SAML Response Decoder
Führung
SAML Response Decoder
Paste a base64-encoded SAML response or assertion and instantly see the decoded XML alongside a summary of the most important fields. Handles URL-encoded payloads and DEFLATE-compressed strings used by SAML’s HTTP-Redirect binding, all in your browser — nothing is uploaded.
Nutzung
- Capture the SAML response from your IdP — usually a hidden form field named
SAMLResponseon the ACS POST, or theSAMLRequestquery parameter for HTTP-Redirect. - Paste the raw value into the input box. URL-encoding, DEFLATE compression and zlib/gzip wrappers are detected automatically.
- Read the Summary table for at-a-glance details: Issuer, NameID, NotBefore / NotOnOrAfter, Audience, Destination, SessionIndex and attribute statements.
- Use the formatted XML view (with copy and download buttons) for deeper inspection or to share with a colleague.
Funktionen
- Auto-detect encoding – Handles base64, URL-encoded base64, and DEFLATE-compressed payloads from the HTTP-Redirect binding without extra clicks.
- Summary highlights – Surfaces NameID, Audience, Issuer, Status, Destination, NotBefore / NotOnOrAfter and SessionIndex so you can spot integration issues at a glance.
- Validity check – Compares the assertion’s NotOnOrAfter against the current time and flags expired tokens.
- Pretty-printed XML – Indented, syntax-highlighted output with copy and download actions.
- Datenschutz-first – All decoding happens locally in your browser. SAML responses never touch our servers.
Häufig gestellte Fragen
-
What is SAML and how does it work?
SAML (Security Assertion Markup Language) is an XML-based open standard for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP). The IdP authenticates the user, then issues a signed XML assertion that the SP trusts to grant access — enabling Single Sign-On across independent web applications.
-
What is the difference between a SAML Response and a SAML Assertion?
A SAML Response is the outer envelope sent from the IdP to the SP and includes protocol-level metadata such as Status, Destination and InResponseTo. The SAML Assertion is the payload inside that response — it carries the actual identity claims: NameID, AuthnStatement, Conditions and AttributeStatement. A response can wrap one or more assertions.
-
What do NotBefore and NotOnOrAfter mean in a SAML assertion?
NotBefore and NotOnOrAfter are time-window attributes inside the Conditions element that define when an assertion is valid. The SP must reject any assertion presented before NotBefore or at/after NotOnOrAfter. The window is usually only a few minutes wide to limit replay attacks, which is why clock skew between IdP and SP is a common cause of SAML failures.
-
What is the AudienceRestriction and why does it matter?
AudienceRestriction names the intended Service Provider (the SP's entity ID) for the assertion. The SP must reject assertions whose Audience does not match its own configured entity ID. This binding prevents an assertion issued for one application from being replayed against another — even if both trust the same IdP.
-
What is the difference between HTTP-Redirect and HTTP-POST bindings?
HTTP-Redirect places the SAML message in a URL query string, so it must be DEFLATE-compressed and base64-encoded to fit. It is typically used for AuthnRequests sent from SP to IdP. HTTP-POST submits the message as a hidden form field, which has no size limit and does not require compression — it is the binding used for the SAML response back from IdP to SP.
Erweiterungen installieren
IO-Tools zu Ihrem Lieblingsbrowser hinzufügen für sofortigen Zugriff und schnellere Suche
恵 Die Anzeigetafel ist eingetroffen!
Anzeigetafel ist eine unterhaltsame Möglichkeit, Ihre Spiele zu verfolgen. Alle Daten werden in Ihrem Browser gespeichert. Weitere Funktionen folgen in Kürze!
Unverzichtbare Tools
Alle Neuheiten
AlleAktualisieren: Unser neuestes Werkzeug wurde am Mai 9, 2026 hinzugefügt
Beteiligen Sie sich
Helfen Sie uns, weiterhin wertvolle kostenlose Tools bereitzustellen
