When I set the TARGET=http://sso.acme.vm/index.html then it redirects to http://sso.acme.vm/index.html which is expected.
When I set the TARGET=http://dev-sso.acme.vm/index.html then it redirects to http://devsso.acme.vm/index.html. The dash '-' is missing in the FQDN.
When I set the TARGET=http://dev--sso.acme.vm/index.html (double dash) then it redirects to http://dev-sso.acme.vm/index.html (single dash).
If i follow this thread: How the SiteMinder Webagent encode & decode URLs it doesn't say anything about single dashes being removed.
This if for LEGACY encoding=false.
How should it be encoded properly?
It appears you are manually generating a TARGET url.
If you did access http://dev-sso.acme.vm/index.html where the server has a dash/hyphen in it, then the Agent that is protecting that server would have encoded it as below.
It is an expected behavior that your TARGET=http%3a%2f%2fdev-sso%2eacme%2evm%2findex%2ehtml (note: only 1 hyphen) would redirect to http://devsso.acme.vm/index.html (note: no hyphen in the servername) because the agent would have removed its encoding character.
It would be safer approach to see how the target agent would construct the TARGET when redirecting to the login page and determine what should be the value of the TARGET.
Yes definitely manually setting it. The plan is to use what the Agent generates eventually. Due to the use of X509 PWP module there is a double redirect thus making it more confusing what it sets.
I guess my point is I don't see it documented anywhere that the agent will remove single hyphen.
Given that hyphen is being used as delimiter character I think it was considered self explanatory that it would remove single hyphen. But, I agree it would be better to have that mentioned explicitly.