SAML Response Decoder - Decode & Format SAML XML
Free online SAML response decoder. Decode Base64-encoded SAML responses, format the XML output, and inspect SSO assertions instantly.
What Is a SAML Response Decoder?
A SAML (Security Assertion Markup Language) Response Decoder takes a Base64-encoded SAML response — the kind sent by identity providers during Single Sign-On (SSO) — and converts it back into readable, formatted XML. SAML responses contain assertions about a user's identity, authentication status, and attributes. Because these responses are Base64-encoded (and often URL-encoded as well) for transport via HTTP POST bindings, they are unreadable without decoding. This tool handles both URL-decoding and Base64-decoding in one step, then formats the resulting XML with proper indentation for easy inspection.
How to Use the SAML Decoder
- Copy the Base64-encoded SAML response from your browser's network tab, a log file, or your identity provider's test tool.
- Paste the encoded string into the input field. URL-encoded characters are handled automatically.
- The tool decodes the Base64 data and displays the resulting SAML XML with proper indentation.
- Review the XML to inspect assertions, attributes, conditions, and signature information.
- Use the copy button to copy the formatted XML for documentation or further analysis.
Common Use Cases
- SSO Integration Debugging — When setting up SAML SSO with providers like Okta, Azure AD, or OneLogin, decode the SAML response to verify assertion contents and attribute mappings.
- Authentication Troubleshooting — Decode failed SAML responses to identify issues like expired assertions, incorrect audience restrictions, or missing required attributes.
- Security Review — Inspect SAML responses to verify that signatures are present, assertions are properly scoped, and no sensitive data is unnecessarily exposed.
- Compliance Documentation — Capture and document SAML response structure for security audits or compliance reviews that require proof of SSO configuration.
FAQ
Where do I find the SAML response to decode?
You can capture SAML responses from your browser's developer tools. Open the Network tab, initiate a login, and look for the POST request to your application's assertion consumer service (ACS) URL. The SAMLResponse parameter in the form data contains the Base64-encoded response.
Does this tool validate SAML signatures?
No. This tool only decodes and formats the SAML XML for inspection. Signature validation requires the identity provider's certificate and should be performed by your SAML library on the server side.
Why is my SAML response URL-encoded?
When SAML responses are sent via HTTP POST binding, they are Base64-encoded. Some systems also URL-encode the Base64 string for safe transport. This tool automatically handles URL-decoding before Base64-decoding, so you can paste either format.
Is it safe to paste SAML responses into this tool?
Yes, all processing happens locally in your browser. No data is transmitted to any server. However, SAML responses contain user identity information, so avoid sharing them publicly or using production responses for testing when possible.