After copying some code from OpenSAML's HTTPPostEncoder implementation I see that we use HTMLEncoder.encodeForHTMLAttribute to encode the RelayState. This may be correct for the OpenSAML implementation since it supplies data to Velocity, but for us it is wrong. In fact, it is better not to encode the parameters at all.
After copying some code from OpenSAML's
HTTPPostEncoder
implementation I see that we useHTMLEncoder.encodeForHTMLAttribute
to encode the RelayState. This may be correct for the OpenSAML implementation since it supplies data to Velocity, but for us it is wrong. In fact, it is better not to encode the parameters at all.