saml2, react, spring boot 3.2.3 bundled jar and redirects

Question

I have a spring boot 3.2.3 all-in-one application with React as the front end. I want to allow local login in addition to SSO/saml2, both resulting in a JWT used throughout React. I have the spring filters only protecting a subset of my endpoints:

        http.csrf(AbstractHttpConfigurer::disable).cors(c -> c.disable())
            .securityMatcher("/auth/saml2/myjwt", "/saml2/**", "/login/saml2/**")
            .authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated())
            .saml2Login(Customizer.withDefaults()).saml2Logout(Customizer.withDefaults())
            .addFilterBefore(filter, Saml2WebSsoAuthenticationFilter.class);

All works well when already saml2 authenticated, "/auth/saml2/myjwt" returns my fresh JWT. When not authenticated I get a redirect that I can't capture with Axios, and after SSO/saml2 auth, the IDP sends me back to "/auth/saml2/myjwt"(what sent me to the IDP) vs. my desired page.

Any idea how to tell the IDP upon SP login where to return to after login? I see RelayState, but that is for IDP initiated login.

    @CrossOrigin
    @GetMapping("/saml2/myjwt")
    public ResponseEntity<JwtResponse> saml2loginGet(
        @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal, Model model) {
.....