You can use online decoder provided by ssocircle: https://idp.ssocircle.com/sso/toolbox/samlDecode.jsp
If sent as URL parameter the request/response must be decoded with the redirect option.
The actual algorithm for obtaing the encoded string is as follows:
- Gzip deflate the request/response if sent as query parameter (no change for POST parameters)
- Convert to Base64
- URL encode the result
I have made a site, where you can decode SAML and WS Federation messages: https://www.rcfed.com/ You can also extract certificate(s) from metadata file.
ReplyDelete