SAML Decoder
Decode, inspect, and debug SAML requests and responses securely in your browser
Table of Contents
What is SAML?
SAML (Security Assertion Markup Language) is an XML-based open standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). It's widely used for implementing Single Sign-On (SSO) in enterprise applications.
This SAML Decoder helps developers and administrators debug SSO implementations by decoding Base64-encoded SAML messages and presenting them in a readable format with extracted details.
100% Client-Side
All processing happens in your browser. Your tokens never leave your device.
Auto-Detection
Automatically detects Base64, Deflate, URL-encoded, or raw XML formats.
Syntax Highlighting
Beautiful XML highlighting for easy reading and debugging.
Deep Inspection
Extract issuer, subject, attributes, conditions, and signature details.
How to Use This Tool
- Paste your SAML data - Enter Base64-encoded SAML, a URL containing SAMLRequest/SAMLResponse, or raw XML
- Configure options - Enable auto-detection, pretty printing, and syntax highlighting
- Click Decode - The tool will decode and display the SAML XML
- Explore tabs - View decoded XML, extracted details, attributes, and signature info
- Copy results - Use the copy button to copy the decoded XML
Supported Input Formats
- Base64-encoded SAML - Standard Base64 encoding used in POST binding
- Base64 + Deflate - Compressed SAML used in Redirect binding
- URL-encoded - SAML data in URL parameters
- Raw XML - Plain SAML XML without encoding
- Full URLs - Paste URLs containing SAMLRequest or SAMLResponse parameters
Frequently Asked Questions (FAQs)
SAML (Security Assertion Markup Language) is an XML-based open standard for exchanging authentication and authorization data between parties, specifically between an identity provider (IdP) and a service provider (SP). It enables Single Sign-On (SSO) functionality.
This tool decodes Base64-encoded SAML requests and responses, decompresses deflated SAML data, and formats the resulting XML for easy reading. It helps developers debug SSO implementations and verify SAML assertions.
Yes! All decoding and processing happens entirely in your browser using JavaScript. Your SAML tokens are never sent to any server. This client-side processing ensures your sensitive authentication data remains private.
This decoder supports: Base64-encoded SAML, Base64 + Deflate compressed SAML, URL-encoded SAML, raw SAML XML, and SAMLRequest/SAMLResponse parameters from URLs. It automatically detects the format.
From a decoded SAML response, you can extract: the issuer (identity provider), subject/user information, authentication timestamp, session expiry, attributes (name, email, roles), digital signature, and conditions for validity.
