If you have multiple end points i.e more than one ABAP application server in your environment, you will come across below error when you configure ICF services for SAML authentication.
No RelayState mapping found for RelayState value
We resolved this issue by using a F5 load balancer
High level steps
1. Create a SSL server standard PSE in strustsso2.
2. Use a system wide DN instead of using instance-specific DN because we don’t want to hit these application servers directly but want to reach them via load balancer
3. Create a certificate request.in AS Abap and get it signed by any trusted CA.
4. Import the certificate response in AS Abap.
5. Import the key file (private key) and certificate in load balancer.
6. Test the SSL connection with load balancer
7. Setup SAML in AS Abap,
8. Make sure Metadata.xml to be imported in ADFS is generated using load balancer URL. This will enable single end point for all the requests.