. The Target is configured as https, yet the user is redirected to http. The rest of the Target URL is correct; the protocol switch is the only problem.
Release : ALL
Component : SITEMINDER - FEDERATION
FWSTrace.log showed that Affwebservices was correctly redirecting to the Target using https. Customer was using IIS Application Request Routing to proxy the requests from IIS to Tomcat and the ARR rules were altering the protocol.
Reconfigure the ARR rules such that the protocol of the redirect is preserved.