So far we had no such case.
We can see this protocol is a bit complicated but it's not binary. It means our HTTP decode may handle this. We need to investigate it.
Is there a chance to get sample trace?
I believe it's based loosely on SOAP?
Unfortunately this isn't a specific case but more of an instance where a customer has asked for current capabilities. I had a brief conversation with one of your delivery guys and he mentioned that it had possibly been used with Oracle Authentication Services? (I don't have much detail on that!)
If it's not been used, but there is potential then that's fine, i'll report that back and state we'd need a trace if we wanted to do any more on it.
SAML is XML based (not SOAP), our XML decode should be helpful here. There are instances where the XML may be compressed/base64/URL encoded to be passed as part of the URL (say in a GET request instead of the more typical XML in the POST body of a POST request).
Was anyone able to retrieve the username from the SAMLResponse? I have a customer were they use SAML. I see for a specific URL the SAMLResponse the value of SAML is a Post Parameter, but it is a long string which is base64 encoded.
Still I am not able to extract the username.