I'm working on implementing SAML Single Sign-On for a GitHub service provider using a custom-developed IdP. After successfully authenticating and redirecting back to GitHub with the SAML Response and the original RelayState, GitHub rejects the response with "Failed: RelayState is invalid" error.
I've confirmed that the RelayState we're sending back is unchanged from what we received.
The IdP utilizes the ITfoxtec.Identity.Saml2 package. I've successfully used this IdP for authentication with other SAML service providers. Additionally, I attempted a connection from GitHub to a mock IdP, which functioned correctly, and the response from the mock IdP regarding the RelayState appears identical.
Any recommendations for tools or strategies to debug this issue further?
Maybe the RelayState URL encoding is not correct. You can use Fiddler Classic to look at the raw HTTP(S) traffic.