ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Relay State was getting truncated in SAML POST


Article ID: 37590


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



When the customer accessed the SP initiated URL with the relay state without encoding the relay state parameter, he was getting target like below:

When the relay state is:

Target is coming as: after truncation and in result getting 404 error


Federation versions running from R12 till R12.52


SAML affiliate is submitting a request to SAML 2.0 assertion producer that includes a Relay State parameter. When saml2sso is called, the Relay State parameter is intact. When affiliate services generates POST parameters to send to the assertion consumer, the Relay State parameter is getting truncated.


SAML 2.0 specification says, "If RelayState data is to accompany the SAML protocol message, it MUST be URL-encoded and placed in an additional query string parameter named RelayState." Adding URL encoding to RelayState will solve this issue and the RelayState will not be truncated.

Please find the link which might help in encoding the relay state URL:


Specifies the target at the Service Provider. You can use the RelayState query parameter to indicate the target destination, but this method is optional. Instead, you can specify the target configured in the SAML 2.0 authentication scheme. The authentication scheme also has an option to override the target with the RelayState query parameter.

URL-encode the RelayState value.





Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus