search cancel

How to gather a SAML trace on Internet Explorer


Article ID: 175966


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Due to a support case, you need a SAML trace taken from Internet Explorer.


Web Security Service


  1. Download latest Fiddler version
  2. Install Fiddler, Agree to the End User License Agreement.
  3. Launch Fiddler, click Cancel if prompted about AppContainers:
    • ​​​​
  4. With Fiddler open, click on Tools > Telerik Fiddler options > HTTPS and check Decrypt HTTPS traffic then click Ok.
    • Note: You may be prompted to trust a certificate. If so, please select the Cloud Service Root Certificate, available to download in Service > Network > SSL Interception > Root certificate.
  5. Close and open Fiddler and Internet Explorer side-by-side. Then drag and drop the crosshair icon onto Internet Explorer.  This will target only traffic in this process (browser window) to help filter down intercepted traffic:
  6. On Fiddler, select the X icon with a drop down and click Remove All to clear your trace.
  7. Go to the URL of the application where the issue is present and login. Once you have logged into the application or received the error to your application upon login, click File > Capture Traffic to stop the logs:
  8. Within your logs, look for the last 200 response from your ADFS server or SAML endpoint URL before being redirected to your application.
  9. Click on the Inspectors tab, and select the Raw tab at the bottom. Copy the value attribute from the hidden input tag with the name of "wresult":
    • ​​
  10. Paste the encoded HTML into an HTML decoder, for example:
  11. Copy the Decoded HTML and paste it into an XML formatter of your choice. For example, Bing (this may not be available for all countries).
  12. Copy the result into a notepad, it should be readable, save it and attach it on the open support case.