Professional Documents
Culture Documents
SAML Assertion Trapping Guide
SAML Assertion Trapping Guide
1 INTRODUCTION 4
4 CHROME 8
| 02
VERSION DATE AMENDMENTS
0.2 07/11/2014 Format updates & addition of SAMLTracer for Firefox browser
0.7 07/10/2021 Updated instructions for Chrome – changed Add-in details as both are available for most
browsers
| 03
When initially configuring Single Sign-On (SSO) – and occasionally after implementation – clients experience
issues connecting to Darwin.
When trying to diagnose the issue, it is very helpful if the client can obtain and send a copy of the SAML Assertion
that is being passed to Darwin by the client’s federation system.
The following instructions outline a number of different methods by which this information can be obtained.
The simplest methods are to use one of two available add-in/extensions for Chrome, Firefox, Edge or Opera – this
will provide the quickest and easiest way of extracting the required information.
If extensions cannot be added to the browser, then a technique can be used in Chrome to manually extract the
assertion.
The final option (if Chrome is also not available) can be used with any browser, but requires precise timing by the
user.
| 04
This add-in is available for:
Chrome/Edge/Opera: https://chrome.google.com/webstore/detail/saml-message-
decoder/mpabchoaimgbdbbjjieoaeiibojelbhm/related?hl=en
Firefox: https://addons.mozilla.org/en-GB/firefox/addon/saml-message-decoder-extension/
Once this extension has been enabled, after you have completed a SAML connection attempt; click on the SAML
Message Decoder icon in the browser taskbar to display the SAML response;
The assertion can be selected and copied from this window and emailed to Darwin for analysis.
| 05
This add-in has extended functionality over the SAML Message Decoder
Chrome/Edge/Opera: https://chrome.google.com/webstore/detail/saml-
tracer/mpdajninpobndbfcldcmbpnnbhibjmch?hl=en
Firefox: https://addons.mozilla.org/en-GB/firefox/addon/saml-tracer/
After installation, you will need to activate the tracer from the Tools menu (press the ALT key if you cannot see the
menu bar). The tracer will open in a separate window.
In the SAMLTracer window, you will see a number of commands scrolling past.
When you reach the error message, review the list of commands in the tracer, looking for the one with a flag
against it.
| 06
Click on that line and then click on the SAML tab in the lower window.
Copy the text from that window and send it to your Darwin contact.
| 07
Use F12 to start the Developer Console
Select the Network tab in the console, and then tick the ‘Preserve log’ checkbox
| 08
Click on the SAML entry, then look in the ‘Headers’ tab in the right hand pane for the SAML Token
Copy the text of the token (right click it and select ‘Copy String Contents’) and send it to your Darwin contact.
| 09
This option is the hardest to complete successfully, as it requires precise timing:
Before the Darwin error page loads right click on the page. Select ‘View Source’.
If you can see ‘SAMLResponse’ in the captured text, you have succeeded in trapping the assertion.
| 10