Extends the Developer Tools, adding support for SAML Requests and Responses to be displayed in the Developer Tools window
This is an Open Source SAML debugger for Chrome. It operates as another panel in the Chrome Developer Tools section, which monitors the traffic in the current active tab. This panel is trying to replicate what the Firefox version of SAML Tracer does as there wasn't a good enough one (or any) for Chrome at the time of writing this. GitHub Repo: https://github.com/milton-lai/saml-chrome-panel Feel free to branch and help make this even better! It is designed to display all network traffic, along with the request and response data. If there is a SAML request or response, then it will grab the message, format it nicely and show it to you in another tab. Updates: - Set links to open in the same browser -- There is a new feature to "Scrub" the links in the current page. Basically, it will update all anchor tags and set their target attribute to equal '_self'. This should address the issue of having SAML transactions opening up in new tabs and such. This is the best implementation I could think of as I'm unable to listen to all traffic on all tabs. - Import and export the network traffic. -- It imports and exports the traffic on the browser in a JSON format. - Toggle showing SAML traffic. Please note that at the moment, I've only looked at OpenAM Redirect and POST SAML transactions (as that is what I've got access to). If there are others which are working, please let me know. If there are SSO frameworks that are not working, then also please let me know and I'll try to get it working (e.g. SOAP). Thanks to @jasonwzs (https://github.com/jasonwzs) for the previous update. Update (2017-11-19): -- Added toggle limit of 500 network requests, to keep memory footprint smaller. -- Added Search option for the SAML tab.
- (2019-08-11) Adrian Pavelescu: Works quite well. I had to write a multi-tenant SAML integration layer and this little guy was incredibly useful, and it continues to be useful with pretty much every new customer that wants SSO... there's always some kind of hiccup and this helps with discovery.
- (2019-05-15) Dominic Kirby: Super easy to use, does a good job!
- (2019-04-12) Madhur Arora: There are two Tabs along with SAML i.e. Request and Response, what exactly does these tabs show.
- (2019-03-12) Leebo M: Crashes very easily.
- (2018-12-13) Sascha Gottfried: Very helpful for debugging SAML requests and responses. Installed, just worked. Thanks.
- (2018-04-19) Jordan Durzi: Works well, prefer that it integrates into developer tools. Makes things easier and doesn't look like an eye sore.
- (2017-12-08) Blessed Tabvirwa: Awesomeness!!!!!!!!!!
- (2017-11-22) Jeff Olson: This is a great and very helpful extension. One thing I would like to know - is it possible to change the font size?
- (2017-10-13) Very helpfull to analyze SAML issues!
- (2017-02-02) Andrew Wilmut: Excellent tool. Good layout and does what it says.
- (2016-12-06) Kevin Ashton: Great interface. Works well and without issue. Best SAML extension I've found.
- (2016-10-05) Gerardo Lopez: Can't figure out how to use it. I tried logging into a site with SAML and it doesn't popup. I tried selecting "SAML Chrome Panel" from the menu bar, and it just redirects me back to the Chrome App Store. The only other option besides hide is to remove from Chrome -- thank goodness that feature works.
- (2016-04-12) Jonathas Morais: Helps a lot not having to use other apps to inspect network traffic, filtering or having to get the base64 content, decode, etc just to get the SAML content. Great work!
- (2015-12-22) Martin van Es: Now that is has import/export it's very useful (for SSO support). I was looking for a SAML message filter and found the "Toggle traffic" button did the trick. Nice, but not the right term. "SAML Filter" would be more appropriate I think?
- (2015-11-18) Jose Reyes: would be nice if developer tools or even this plug in worked for all active tabs. some items we need to trace open in new tabs. the firefox plug in traces all tabs that have traffic.
- (2015-09-01) Peter Burton: Very effective long over due tool. Would be nice to see some colour in the output simply for ease of reading.
- (2015-09-01) A Wong: Simple yet effective tool - good interface, yet powerful. Saved our company many hours and $$$.
- (2017-04-27, v:1.8.7) Adding this extension broke SAML
After I added this extension, my Shibboleth-based SSO solution completely stopped working, with error 2746 "Error reading request body from browser". The extension appears to consume/corrupt the SAML request in such a way that the Shibboleth ISAPI module cannot use it any more. Uninstalled.
- (2016-12-25, v:1.8.7) kedari GOUTHAM: Authentication pop up
We have implemented SSO for Facebook application using kerberos authentication. If Kerebros fail user is prompted with Authentication pop-up. From SP SAML request is getting generated successfully and user credential pop up is prompted but after entering the user credentials again repetedly it is prompting the Authentication pop-up.
- (2016-04-08, v:1.8.5) Martin van Es: Passwords
In the current form, the plugin exports all HTTP traffic, including usernamee and passwords POST'ed on IdP. This is very dangerous behaviour and should be prevented, or at least preventable by choosing a "mask" function in export, just like SAML Tracer in firefox.
- (2016-03-17, v:1.8.5) Broken after chrome update
Seems like SAML tab page does not appear anymore after latest Chrome update
- (2015-10-14, v:1.7) Martin van Es: Import/Export
One of the useful features of FF's SAML tracer is import/export. This is extremely helpful for SSO support.
- (2015-09-01, v:1.3) Harpreet Singh: Did not work for me
Tried doing a SSO on couple of sites, but the SAML Chrome wont show anything. (I had kept open the SAML Chrome tab open within the Developers tool before initiating the SAML messages). The same works in Firefox - SAML Tracer.