SAML SSO - 如何配置动态 ACS URL（SalesForce 是 IdP）

Question

I am the Service Provider. Also, a shout-out to this open source C# component (AspNetSaml), they made life a bit easier: https://github.com/jitbit/AspNetSaml

Anyhow, when I send a request to the IdP (in this case SalesForce), I am providing an ACS URL and I can see that it is set here in my xml:

xw.WriteAttributeString("ProtocolBinding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
xw.WriteAttributeString("AssertionConsumerServiceURL", _assertionConsumerServiceUrl);

(_assertionConsumerServiceUrl is what I really want it to redirect to, and I can see that it's set)

But what happens with Salesforce is that it always uses the ACS URL I was required to set when creating the Connected App:

I have my real ACS URL value blanked out, but that value is what it is always re-directed to.

There has to be a way. Imagine if instead of setting http://www.foo.com/ , you wanted to instead redirect to: http://www.foo.com/?Some=1&Value=2&You=3&Want=4&ToAdd=5 ... and those values could be different depending on the user.

This has to be possible! Thanks!

Answer 1

I waited over a week, so as to not look like I'm answering my own questions just to build rep points.

Anyhow, as I discovered and confirmed here: https://salesforce.stackexchange.com/questions/210419/saml-sso-how-to-configure-a-dynamic-acs-url-salesforce-is-idp/210496

The RelayState is meant to direct the user after a successful login to a specific location in the application they're logging in to.