Message decode

Decode SAML and WS-Federation message (requests and responses)

SAML: Debug SAML message by decoding them and verify their contents.

Paste in raw SAML requests and responses and get them decoded automatically.
You can also paste in 'in context' SAML messages meaning that you can paste in a full Fiddler request/response and the SAML message will be identified and decoded.

Specifications of the SAML 2.0 can be read here: SAML 2.0
WIF: Windows Identity Foundation is a .Net Framework for implementing claims-based identity. The following events occur:
  1. Unauthenticated user tries to browse RP and get a (HTTP 302 Found) redirect to STS to get authenticated (wsignin1.0 request)
  2. Browser performs a GET request to STS to get authenticated (wsignin1.0 request)
  3. User performs authentication at STS (for example by username/password) and on successfull authentication, the STS sends back a hidden form with token which automatically POST back to RP (wsignin1.0 response)
  4. RP verifies the received token from the form POST and issues a session cookie if the verification was successfull and the user can use the application (wsignin1.0 response)
  5. User signs out by the browser performs a GET request to STS to get signed out (wsignout1.0 request)
  6. All upstream STS's get a signout request and respond back and finally the RP receives a request telling it to delete cached session state for the specified user (wsignoutcleanup1.0 request)
RP: Relying Party is the application, that the user wants to access. However if chained STSs are used, then the requesting STS behaves as RP to the responding STS further up the chain
STS: Security Token Server is the service that authenticates the user (for example by username/password) and issues a token with claims about the user

If your text contains multiple messages, only the first will be decoded, and if your text contains both GET and POST messages, only the POST message will be decoded. So be aware of what you paste in.
Both POST and GET requests/responses are decoded, that is wsignin1.0, wsignout1.0 and wsignoutcleanup1.0.

Specifications of the WS-Federation 1.2 can be read here: WS-Federation 1.2