SAML Tracer

1. Get and install the Firefox add-on here: (https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/)
2. Once it's installed, click on the orange SAML logo, in Firefox's menu bar, to open the add-on.
3. This will will open up another window. In the top half of the window, it will display all of the HTTP calls that are made while you are accessing sites from your web browser, Firefox.
4. If you click each of the HTTP calls, it will display more information in the lower half of the window.
5. For example, If you click on the SAMLRequest https://shib.oit.duke.edu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=jZLNboMwEIRfBfkeHEhSghWQaHJopL... you can see three more tabs of information:
   • HTML This shows the entire HTTP call, with headers.
   • Parameters This shows the raw SAML Request or Response.
   • SAML This shows the base64 decoded Request or Response, which contains a wealth of information. For example, you can see the actual AssertionConsumerService URL that the SP is using from this.

SAML Rails Gems

SAML Camel

There are a couple of suggested options for those operating in a rails environment. The saml_camel gem https://rubygems.org/gems/saml_camel is a good choice for setting up an SP in a local development environment. See documentation here https://gitlab.oit.duke.edu/da129/saml_camel/blob/master/README.md

We do not recommend using saml_camel in production environment. We recommend installing a Shibboleth SP for that purpose

Ruby SAML

Ruby SAML is a more bare bones approach to creating a SP in a local development environment. You can find the repo here https://github.com/onelogin/ruby-saml

We also do not recommend relying on this in a production environment, rather we suggest installing a Shibboleth SP.