I’ve been working with SAML and SSO for a while now and I’ve always defaulted to using Firefox with SAML tracer. Its a fantastic plugin as it captures all network traffic and then flags SAML requests and responses before allowing you to view the SAML message in plain text. I have always wanted a similar one for Chrome, but the closest/only one I could find is the SAML Request Decoder. It is focused on the actual page itself, and thus, is useful for SAML requests, but then if there are a few transactions / redirects, then it fails to capture them. I thought this would be a great couple day project to work on.
The second was the develop an actual panel to display the data. I referenced some other extensions and ended up with something that looks quite nice and functional. It is working off AngularJS for all the object binding. I thought I’ve done pretty well for my first attempt at writing one of these things. So this is saml-chrome-panel on GitHub. So this actually keeps track of the all network IN THE TAB (Chrome feature), and thus, you’ll have a record of all SAML transactions, given that the panel is open. The problem is of course, if you have a link that opens in a new tab, DevTools isn’t open, thus the traffic isn’t captured. This caveat is addressed by using this plugin – Open Link In Same Tab (brilliantly named). It gives you a contextual right-click menu to open links in the same tab.
The source is all on GitHub just as a teaching aid for people wanting to figure out how to write extensions as it was somewhat difficult to find something to reference off, especially for the panel.
The SAML Chrome Panel is now on the Chrome web store and available for download! I do hope it benefits someone out there. The one major upgrade that I’d like to do is the formatting of the SAML XML request/response to something that is formatted and coloured and just a pleasure to look at!