The fragments functions differently than the rest of the URL: namely, its processing is exclusively client-side with no participation from the web. When an agent (such as a Web browser) requests a web resource from a Web server, the agent sends the URL to the server, but does not send the fragment. Instead, the agent waits for the server to send the resource, and then the agent processes the resource according to the document type and fragment value.
However, in case of SSO there are multiple redirection happening at SP, Ping and IdP, so the fragments by their nature are not sent in the initial requests and thus after the authentication when the URL comes back to SP like Windchill, it only have the URL before the fragment, which usually redirects to the Windchill Home Page.
By adding %23 the URL converts from fragment to an absolute encoded URL and is sent as is in the initial request and thus finally it redirects to the page where we started with.
For time being as there are below options:
May be its possible through URL Rewrite, but this will need extensive testing.