By default, after configuring saml2 by exchanging metadata, saml2 will only work in one domain (URL) (the domain of the java stack when its metadata was exported).
Using a different domain will still result in the IDP returning the call to the originally configured domain, this results in cookies going missing and saml2 login failing. (relay state errors).
Netweaver Java 7.3/4/5
SAML2, relaystate, multiple URL, Domains, SSO , KBA , BC-JAS-SEC-SML , JAVA SAML 1.1 and 2.0 , How To
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.