Yep, Fiddler messes up HTTP keep-alives enough to derail connection-oriented NTLM / Kerberos. I have encountered exactly the same situation while debugging ADFS interactions.
One option that plays nicer is <http://www.blunck.se/iehttpheaders.html>. I haven't tried Charles <http://www.charlesproxy.com/> but it is very well-regarded. I believe you could also run a MITM / tunnel fairly easily with OpenSSL tools. --Steve On Fri, Jan 13, 2012 at 10:22 AM, David Lum <[email protected]> wrote: > ¾ step back. Looking for ideas. > > > > I’m still working on SAML and ADFS 2.0, and I’ve got far enough that my > federation service allows me to post a query to the vendor’s application, > but now we are getting “The matching public key for this SAML document has > not been entered into the Company Admin/Security Keys screen “ even though > we do have the proper key on each side of the transaction and the key IS > entered on their side > > > > The vendor wants to view the SAML assertion that is being sent, which we > believe requires us to be able to open the SSL packet getting sent (sounds > right). I’ve installed a utility called Fiddler that with some tweaks will > allow us to do this by being a “man in the middle”. Problem is when I turn > this “decrypt HTTPS” traffic I can no longer log into my ADFS website. DOH! > > > > Anyone have any ideas? > > David Lum > Systems Engineer // NWEATM > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
