When accessing the SP initiated URL with the relay state without
encoding the relay state parameter, the browser gets the target like
below:
When the relay state is:
https://sp.ca.com/test?pageCd=test_page
Target is coming as:
https://sp.ca.com/test?pageCd
after truncation and in result getting 404 error.
Federation all versions;
SAML affiliate is submitting a request to SAML 2.0 assertion producer
that includes a Relay State parameter. When saml2sso is called, the
Relay State parameter is intact. When affiliate services generate POST
parameters to send to the assertion consumer, the Relay State
parameter is getting truncated.
SAML 2.0 specification mentions it should be URL-encoded (1), as the
Siteminder documentation too (2).
The following link might help in encoding the relay state URL (3).
(1)
Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0
If RelayState data is to accompany the SAML protocol message, it
MUST be URL-encoded and placed in an additional query string
parameter named RelayState.
(2)
RelayState
Indicates the URL of the target resource at the Service
Provider. By including this query parameter, it tells the IdP to
redirect the user the appropriate resource at the Service
Provider. This query parameter can be used in place of
specifying a target URL when configuring single sign-on. The
RelayState query parameter name is case-sensitive, and the value
must be URL-encoded.
(3)