Hi @Arya Gupta
I understand that you are using SAML Tracer chrome extension to attempt to capture the assertion.
If you want to capture the assertion you need to capture the network trace whenever you are accessing the application.
To capture a SAML assertion during a Single Sign-On (SSO) flow and extract the MFA elements using the SAMLTracer Chrome extension, follow these steps:
- Ensure SAMLTracer is Installed and Enabled.
- Make sure that Microsoft Entra is properly configured as the Identity Provider (IdP) for your application (Salesforce) and that the application is set to use SAML 2.0 for authentication.
3.Open your browser (with SAMLTracer enabled) and navigate to the Salesforce login page or your application’s login page.
4.Trigger the login process by entering your credentials. Since your setup is using SSO, it should redirect to Microsoft Entra (Azure AD) for authentication.
5.If MFA is configured for the user in Microsoft Entra, you will be prompted for MFA during the login process. Ensure you go through the MFA challenge.
6.When user authenticates to the application, this SAMLtracer tool will capture all the network traces and will provide you the SAML request and SAML response information from the captured frame requests.
7.This SAML Response will contain the assertion, including claims and any MFA-related information if it was included in the authentication flow.
8.Once the SAML Response is captured in SAMLTracer, click on it to inspect the details.
9.Look for an Assertion in the captured response. It is typically in XML format.In the Assertion, look for relevant <Attribute> elements that represent MFA-related data.
Other Approaches:
If SAMLTracer is not capturing the assertion properly or if you want to have more granular control, you can use Fiddler
1.Download Fiddler from: http://www.telerik.com/download/fiddler
2.Configure Fiddler to decrypt HTTPS traffic
3.Within Fiddler, click Tools -> Fiddler Options
4.Select the HTTPS tab
5.Check the checkbox to Decrypt HTTPS traffic
6.You will receive a few pop-ups that are required in order to install the Fiddler root certificate, which allows Fiddler to sit as a man-in-the-middle to your HTTPS session. Click Yes to these prompts.
7.Click OK to close Fiddler Options
8.Select the option to Clear cache.
9.Select the option to Browse.
10.Reproduce the issue.
11.Save the capture. Select File\Save\All Sessions
12.Specify a file location and name.
13.Click Save.
Another easy approach without any application or extension installed is you can use developer tools in the browser itself: https://zcusa.951200.xyz/en-us/azure/azure-portal/capture-browser-trace
Hope this helps. Do let us know if you have any further queries.
Thanks,
B. Siri Chandana.