We're running a Federation Partnership using SAML2 and HTTP POST, andwhen the application does the POST, the RelayState is lost when theuser is being redirected to the backend application.
Can you explain us why ? How can we solve this ?
Policy Server 12.52SP1CR00 on Windows 2008R2;
You aren't using a Session Store for the Partnership. As per thedocumentation, you do need to run one with the Policy Server
As the requests are IdP initiated, the Session Store should be enabledon the IdP to be able to handle the requests using HTTP-POST:
"Important! Before you configure the authentication request binding, enable the session store. For the IdP to handle an authentication request that is delivered using HTTP-POST binding, the IdP must store the request in the session store."
Enable the HTTP-POST Binding at the IdP
Implement a Session Store with the Policy Server to solve this issue;
KB : KB000094704
You can mentioned "As the requests are IdP initiated, the Session Store should be enabled" , I suppose you mean when the request are SP Initiated and SP sends the Authn Request through Post ? Or i am missing something here?
Indeed, HTTP POST binding will start at SP side. Then the session store should be enabled at IdP side to store the request.
Hope this bring precision