Hi All,

Happy New Year!

I have an issue with an IDP initiated SSO url, where I'm using the
"TARGET" parameter to include a relaystate value in the saml token
asserted to the Service Provider.

The issue I'm having is the TARGET relaystate value contains multiple
ampersand characters, and the information after the first ampersand is
always dropped;

Service Provider URL = http://tinyurl.com/gocusup

So the relaystate value in the saml token always ends up as

The complete URL i'm using for the IDP initiated SSO is as follows;

VALUE>>%26TARGET%3Dhttps%3A%2F%2Fserviceprovider.c om/value/value%3FRootNodeID=-1%26NodeID=186%26UserMode=0

I've had various attempts at using just the path of the resource instead
of the full url (ie,
/value/value%3FRootNodeID=-1%26NodeID=186%26UserMode=0), encoding the
forward slashes (%2F) and equal signs (%3D) and other attempts to get
this working, but the TARGET relaystate value always stops after the
first ampersand

NAM version is 4.0.1-88 + HF1-93, HF2-107.

Is their something I'm missing?

gbatty1's Profile: https://forums.netiq.com/member.php?userid=2072
View this thread: https://forums.netiq.com/showthread.php?t=55088