Closed guitarmanvt closed 9 years ago
Thanks for reporting this. BTW: Olav is on summer vacation, so it will take a while before we're able to look into this.
I don't think we will implement this as long as we have a reasonably straightforward workaround (i.e. copying the base64-encoded data).
I don't think viewing the raw response would be enough to be certain that the signature validation passed. We would need a "save original response as file" function, which would require a lot of code for something that can be reasonably easily done by hand.
The "SAML" tab decodes and displays the XML statements that are sent. A pretty-printing algorithm is used, likely to make it easy to read. This feature should be kept.
However, the pretty-printed XML does not preserve the original whitespace. This makes it impossible to verify the signature using M2Crypto or other tools.
I would like to be able to view the raw XML, exactly as it is encoded. (OK, I can already do this by base64-decoding the SAMLResponse parameter from the "Parameters" tab. But I'd like SAML Tracer to do this for me. :)