IT:AD:SAML:HowTo:Decrypt Tokens
Summary
Process
SAML tokens, if they are encrypted, are encrypted against the X509 certificate of the relaying party, either the public HTTPS certificate, or an agreed upon certificate between the STS and RP. In which case, you'll need the private key for that certificate to decrypt.
But if you are working in a Dev environment without encryption, you can use view the traffic within Chrome, and then copy it paste the SAMLRequest and SAMLResponse into:
The algorithm (to be verified) to decode the query strings encoded as follows:
- Gzip deflate the request/response if sent as query parameter (no change for POST parameters)
- Convert to Base64
- URL encode the result