EBS: Capturing a SAML Response When Logging Into Everbridge Suite via Single Sign-On (SSO)

Topic

How to capture a SAML Response when logging into Everbridge Suite via Single Sign-On (SSO).

Description

Capturing a SAML response will validate whether or not an SSO user ID is the same value that is passed to the identity provider. If these values are different, contacts and users will not be able to log in via SSO. The sections below, show how to capture a SAML response in the two most frequently used browsers:

  1. Google Chrome.
  2. Mozilla Firefox.

Google Chrome

Opening Chrome Developer Menu
  1. From an organization's SSO login page, open the developer menu by right-clicking and clicking Inspect.
  2. Click Network from the menu bar, and select the option for Preserve log.
  3. Click Go To IDP Login page and log in.
Default Alias in Network Log
  1. From the list of items that load, click defaultAlias.
    1. To find the item quickly, enter "defaultAlias" (without quotes) in the Filter box.
SAMLResponse in Form Data
  1. In the Headers pane, scroll down to Form Data, and copy all the code appearing after SAMLResponse.
    1. Using the picture to the right as an example, begin copying the code at PHNhbW.
Decoding Base64 into XML
  1. Go to https://www.samltool.com/decode.php, paste the SAMLResponse code into the Deflated and Encoded XML text box, and click the DECODE AND INFLATE XML button.
  2. Click the Copy to Clipboard icon from the Deflated XML text box to copy the new code, and click XML Pretty Print from the left.
XML Pretty Printed
  1. Paste the new code into the XML text box, and click the TURN PRETTY button.
NameID in SAML Response

Compare the NameID value in the XML to the SSO User ID in the contact or user profile to ensure the values match.

In the image to the right, the NameID that is being passed to the identity provider is bridge@ever.com. The contact or user record's SSO user ID would need to be the same for login via SSO to work.

Mozilla Firefox

Firefox Developer Tools - Network
  1. From the organization's SSO login page, open the developer menu by right-clicking and clicking Inspect Element.
  2. Click Network from the developer menu bar.
  3. Click Go To IDP Login page and log in.
Default Alias Selection in Firefox
  1. In the Filter URLs search box, enter "defaultalias" (without quotes).
SAML Response in Firefox
  1. Click on defaultAlias from the results.
  2. Click on Params from the sub-menu.
  3. Click on the SAMLResponse value, select the entire value using the keyboard shortcut Ctrl+A, and then copy it using the keyboard shortcut Ctrl+C.
  1. Decoding Base64 into XMLGo to https://www.samltool.com/decode.php, paste the SAMLResponse code into the Deflated and Encoded XML text box, and click the DECODE AND INFLATE XML button.
  2. Click the Copy to Clipboard icon from the Deflated XML text box to copy the new code, and click XML Pretty Print from the left.
  1. XML Pretty PrintedPaste the new code into the XML text box, and click the TURN PRETTY button.

NameID in SAML ResponseCompare the NameID value in the XML to the SSO User ID in the contact or user profile to ensure the values match.

In the image to the right, the NameID that is being passed to the identity provider is bridge@ever.com. The contact or user record's SSO user ID would need to be the same for login via SSO to work.

Was this article helpful?
0 out of 0 found this helpful

Article Feedback


While we can’t respond to you directly, we’d love to know how we can improve the article.

Please sign in to leave a comment.