When initiating login Keycloak sends a relaystate parameter in request. However after successful login PingFederate does not return this relaystate.
Weird thing is if I add a TARGET parameter to the PingFederate request URL, it will return the value of this parameter as RelayState. What am I missing?
https:/<pingfed>/idp/startSSO.ping?PartnerSpId=keycloak&TARGET=someURL
Because you are triggering IdP-init SSO via the /idp/startSSO.ping endpoint, there is no RelayState parameter that's understood there. For the documented parameters available, see: https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93&topicId=edg1564003024358.html
RelayState is a SAML protocol parameter that would be more naturally handled via SP initiated SSO, by sending a SAML AuthnRequest to /idp/SSO.saml2.
More info on the protocol endpoints can be found here: https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93&topicId=jsa1564002999406.html