Depends what version you are using. In version 3.1.1 I think it's supported. I know it will be supported in version 3.1.2
As a workaround, you can send a JSON object as the state param. For example:
```
state={"salt":"abc123", "param1":"spam", "param2":"eggs"}
```
It's important to have a random salt value, so the state param is not static or guessable.
You can pick up the state param in a custom authentication script, like the [Passport authn script](https://github.com/GluuFederation/oxAuth/blob/master/Server/integrations/passport/PassportExternalAuthenticator.py)
```
identity = CdiUtil.bean(Identity)
sessionId = identity.getSessionId()
sessionAttribute = sessionId.getSessionAttributes()
print "session %s" % sessionAttribute
oldState = sessionAttribute.get("state")
```