Summary

This article is to show how to decode the Single Sign-on SAML payload in Microsoft Entra.

Solution

Follow the following links to create an Enterprise Applications in Entra.

ClaimsXRay in AzureAD with Directory Extension

Look for the SAML Payload in the Browser Developer Tools. It will be of type Document. Click on the document type. In this example we are using ClaimsXRAY but for your case it will be different app. The network tab will have something different url for the document type.

You may get the one line network trace as following. On the SAML payload response you can right click and Copy the value. The value will be in the Clipboard.

PowerShell Scripts

The next step is to open the PowerShell Script and type the following.

$saml = Get-ClipBoard

$decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("$saml"))

$decoded | out-file -filepath saml-decoded.xml

Step 1: Get the SAML response value from the clipboard. Store in variable $saml.

Step 2: Using the $saml variable ger the Base64String decoded value. store in $decoded value.

Step #: Store the the $decoded value to a file. Note: you need to change the file name.

Conclusion

This is very easy way to check the SAML decoded values for the Single Sign on Application debugging. I hope this is helpful. Write on comments your feedback.