VERSION CONTROL 3

1 INTRODUCTION 4

2 SAML MESSAGE DECODER (ADD-IN) 5

3 SAML TRACER (ADD-IN) 6

4 CHROME 8

5 INSTRUCTIONS FOR ALL BROWSERS 10

| 02
VERSION DATE AMENDMENTS

0.1 30/06/2014 Document Creation

0.2 07/11/2014 Format updates & addition of SAMLTracer for Firefox browser

0.3 12/07/2016 Add SAML Chrome Extension information

0.4 08/05/2018 Re-ordered document to reflect best order of solutions

0.5 16/12/2020 Full review and update

0.6 04/02/2021 Formatting changes

0.7 07/10/2021 Updated instructions for Chrome – changed Add-in details as both are available for most
browsers

| 03
When initially configuring Single Sign-On (SSO) – and occasionally after implementation – clients experience
issues connecting to Darwin.

When trying to diagnose the issue, it is very helpful if the client can obtain and send a copy of the SAML Assertion
that is being passed to Darwin by the client’s federation system.

The following instructions outline a number of different methods by which this information can be obtained.

The simplest methods are to use one of two available add-in/extensions for Chrome, Firefox, Edge or Opera – this
will provide the quickest and easiest way of extracting the required information.

If extensions cannot be added to the browser, then a technique can be used in Chrome to manually extract the
assertion.

The final option (if Chrome is also not available) can be used with any browser, but requires precise timing by the
user.

| 04
This add-in is available for:

Chrome/Edge/Opera: https://chrome.google.com/webstore/detail/saml-message-
decoder/mpabchoaimgbdbbjjieoaeiibojelbhm/related?hl=en

Firefox: https://addons.mozilla.org/en-GB/firefox/addon/saml-message-decoder-extension/

Once this extension has been enabled, after you have completed a SAML connection attempt; click on the SAML
Message Decoder icon in the browser taskbar to display the SAML response;

The assertion can be selected and copied from this window and emailed to Darwin for analysis.

| 05
This add-in has extended functionality over the SAML Message Decoder

Chrome/Edge/Opera: https://chrome.google.com/webstore/detail/saml-
tracer/mpdajninpobndbfcldcmbpnnbhibjmch?hl=en

Firefox: https://addons.mozilla.org/en-GB/firefox/addon/saml-tracer/

After installation, you will need to activate the tracer from the Tools menu (press the ALT key if you cannot see the
menu bar). The tracer will open in a separate window.

Attempt to connect to Darwin using SSO.

In the SAMLTracer window, you will see a number of commands scrolling past.

When you reach the error message, review the list of commands in the tracer, looking for the one with a flag
against it.

| 06
Click on that line and then click on the SAML tab in the lower window.

Copy the text from that window and send it to your Darwin contact.

| 07
Use F12 to start the Developer Console

Select the Network tab in the console, and then tick the ‘Preserve log’ checkbox

Attempt the SSO conection

Review the console for the SAML posts

| 08
Click on the SAML entry, then look in the ‘Headers’ tab in the right hand pane for the SAML Token

Copy the text of the token (right click it and select ‘Copy String Contents’) and send it to your Darwin contact.

| 09
This option is the hardest to complete successfully, as it requires precise timing:

Before the Darwin error page loads right click on the page. Select ‘View Source’.

The text should look something like:

If you can see ‘SAMLResponse’ in the captured text, you have succeeded in trapping the assertion.

Copy the text and send it to your Darwin contact.

| 10