Privacy Statement

IDLab Protocol Tracer is a browser extension used with Identity Lab debug mode to inspect OIDC and SAML login redirects in your own browser. It is designed for local troubleshooting and does not collect, sell, or transmit personal data to us.

No data collection The extension does not collect analytics, identifiers, credentials, tokens, or browsing history.

No remote code The extension does not download or execute remotely hosted JavaScript or other code.

Local debug use Trace events are streamed only to the Identity Lab page that explicitly starts a debug session.

What the extension does

The extension opens a login popup for Identity Lab debug mode and observes request, response, redirect, completion, and error events for that popup. This helps troubleshoot OIDC and SAML authentication flows that cross identity provider and service provider domains.

Data handling

The extension does not send trace data to our servers or to third-party analytics services.
The extension does not store trace data permanently.
The extension sends trace events back to the active Identity Lab browser tab through Chrome extension messaging.
Any tokens, assertions, request URLs, or protocol metadata visible during debugging remain in your local browser session unless you choose to copy or share them.

Permissions

The extension requests tabs, webRequest, and host access for <all_urls>. These permissions are needed because OIDC and SAML login journeys can redirect across many different domains. The extension uses these permissions only after Identity Lab starts a debug trace.

Remote code

The extension does not execute remote code. All extension scripts are packaged with the extension.

Changes

We may update this privacy statement as the extension changes. Material changes will be reflected on this page.

Contact

For questions about this privacy statement or the extension, contact the publisher through the Chrome Web Store listing or the project repository.