After copying some code from OpenSAML's HTTPPostEncoder implementation I see that we use HTMLEncoder.encodeForHTMLAttribute to encode the RelayState. This may be correct for the OpenSAML implementation since it supplies data to Velocity, but for us it is wrong. In fact, it is better not to encode the parameters at all.
After copying some code from OpenSAML's
HTTPPostEncoderimplementation I see that we useHTMLEncoder.encodeForHTMLAttributeto encode the RelayState. This may be correct for the OpenSAML implementation since it supplies data to Velocity, but for us it is wrong. In fact, it is better not to encode the parameters at all.