[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSO&SAML-Google Group



Lara Cancela <lcancela.itt.android@xxxxxxxxx> said:
> Hello Sampo,
> 
> thank a lot for your help :) But I have a question: what sniffer exactly are
> you usinf to see the HTTPS (no HTTP) to see the headers for example with
> SSO service of zxid??

wireshark

> I mean, If I capture the traffic when I get SSO between
> https://sp.gast.it.uc3m.es:8443/zxid?o=E
> and
> https://idp.gast.it.uc3m.es:5443/login
> 
> I am not able to see the headers with ethereal because it's the HTTPS
> protocol, not HTTP!!

Right. That is why you need to build a testing setup that uses HTTP based
endpoints.

There is a more complex way to configure your sniffer to know about the
private keys so it can actually decrypt the HTTPS, but the setup with
just HTTP endpoints is easier to get working so try that first.

--Sampo

P.S. Always Cc the mailing list on questions like this.

> I have a lot of experience with HTTP filters and ethereal but I don't find
> the correct filter to see https ... I think I neede another sniffer!!
> What sniffer are you using??
> 
> I'm with the last Ubuntu OS ..
> 
> Thanks again,
> 
> Lara.