Decoding SAML Messages

SimpleSAMLPHP logoPeter Major mentioned the SAML 2.0 Debugger to me a while ago. It’s a helpful tool when trying to understand what’s happening when you are playing with a Fedlet, for example.

If you notice SAML messages, for example in a POST URL, and want to decode something like SAMLRequest=nVRNj9owEL3vr4h8h4QAgVqAREFVkbbdLKE99DZxJl1Lju3azkL%2Ffe1sFlHtilacLD1PZt7HOAsLjdB03bonucdfLVoXRadGSEu7myVpjaQKLLdUQoOWOkaL9Zd7mg4Tqo1yiilB7nbbJbHpqK7LEifZeArpZIrJvJ7OsBwBZvNsBmU5%2FpDMYDxhJPqOxnIll8S3IdHO2hZ30jqQzkPJKB0k2SCZHEYZTUY0zX6QaOupcQmu%2B%2BrJOU3jWGn0pIZ4gkYLHDLV0HkyT3o8LoqHPVbcIHNxgw7WgoONeaVJ9EkZhp3qJalBWAwkcrCWP%2BMZyXt5H7msuPx53YvypcjSz4dDPsgfigOJ1taiCYw3Stq2QVOgeeYMv%2B3vzxqOx%2BNbATVWAl1%2FgNaCs045Wd0tQi60c8xcJHWdHLwSIat%2Fj13EFyP6gZp%2B9U1321x5Kr9vWZFgeQPuenVAeDWou1LqDEjLUToSFXmY%2F9iC4DVH8z%2FuefuFUMeNQXA%2BU2daJKsXbX%2BrOUvsHwBW3WL4zBye3C1SN6rRYLgNq%2BrZMecHd55eNt4In8oe61tCvFrGKAutPRwW%2BqhMFRbZPwKsDsFRrcxrxu%2FxOXv0rh3erPjtP2P1Bw%3D%3D, copy the value and paste it into the SAML 2.0 Debugger, then click Decode SAML message:

<samlp:AuthnRequest  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="s21ffbbe4635a245e08f57eb1ae6867abb3907a34c" Version="2.0" IssueInstant="2012-06-04T16:01:26Z" Destination="http://openam.example.com:8080/openam/SSORedirect/metaAlias/idp" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://www.example.com:8080/fedlet/fedletapplication">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://www.example.com:8080/fedlet</saml:Issuer>
<samlp:NameIDPolicy  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" SPNameQualifier="http://www.example.com:8080/fedlet" AllowCreate="true"></samlp:NameIDPolicy>
<samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact"><saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

Still a bit complex, but a lot easier to read than the version above. 🙂

Advertisements

1 Comment

Filed under Access Management, Tools

One response to “Decoding SAML Messages

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s