Aviso de privacidad para ClavionX SAML Debugger
ClavionX SAML Debugger por ClavionX
Privacy Policy — ClavionX SAML Debugger
Last updated: 2026-07-11
Summary
ClavionX SAML Debugger is a local diagnostic tool. It does not have a backend server, does not transmit any data off your device, and does not use analytics, telemetry, or advertising of any kind.
What the extension captures
When capture is enabled (and only for sites you have allowed, or have not explicitly denied, via the extension's Settings page), the extension inspects SAML SSO/SLO traffic — redirect-binding URL parameters and POST-binding form bodies — to decode SAML AuthnRequest, Response, and logout messages, along with the SAML-related cookies present during the flow.
This can include identity data present in the SAML messages themselves, such as:
NameID / subject identifiers
Issuer and Destination URLs
Assertion attributes
Session/cookie values relevant to the SAML flow
Where captured data is stored
All captured flows are stored locally, on your device, in the browser's IndexedDB storage for this extension. Settings (capture on/off, allow/deny lists, retention period) are stored in the browser's local extension storage. Nothing is sent to ClavionX or any third party — there is no server component.
Captured data is retained according to the retention period you configure and can be deleted at any time (single flow or "clear all") from the extension's Viewer.
Data you choose to export
The "Share Diagnostics" feature lets you generate a text/Markdown report to share with your own IT/identity team when troubleshooting. This report is built to omit raw NameID, attribute, and cookie values by design — it summarizes findings (e.g. "clock skew detected," "signature algorithm mismatch"), not the underlying identity data. Exporting this report is a manual, explicit action; nothing is exported automatically.
Permissions and why the extension needs them
Permission Why it's needed
webRequest To detect and read SAML traffic (redirect and POST bindings) as it happens, so the extension can decode and correlate it into a flow.
cookies SAML flows depend on session cookies (e.g. IdP session, SP session) — reading them is necessary to diagnose cookie-related failures (missing session, wrong domain/SameSite, etc.).
storage To persist captured flows and user settings locally.
host_permissions (http:///, https:///) SAML IdPs and SPs run on arbitrary customer-controlled domains that cannot be known in advance — the extension must be able to observe traffic on whatever domains the user is actively debugging. Capture is further gated by the user's own allow/deny list in Settings; broad host permission is the platform mechanism that makes that runtime filtering possible.
Contact
Questions about this policy: support@clavionx.com
Hosted at: https://samldebugger.clavionx.com/privacy