samltool / samltool.github.io Goto Github PK
View Code? Open in Web Editor NEWSAML debugging, encoding, decoding tool
License: MIT License
SAML debugging, encoding, decoding tool
License: MIT License
Currently if you paste a SAML message retrieved from HTTP Redirect binding trace in the samltook.io's "SAML TOKEN ENCODED" box (either URL-decoded, or left in URL-encoded format... the box is not labeled clearly as to what it expects), samltool.io renders garbage as "SAML TOKEN DECODED." It's now unclear to the user of the tool whether the message is malformed, the encoding required was not understood, or the tool does not support HTTP Redirect binding.
It appears the problem is certainly that it does not completely support HTTP Redirect binding. It's not doing the inflate step used in HTTP Redirect Binding to get to a completely decoded token.
E.g. if you put the URL-decoded base64 value in the SAML TOKEN ENCODED box:
fZBPa8MwDMXP+xbB9zR/CisTSaCjhxU6Ftqww25ualpDLLuWAlk/fRNnh+5S3R76SU9PBUnTOVj3fMG9uvaKOBpMhwShUYreI1hJmgClUQTcwmH9uYN8kYLzlm1rOxGN9bIZZzVK1hZLcWF2BEmiBmlcpxatNYk+uUBuN6WQx3b4vc2SqFdbJJbIpcjT7DXO8jh/a7IVLDNIlz8Bq//M3jWeNJ6fX3acIYKPpqnj+uvQiOhbeQq3jYCoiikfBG//kPj5Wkmk/BRQVBNGrkge1lSz+v/N6g4=
samltool.io displays this in the SAML TOKEN DECODED box:
}�OkÃ0ÅÏû�Á÷4�
+�I £��:�Ú°ÃnnjZC,»��Y?}�g�îRÝ�úIOO�IÓ9X÷|Á½ºö�8�L��¡Q�Þ#XI�¥Q�ÜÂaý¹�|��ó�mk;��õ²�g5JÖ�Kqav�I¢�i\§�5�>¹@n7¥�Çvø½Í�¨W[$�È¥ÈÓì5Îò8�k²�,3H�?�«ÿÌÞ5�4��_v�!��¦©ãúëÐ�è[y
·��¨�)��oÿ�øùZI¤ü�PT�F®H�ÖT³úÿÍê�
and it's an exercise left to the user to get the expected prettify-ible result:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://example.com/idp" ID="abcxyz" IssueInstant="2016-12-29T17:31:03Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:sp</saml:Issuer></samlp:AuthnRequest>
Expected to have it deflate automatically.
Also expect the UI to be clear about what encoding is expected (having it be base64, not url-encoded base64, is fine, as most debug tools provide either format... but be clear.) Having it detect common mistakes would be nice. But these are just nice additions... please start with supporting inflate.
If you try decode a response like the one below, the Hildébrand value isnt displayed correct.
Its displayed as Helga Hildébrand
PHNhbWxwOlJlc3BvbnNlIElEPSJfMzdlNjBmYzYtOWMwNi00ZTM3LTkwMDktYzJjOGE0MDZlNTczIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxOS0wNi0wNlQxODowNTo1NC44NzdaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9xYS1hcHAuZXUxLmNocm9tZXJpdmVyLmNvbS9sb2dpbi9zc28vc2FtbC9jb25zdW1lP2N1c3RvbWVySWQ9MjExMSIgSW5SZXNwb25zZVRvPSJfNjI1MTgxMmMtYjM5Ny00YjBlLThhYTQtN2E0ZWU0NzBmZDUyIiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48SXNzdWVyIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3N0cy53aW5kb3dzLm5ldC85Y2E3NTEyOC1hMjQ0LTQ1OTYtODc3Yi1mMjQ4MjhlNDc2ZTIvPC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PEFzc2VydGlvbiBJRD0iXzAyMmMxZTA3LTNmMzQtNGU0YS05N2Q0LTcxZTk0YThkZGQwMCIgSXNzdWVJbnN0YW50PSIyMDE5LTA2LTA2VDE4OjA1OjU0Ljg2MloiIFZlcnNpb249IjIuMCIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxJc3N1ZXI+aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvOWNhNzUxMjgtYTI0NC00NTk2LTg3N2ItZjI0ODI4ZTQ3NmUyLzwvSXNzdWVyPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48UmVmZXJlbmNlIFVSST0iI18wMjJjMWUwNy0zZjM0LTRlNGEtOTdkNC03MWU5NGE4ZGRkMDAiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxEaWdlc3RWYWx1ZT5UME9QdjlmeFZrMThURDBOa3g4cUR6V0pQY1pQV1lKd21iWHN2VHhEb3AwPTwvRGlnZXN0VmFsdWU+PC9SZWZlcmVuY2U+PC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5Lb3BXNThvbHZHQzd4M0ZlbU0zNkxyeTF2NmVFei9GVk13T1R2alRqRVlwQ0JpaEdNQU92NFR6MVA2NWNDcGIwdlp0M1dpSFkyNlpKbGVEL0plSVc1MERSNytVTlREWlJObXdFUFJONy94THo5Sk9VQWdydXdvbDIyeEhVeHBYOW9iQklwS2MvRlZsWVdLUTBBbkx5UUJwbXU5YUpvRDhqcFd2OHZQMjdoUk0zT29MNitLeDFmek5qYnIzZ1YwSXZPcDl6bnpmdFZuMmlrVXlZVE9YVE9GSGtDMnBtQ3NMZ2RkNE5tRkZBb1g4ZmEzMG1hUnNsdnFlcGpWSCsrOFNsSFNNZWQ0QXZ4TlpzbjQ5aHdiYnQycmorTlBmSko0SHZYV0JCZUVQRHhqMTBRQXN0b2pSS1ZmUXNZakhKQkRXNVl4OVQ2OEk5dHZNTVVhcytJZ2dxY1E9PTwvU2lnbmF0dXJlVmFsdWU+PEtleUluZm8+PFg1MDlEYXRhPjxYNTA5Q2VydGlmaWNhdGU+TUlJQzhEQ0NBZGlnQXdJQkFnSVFMcHRkeFNsK3JaeElvY0ZIeGpzc3NqQU5CZ2txaGtpRzl3MEJBUXNGQURBME1USXdNQVlEVlFRREV5bE5hV055YjNOdlpuUWdRWHAxY21VZ1JtVmtaWEpoZEdWa0lGTlRUeUJEWlhKMGFXWnBZMkYwWlRBZUZ3MHhPVEExTWpBeU1EVXhOVEphRncweU1qQTFNakF5TURVeE5USmFNRFF4TWpBd0JnTlZCQU1US1UxcFkzSnZjMjltZENCQmVuVnlaU0JHWldSbGNtRjBaV1FnVTFOUElFTmxjblJwWm1sallYUmxNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXN0aWFkOUltcmdBNk53MkFYS1ZWUUMxYjhpU3h3VG9aaEFER1Ywbi9qdlJra204aDVyaFBLaTcvYlkzNjBPbTRocVc2UG55c3NZSzhEdi9yb0x2UDJQeUhkVnpvQ0RNWkNSNWZxck5iSURrU0ZOUTU2NUhVU0YyUVpCeXFkZmRBa3VyR1hIL3BwS1QvcTNwQnBaM0xaMlF4SWxlRWJZS2U5cXkrWjJDMDVWQVkzN3U0NDZIZlhlUzB4VlgyellEcmY5ZEQzSWhwaklORzV1c1JEVHVibkJ1Q3p1a3MwZk9abFc0cnZ1TE1PZVBXYUhTNW1sejNoa3RYa0hqMjdtczVuOVRFdGM1WlI3ckJiNDhRcWJhSDZQbnJuQm9lc3V2WUFFbHlidDlTMHlJNjI5WDRCMnNRYm84dkMxdldxTHRYSVpZaEl4ZVZyTXRKdHk5ZFpZenhGUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVpxTTZxeU5qbkJSYjFHVjArZzRqUmozU3luUDZmd0lxSnhYVjlvWjU0Q0pPemQ5Yy91SHRJdUlNTjIydTBUZW9SR29pRmxYcUJmK25FRlFGdTBLQkpJL2hOUUYxaHhhVXRaaVZGRVB5aGpJTVpnbW9DQVp4WEdTd1ZrMVRKOStNekwxTVh2Sy8vNUZNUERCWWNiamUzaWl6cDZYQ3ZpTzRGWkpXYnpCMXdzQk95U1d5Q3l4L2JYc0s4dEJ6MjRsNW0xYW5XdStQSTluSHVUd2lqcnlBRHZVVkJRNWE3b280d1VEWjlCYzB3bzdtbUlTQWs2R0I4NDlRVDVQVTNKdFFTZVpoZ1FFL2pnRHZoeWZVZGlKTWxIcStZN1pvSHpxakFMdkljZ0FFbk9Uc0pja1U2ZHh5WkVXYkVKWXNqR2ZoakdSNUxDUHhWcW0rdCtxQzRiaDJWPC9YNTA5Q2VydGlmaWNhdGU+PC9YNTA5RGF0YT48L0tleUluZm8+PC9TaWduYXR1cmU+PFN1YmplY3Q+PE5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIj5TOTk5OTk5PC9OYW1lSUQ+PFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25zZVRvPSJfNjI1MTgxMmMtYjM5Ny00YjBlLThhYTQtN2E0ZWU0NzBmZDUyIiBOb3RPbk9yQWZ0ZXI9IjIwMTktMDYtMDZUMTg6MTA6NTQuODYyWiIgUmVjaXBpZW50PSJodHRwczovL3FhLWFwcC5ldTEuY2hyb21lcml2ZXIuY29tL2xvZ2luL3Nzby9zYW1sL2NvbnN1bWU/Y3VzdG9tZXJJZD0yMTExIi8+PC9TdWJqZWN0Q29uZmlybWF0aW9uPjwvU3ViamVjdD48Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTktMDYtMDZUMTg6MDA6NTQuODYyWiIgTm90T25PckFmdGVyPSIyMDE5LTA2LTA2VDE5OjAwOjU0Ljg2MloiPjxBdWRpZW5jZVJlc3RyaWN0aW9uPjxBdWRpZW5jZT5odHRwczovL3FhLWFwcC5ldTEuY2hyb21lcml2ZXIuY29tLzwvQXVkaWVuY2U+PC9BdWRpZW5jZVJlc3RyaWN0aW9uPjwvQ29uZGl0aW9ucz48QXR0cmlidXRlU3RhdGVtZW50PjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9pZGVudGl0eS9jbGFpbXMvdGVuYW50aWQiPjxBdHRyaWJ1dGVWYWx1ZT45Y2E3NTEyOC1hMjQ0LTQ1OTYtODc3Yi1mMjQ4MjhlNDc2ZTI8L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9pZGVudGl0eS9jbGFpbXMvb2JqZWN0aWRlbnRpZmllciI+PEF0dHJpYnV0ZVZhbHVlPjJiMTczNjljLTVjYWUtNDNiYy1iYWFhLTdiNjUyNTk2NGZlZDwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2lkZW50aXR5L2NsYWltcy9pZGVudGl0eXByb3ZpZGVyIj48QXR0cmlidXRlVmFsdWU+aHR0cHM6Ly9zdHMud2luZG93cy5uZXQvOWNhNzUxMjgtYTI0NC00NTk2LTg3N2ItZjI0ODI4ZTQ3NmUyLzwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL2NsYWltcy9hdXRobm1ldGhvZHNyZWZlcmVuY2VzIj48QXR0cmlidXRlVmFsdWU+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvZ2l2ZW5uYW1lIj48QXR0cmlidXRlVmFsdWU+VGVzdEFuZHk8L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZSI+PEF0dHJpYnV0ZVZhbHVlPlM5OTk5OTk8L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvc3VybmFtZSI+PEF0dHJpYnV0ZVZhbHVlPkhpbGTDqWJyYW5kPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48L0F0dHJpYnV0ZVN0YXRlbWVudD48QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE5LTA2LTA2VDE4OjA1OjQ4LjY2NVoiIFNlc3Npb25JbmRleD0iXzAyMmMxZTA3LTNmMzQtNGU0YS05N2Q0LTcxZTk0YThkZGQwMCI+PEF1dGhuQ29udGV4dD48QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L0F1dGhuQ29udGV4dENsYXNzUmVmPjwvQXV0aG5Db250ZXh0PjwvQXV0aG5TdGF0ZW1lbnQ+PC9Bc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.