Spring Security need use relaystate to resolve csrf when integrate saml2

Some documents suggest using relaystate to pass csrftoken to solve CSRF attacks. Some documents suggest using relaystate as the callback address of successful login. When I use spring loyalty, I didn't find the processing of relaystate。 when i integrate saml2 with my sp , need resolve csrf?

Comment From: sjohnr

Hi @javasingle. It's not clear to me what you're asking. If you have a question or need help with a particular technical challenge, you will want to ask over on stackoverflow. If you are reporting a bug or requesting an enhancement, please use the issue template provided by GitHub when you click the New issue button, and also provide a minimal, reproducible sample to help illustrate your finding or request.

Comment From: jzheaux

Spring Security's SAML 2.0 support does not yet verify the RelayState parameter in a SAML 2.0 authentication response. To achieve this, we need https://github.com/spring-projects/spring-security/issues/9185.