How to Capture Your Outbound SAML PostJanuary 9, 2012
At first glance this guide may seem long, but once you’ve done it once or twice, this process is actually very quick and simple.
Getting Set Up
Download and install Firefox:
While using Firefox as your browser, download and install Firebug (an add-on for Firefox):
Click the beetle to enable Firebug.
Click on the Network tab. If it says it is not yet enabled, enable it. Click "All".
Click Persist, so that events in the log won’t be overwritten. Any time you already have a log showing below these buttons, click Clear to clear that out before you test.
Capturing the Form Post
You are now ready to test. Click the link in your app that will generate the SSO outbound form post.
Firebug will start to log everything. Look for the one that says POST, since the SSO is using a form post, and if you know the filename that it should be posting to then look for that (in my case my URL ends like this: sso/saml/activehealth).
Click the plus sign to expand that entry.
Click the Post tab to see the form post itself.
In the above screenshot, Firebug is showing that my HTML form contained a parameter named SAMLResponse, whose value was a lot of base 64 encoded information.
Base 64 encoded SAML is very long and contains no spaces or line breaks. Firebug wraps the text for you, but does not insert any line breaks. Below it, if you have a TARGET attribute in your form, you will see that too.
Decoding the Base 64 Text
Using the mouse, select and copy the entire block of base 64 text.
Create a TXT file with "base 64" in the name, and the date (for future reference) etc.
Open that file with Notepad and paste your base 64 into it. Do NOT paste that into a rich text editor such as Word or Outlook, because those types of programs will modify your text without you knowing, and then you won’t be able to decode it. Only use plain text editors like Notepad, Notepad2, or Notepad++.
Be sure there are no spaces or line breaks before or after your base 64 text, once pasted into Notepad.
Now use a free online base 64 decoder to decode your text back into SAML.
Paste it into the online tool and click Decode.
Copy the decoded output (this is your SAML).
Create a .XML file, with SAML and the date in the name (and anything else you want).
Open that with Notepad or Notepad++. (Do NOT open that with Visual Studio, because by default VS will mis-handle the line breaks and create some invalid XML that you’ll have to fix by hand.)
Viewing the SAML
Now you can open that XML file however you like. I like to use a browser. IE, Chrome, and Firefox all do a nice job of giving you line breaks, indentation, color coding, and expand/collapse links; I like the fonts and colors in IE the most myself.
When troubleshooting, it’s usually best to look at that source XML. But in some situations you may prefer a parsed node view such as what another free program named "XML Notepad" provides.
A note about debuggers:
If you have the option to use a debugger to capture your outbound SAML, Firebug is still a better option. First, Firebug will show exactly what went out over the wire to your SSO partner, which is important if you're troubleshooting something. But secondly, VS.Net debugger will introduce escaped quotes in the XML, line breaks in the base 64, and a couple other artifacts, all of which you will have to fix by hand, just to recreate what Firebug can already give you.