When accessing the SP initiated URL with the relay state without
encoding the relay state parameter, the browser gets the target like
When the relay state is:
Target is coming as:
after truncation and in result getting 404 error.
SAML affiliate is submitting a request to SAML 2.0 assertion producer
that includes a Relay State parameter. When saml2sso is called, the
Relay State parameter is intact. When affiliate services generate POST
parameters to send to the assertion consumer, the Relay State
parameter is getting truncated.
Federation all versions;
SAML 2.0 specification mentions it should be URL-encoded (1), as the
Siteminder documentation too (2).
The following link might help in encoding the relay state URL (3).
Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0
If RelayState data is to accompany the SAML protocol message, it
MUST be URL-encoded and placed in an additional query string
parameter named RelayState.
Indicates the URL of the target resource at the Service
Provider. By including this query parameter, it tells the IdP to
redirect the user the appropriate resource at the Service
Provider. This query parameter can be used in place of
specifying a target URL when configuring single sign-on. The
RelayState query parameter name is case-sensitive, and the value
must be URL-encoded.