diff --git a/docbook/reference/en/en-US/modules/saml.xml b/docbook/reference/en/en-US/modules/saml.xml
index 0ac20a6f0e..4f4ffb7b73 100755
--- a/docbook/reference/en/en-US/modules/saml.xml
+++ b/docbook/reference/en/en-US/modules/saml.xml
@@ -194,7 +194,8 @@
with no whitespace in it. After this you can reference your client at the following URL: root/auth/realms/{realm}/protocol/saml/clients/{url-name}
- If your client requires a special relay state, you can also configure this in the admin console.
+ If your client requires a special relay state, you can also configure this in the admin console. Alternatively, you can specify the relay state in a
+ RelayState query parameter, i.e. : root/auth/realms/{realm}/protocol/saml/clients/{url-name}?RelayState=thestate
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
index d418f0edfb..da2fc9e5dd 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
@@ -561,7 +561,8 @@ public class SamlService {
@GET
@Path("clients/{client}")
@Produces(MediaType.TEXT_HTML)
- public Response idpInitiatedSSO(@PathParam("client") String clientUrlName) {
+ public Response idpInitiatedSSO(@PathParam("client") String clientUrlName,
+ @QueryParam("RelayState") String relayState) {
event.event(EventType.LOGIN);
ClientModel client = null;
for (ClientModel c : realm.getClients()) {
@@ -609,7 +610,9 @@ public class SamlService {
clientSession.setNote(SamlProtocol.SAML_IDP_INITIATED_LOGIN, "true");
clientSession.setRedirectUri(redirect);
- String relayState = client.getAttribute(SamlProtocol.SAML_IDP_INITIATED_SSO_RELAY_STATE);
+ if (relayState == null) {
+ relayState = client.getAttribute(SamlProtocol.SAML_IDP_INITIATED_SSO_RELAY_STATE);
+ }
if (relayState != null && !relayState.trim().equals("")) {
clientSession.setNote(GeneralConstants.RELAY_STATE, relayState);
}