Several years later, we have the same problem, and have tracked it down to the fact that the SAML2_update1 script does "double encoding" of URLs.   It encodes URLs that have already been encoded (deep link URLs such as are sent in email, which already have URL encoding applied).   What happens is that the SAML2_update1 script encodes this already-encoded URL, then redirects to the login service provider, who (after authentication) in turn redirects you back to the relayState URL.   But now servicenow cannot parse this double-encoded URL, and dumps you on a home page by default because it can't figure out where you wanted to go.

I don't have a good solution.   Servicenow has been very much less than helpful on this.