Relaystate Param is returned as NULL from IDP
|Knowledge Article Number||000213508|
|Description||The user makes a request to Force.com for a specific resource: This request may happen in a variety of ways for a variety of reasons. For example, the user may be following a bookmark, clicking on a link from an email, of allowing their browser to auto-complete.
Force.com detects the user needs to authenticate and redirects the user to their SAML Identity Provider: Since the user doesn't present a session cookie, they need to authenticate. An organization-specific hostname allows the user's Org to be discovered, and they are sent over the SAML protocol. Along with a SAML Request, a form parameter called RelayState is passed along to the IDP. This captures the location of the resource the user originally requested.
If you are using SAML 2.0, RelayState parameter controls where users get redirected after a successful login.
Issue: If the RelayState returned from IDP is NULL in SAML response, user is landed in the Home page by default.
|Resolution||Verify SAML request & response to check if there RelayState param is not NULL. You can use Fiddler logs or SAML tracer(Firefox Plugin) to check this.
Example Request sent to IDP:
Example Response returned from IDP:
In the above example, "/00O/ is the object key prefix to reports. After successful sign on, user is automatically redirected to Reports tab in salesforce.
Note: Salesforce does a POST request, so check your IDP url that is provided by your IDP is not doing a GET request. Else, Relaystate param will be returned as NULL.
Developer Doc: Implementing Single Sign-On Across Multiple Organizations