search cancel

Relay State was getting truncated in SAML POST in SPS and WAOP


Article ID: 37590


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Federation (SiteMinder)



When accessing the SP initiated URL with the relay state without
encoding the relay state parameter, the browser gets the target like

When the relay state is:

Target is coming as:

after truncation and in result getting 404 error.




Federation all versions;




SAML affiliate is submitting a request to SAML 2.0 assertion producer
that includes a Relay State parameter. When saml2sso is called, the
Relay State parameter is intact. When affiliate services generate POST
parameters to send to the assertion consumer, the Relay State
parameter is getting truncated.




SAML 2.0 specification mentions it should be URL-encoded (1), as the
Siteminder documentation too (2).

The following link might help in encoding the relay state URL (3).


Additional Information



    Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0

      If RelayState data is to accompany the SAML protocol message, it
      MUST be URL-encoded and placed in an additional query string
      parameter named RelayState.



      Indicates the URL of the target resource at the Service
      Provider. By including this query parameter, it tells the IdP to
      redirect the user the appropriate resource at the Service
      Provider. This query parameter can be used in place of
      specifying a target URL when configuring single sign-on. The
      RelayState query parameter name is case-sensitive, and the value
      must be URL-encoded.


    URL Decoder/Encoder