Can RelayState be Sent when SAML is IDP-Initiated?

book

Article ID: 198692

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

Please let me know where to configure the Relay State URL in IDP-Initiated SAML configuration.

Environment

Release : All

Component : SITEMINDER -FEDERATION

Resolution

RelayState can be sent as a query parameter in an IDP-Initiated SAML request.  IDP-Initiated is also referred to as unsolicited since the Service Provider did not initiate the request.

Sample IDP-initiated request with RelayState:
https://host.domain.com/affwebservices/public/saml2sso?SPID=spid_value&RelayState=https%3A%2F%2Fapp1.example.com%2Findex.html

Additional Information

When a RelayState value is included in the query string, the RelayState value must be URL-encoded.  This assures the value does not get lost or altered during potential redirects for authentication at the IDP.  Also, be aware that SAML query string parameters are case sensitive, so be sure to use the mixed-case that is used in this document: RelayState