IT:AD:SAML:HowTo:Decrypt Tokens [Notes]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

# IT:AD:SAML:HowTo:Decrypt Tokens #



<callout type="Navigation" class="small">

* [[../|(UP)]]
{{indexmenu>.#2|nsort tsort}}


</callout>


<panel title="Summary">



</panel>


## Process ##

SAML tokens, if they are encrypted, are encrypted against the X509 certificate of the relaying party, either the public HTTPS certificate, or an agreed upon certificate between the STS and RP. In which case, you'll need the private key for that certificate to decrypt.

But if you are working in a Dev environment without encryption, you can use view the traffic within Chrome, and 
then copy it paste the SAMLRequest and SAMLResponse into: 

* https://rnd.feide.no/simplesaml/module.php/saml2debug/debug.php
* http://www.ssocircle.com/en/1203/saml-request-online-decoder-encoder/


<WRAP tip>
The algorithm (to be verified) to decode the query strings encoded as follows:

* Gzip deflate the request/response if sent as query parameter (no change for POST parameters)
* Convert to Base64
* URL encode the result

</WRAP>

## Resources ##

* http://security.stackexchange.com/questions/652/how-can-i-decrypt-adfs-based-saml-p-or-ws-trust-claims?rq=1