I am implementing IDP(external IDP) initiated SSO with Keycloak as SP provider. Currently I am able to successfully configure the IDP initiated SSO from external IDP, but I see issue with RelayState url
Here is the flow
- User logs into IDP
- Click on app which is set for IDP initiated SSO
- IDP sends SAML assertion along with post param RelayState
(eg: RelayState → https://server.com/test?userId=123&service=hsia)
- Keycloak verifies the assertion and logs the user and redirects to https://server.com/test
Seems like Keycloak is not using RelayState sent from external IDP. Anyone faced this issue before?