This is due to
NXMOB-554 and the fact of forcing the logout, see https://github.com/nuxeo/nuxeo-mobile/commit/69a7157da0e92518d7703ec7a77da72eb48c2538.
We've observed that the RelayState parameter was missing in such a case, whereas it is supposed to hold the requested URL oauth2/authorize/...
This is probably because it isn't set by the SAMLAuthenticationProvider.
This could be because:
- The START_PAGE_SAVE_KEY attribute is removed from the request, since logged out, in NuxeoAuthenticationFilter#getSavedRequestedURL.
- The requested URL is lost at some point since the authorization URL is not called directly but in fact through the requestedUrl parameter.
Also, wondering if it makes sens to try to get the REQUESTED_URL request attribute in SAMLAuthenticationProvider#getRequestedUrl whereas it seems to only be set as a parameter.