relay_state should not be included in signing calculation when it is null

[fr2lancer]

Describe the bug

Relay Status is optional value so if it is not provided or empty value, it doesn't need to be in signing calculation

To Reproduce

# in org.springframework.security.saml2.provider.service.web.authentication.OpenSamlAuthenticationRequestResolver#resolve(HttpServletRequest(HttpServletRequest, BiConsumber)
....

Map<String, String> parameters = OpenSamlSigningUtils.sign(registration)
    .param(Saml2ParameterNames.SAML_REQUEST, deflatedAndEncoded)
    .param(Saml2ParameterNames.RELAY_STATE, relayState).parameters();

builder.sigAlg(parameters.get(Saml2ParameterNames.SIG_ALG))
    .signature(parameters.get(Saml2ParameterNames.SIGNATURE));

Expected behavior

# L177 in org.springframework.security.saml2.provider.service.web.authentication.OpenSamlAuthenticationRequestResolver
...

.param(Saml2ParameterNames.RELAY_STATE, relayState).parameters(); 

should be included optionally when it is not empty or null.

[marcusdacoregio]

Hi, @fr2lancer, thanks for the report. Is the empty relay state property causing you problems with the signature?

[fr2lancer]

Hi. Thanks for the reply.

Yes it has caused auth request signing mismatch error with Azure.

[marcusdacoregio]

Is there any reason why you do not want to add the relay state parameter? I'm just trying to understand your use case.

[fr2lancer]

Hi.
just existing code didn't send relaystate when you log in, while it sent it when registration..