SAML SSO redirect is removing URL content after the first # (hash) affecting catalog links if the user is not already logged in


When using SSO, users are redirected several times when login in.

This process does not consider/process the hash (#) as part in the URL.

Please note many CMS sites use references using #.

e.g. Calling <instance>/ess/ it will redirect to <instance>/ess/ 

missing the information after the hash (#)

Steps to Reproduce


You need to have Multi Provider SSO plugin installed and setup.

1. Chose an existing KB article or create new.
2. Add some content on the KB article and also add some local references using "#" at the top so that when you click on that link, it redirect you to that specific section of the page.
e.g. Create article KB0000011 and modified it as shown below:

<li>Be proactive &nbsp;<br /><br /></li>
<p style="font-size: 12pt;"><strong>Be proactive</strong></p>

<li><a href="#be_proactive" rel="nofollow">Be proactive</a> &nbsp;<br /><br /></li>
<p id="be_proactive" style="font-size: 12pt;"><strong>Be proactive</strong></p>

2.1. Now, when you view this KB article, "Be proactive" appear as a local hyperlink and redirect you locally on the page.
2.2  Right click on "Be proactive" and select "Copy Link Address" and it gives you below URL which includes a hash (#)

3. Now open an incognito browser window and access this URL via SSO.
4. Check the SAML logs even before you enter IdP login credentials and look for Relay State value:


The result is that the generate Relay State is: <instance>/ (missing the final URL)

We were expecting a Relay State of: <instance>/ess/


The workaround is to ask the users to click on the link once again after they logged into the system

Related Problem: PRB711459