RelayState isn't URL-encoded

[simongray]

When clicking a search result in a logged out state, the query params of the RelayState aren't URL-encoded so the following occurs:

https://glossematics.dk/saml/consent?RelayState=https://glossematics.dk/app/search?correspondent=#np33,#np40

Since the #np33,#np40 isn't encoded, the relay URL becomes: https://glossematics.dk/app/search?correspondent= which bugs out.

[simongray]

So I seem to have discovered the real reason why this doesn't work. The KU Identity Provider (id.ku.dk) does a man-in-the-middle decoding of the RelayState before passing it on to WAYF, turning

RelayState: https://glossematics.dk/app/search?limit=10&offset=0&correspondent=%23np56%2C%23np145

into

RelayState: https://glossematics.dk/app/search?limit=10&offset=0&correspondent=#np56,#np145

super annoying.

I think I better encode in a different way that isn't susceptible to sudden "accidental" encoding/decoding issues.

[simongray]

In the end I went with a "URI-encoding-friendly" version of base64 encoding instead. This solution encodes the URI in a way such that any amount of subsequent URI-encodings/decodings will make no difference.