Menu
AWS Identity and Access Management
User Guide

How to View a SAML Response in Your Browser for Troubleshooting

The following procedures describe how to view the SAML response from your service provider from in your browser when troubleshooting a SAML 2.0–related issue.

For all browsers, go to the page where you can reproduce the issue. Then follow the steps for the appropriate browser:

Google Chrome

To view a SAML response in Chrome

These steps were tested using version 54.0.2840.87m. If you use another version, you might need to adapt the steps accordingly.

  1. Press F12 to start the developer console.

  2. Select the Network tab, and then select Preserve log.

  3. Reproduce the issue.

  4. Look for a SAML Post in the developer console pane. Select that row, and then view the Headers tab at the bottom. Look for the SAMLResponse attribute that contains the encoded request.

Mozilla Firefox

To view a SAML response in Firefox

This procedure was tested on version 37.0.2 of Mozilla Firefox. If you use another version, you might need to adapt the steps accordingly.

  1. Press F12 to start the developer console.

  2. In the upper right of the developer tools window, click options (the small gear icon). Under Common Preferences select Enable persistent logs.

  3. Select the Network tab.

  4. Reproduce the issue.

  5. Look for a POST SAML in the table. Select that row. In the Form Data window on the right, select the Params tab and find the SAMLResponse element.

Apple Safari

To view a SAML response in Safari

These steps were tested using version 8.0.6 (10600.6.3). If you use another version, you might need to adapt the steps accordingly.

  1. Enable Web Inspector in Safari. Open the Preferences window, select the Advanced tab, and then select Show Develop menu in the menu bar.

  2. Now you can open Web Inspector. Click Develop, then select Show Web Inspector.

  3. Select the Resources tab.

  4. Reproduce the issue.

  5. Look for a saml-signin.aws.amazon.com request.

  6. Scroll down to find Request Data with the name SAMLResponse. The associated value is the Base64-encoded response.

Microsoft Internet Explorer

To view a SAML response in Internet Explorer

The best way analyze network traffic in Internet Explorer is through the use of a third-party tool.

What to do with the Base64-encoded SAML response

Once you find the Base64-encoded SAML response element in your browser, copy it and use your favorite Base-64 decoding tool to extract the XML tagged response.

Security Tip

Because the SAML response data that you are viewing might contain sensitive security data, we recommend that you do not use an online base64 decoder. Instead use a tool installed on your local computer that does not send your SAML data over the network.

Built-in option for Windows systems (PowerShell):

Copy
PS C:\> [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("base64encodedtext"))

Built-in option for MacOS and Linux systems:

Copy
$ echo "base64encodedtext" | base64 --decode