Capture sample auth request to IDP?

Brent Putman putmanb at georgetown.edu
Mon Sep 10 20:03:08 EDT 2012


On 9/10/12 7:34 PM, Bryan E. Wooten wrote:
>
>
> 1. Turn off SSL and use something like Wireshark to capture the actual packets between the SP, IDP and client browser. Also requires us to get our test SP back up.


This is way too complicated.  Note that the SAML protocol message is
present in the clear in your browser, even if it's an https secure
channel between browser -> SP and browser -> IdP.

So the easiest way to get the SAML message is to just capture it there. 
If you can use Firefox, there is a plugin that does just that:

https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/


If you want to do it "manually", just use something like LiveHeaders for
Firefox or other browser functionality that traces the HTTP calls, to
see the actual URL query parameters or HTML form parameters, and then
you can decode the SAMLRequest or SAMLResponse param using this very
helpful online tool:

https://rnd.feide.no/software/saml_2_0_debugger/



> 2. Turn up logging on Shib IDP to capture the outbound xml requests. (Is that even possible?)

(For the IdP, you actually mean inbound requests to get the AuthnRequest.)


You can also do this.  In the IdP just turn up the logging to DEBUG for
logger PROTOCOL_MESSAGE.  By default it should be present in your
logging.xml, just commented out.  See:

https://wiki.shibboleth.net/confluence/display/SHIB2/IdPLogging

the section "Useful Loggers".

HTH,
Brent








More information about the users mailing list