Is RelayState part of signature verification?
Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus
RelayState is indeed part of signature verification.
Signature Verification at the IDP will fail for the AuthnRequest if there is a change to the RelayState value.
* Upper case and Lower case changes.
* URL Encoding and decoding differences.
* Change in the RelayState value itself.
- http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf #Page 16. #3.4.3 RelayState