When using IDPWebBrowserSSOValve, RelayState is not passed when performing unsolicited authn (ie. idp initiated auth). If you use the IDPFilter, passing a RelayState parameter in the unsolicited response url will result in it being passed through to the SP after authentication.

For Example: https://idp.dev0.redhat.com/idp/?SAML_VERSION=2.0&TARGET=https://foobar.test.redhat.com/Saml/Logon&SAML_BINDING=POST&RelayState=clmscart.prmain%3Fin_sessionid%3D%3CXLR8_SESSIONID%3E

The above should result in a response that contains the following paramters:

• SAMLResponse [contains the SAML assertion]
• RelayState [pass through of the value in the unsolicited auth url]

This only appears to happen when using the IDPFilter, and the RelayState parameter is ignored when using the valve.