This is a quick post to remind myself … and anyone else that is interested in SAML 2.0 about a great method to troubleshoot issues with SAML assertions:
Setup:
- Download and install Live HTTP Headers (a Firefox add-on)
- Enable Live HTTP Headers from your browser (Tools>Live HTTPHeaders)
Capture:
- Attempt the SSO between IDP and SP
- In LiveHTTPHeaders look for string labeled “SAMLResponse” and capture (copy) the entire string. This is a base64 and URLEncoded string.
Once you have captured the string:
- Browse over to SAML 2.0 Debugger and paste the SAML Response string into the window.
- Click on Decode
This will show you what the assertion that is being passed from the IDP to the SP looks like. It’s very helpful to determine what attributes and values are being provided to the SP. In my case I had neglected to include a key attribute that identified the IDP to the SP.
Good luck and let me know if you have any questions.
Pingback: Tweets that mention Troubleshooting SAML 2.0 Exchange #SAML #IdM #Identity #Federation « Tumy Technology, Inc. -- Topsy.com
Thanks for the link to the tool. Another that I use a lot can be found at http://bit.ly/encodertool.