Is RelayState part of signature verification?

Document ID : KB000036604
Last Modified Date : 21/02/2018
Show Technical Document Details
Question:

Is RelayState part of signature verification?

Answer:

RelayState is indeed part of signature verification.

Signature Verification at the IDP will fail for the AuthnRequest if there is a change to the RelayState value.

For example,

     * Upper case and Lower case changes.

     * URL Encoding and decoding differences.

     * Change in the RelayState value itself.

 

Additional Information:
- http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf #Page 16. #3.4.3 RelayState