SSO: Analyze service provider-initiated flow with SAML Tracer

  • Updated

You can install SAML Tracer or similar tools to analyze service provider-initiated flow, including detailed instructions for accessing, observing, and exporting SAML requests and responses in various browsers.

Install SAML tracer

Similar tools, such as SAML DevTools and SAML Chrome Panel, are available for other browsers. This document uses SAML Tracer.
  1. To install SAML Tracer for the Firefox browser, go to SAML Tracer for Firefox and follow the provided instructions. For the Google Chrome extension, follow this link: SAML Tracer for Google Chrome
  2. After successful installation, access SAML Tracer through the browser menu bar by selecting Tools > SAML Tracer.

Create SAML request for a service provider-initiated flow

To create a SAML request for a service provider-initiated flow and inspect the request and response in SAML tracer:

  1. Open the SAML Tracer and access Opti ID. In the event that the user is not already logged in, they are directed to the Okta login page.
  2. Examine the SAML Tracer window to observe the SAML request sent from the application to Okta.

    SAML Request SP flow

  3. SAML responses are signed and contain the profile attributes of the person who requested access to the app.

    SAML Response SP flow

Export SAML TRACER output

To export the SAML-tracer output, click Export in SAML-tracer and select whether the exported file will have different cookie-filter profiles. SAML-tracer exports the file as a .JSON file to your Downloads library. Send this .JSON file to Opti ID support.