Hi Ujwol/Jim,
I found something regrading relay state that it sends IDP (CA SSO) when it is accessed from outlook plugin.
&RelayState=/setup/secur/RemoteAccessAuthorizationPage.apexp?display=popup&source=CAAAAVhvCW-3ME8wUjAwMDAwMDAwMDA1AAAAzAkx-nWbjP29NGglbb0uQr3ZZg2kU6Bcf8rmhsY9rOG1ZlwE0PqF0eKEA004bMcfHk3BSJ8pWNj1I54UrnB2ZTpObNNT_WwLSwjWjW8isRxk6i5eTzBzDoSgWJLR3owHz6s8V2nj8Qn8tVQ3ajFyhU8ifKvGCVz0hGMYOPUeiljrfwFerf91QpOW7_0QvvjywWFNNr55RefKKnUnnVTB1CsnFQMAVuJQ9-JTQqUbtIfUGAR-nYwOVrqxSqW30ttK94EBpEcGowtGs2io7RMs60U1B7-ynfKY827DMhcPGfaYNLv5i0k-U9l6vLoHJ57azzXbcHeWf-lqXcG_1esHZEcGJVfvf1TjVIWMufrwpi0cqEgSo5fiLhtefuPaX-eJUMVl-JeZ8Bqvd6DX5QNKwQrxpPW4kjv5U0AWN6df4xpV2j5LLwXv9GFg87_vpBpid1A5a5u95-DIMtjrMUJSNvqRUn8AXiswSoWZtWJzNiu-S4PC2MuVASCsKQIiTOF-MbLvNvxQyqRU6VVIDd6Po%3D
when it pass above relay state string to IDP then it gives 404 error.
Where as when I trim the RelayState to &RelayState=/setup/secur/RemoteAccessAuthorizationPage.apexp and sends to IDP then it redirects IDP login for authentication and after successful authentication it redirects to relay state URL.
Do we have any limitation on relay state URL length when SP uses HTTP redirect binding when sending request to IDP?
FYI.
I found this article from below technical note and it mentions on page 16.
http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec1247034.html
3.4.3
RelayState
RelayState data MAY be included with a SAML protocol message transmitted with this binding. The value
MUST NOT exceed 80 bytes in length and SHOULD be integrity protected by the entity creating the
message independent of any other protections that may or may not exist during message transmission.
Signing is not realistic given the space limitation, but because the value is exposed to third-party
tampering, the entity SHOULD ensure that the value has not been tampered with by using a checksum, a
pseudo-random value, or similar means.
Thanks,
Sumanth