When attempting to reach any page in an SP application other than the default landing page, the request context is lost in the trip to the IDP. For example, in an SP with 3 pages, index.jsp, dashboard.jsp, and detail.jsp, with the following configuration in web.xml:
an unauthenticated request for dashboard.jsp will forward correctly to the IDP, but the user will end up at index.jsp after authenticating.
Experimentation with non-PicketLink SP applications demonstrates that when the AssertionConsumerServiceURL attribute in the SAMLRequest document is valued to reflect the requested URL, PicketLink IDP correctly forwards to that page. However, the SAML2AuthenticationHandler class populates that attribute with the value of the SP ServiceURL as defined in picketlink.xml, without reference to the requestURL.