</> DevKit
🛡️

SAML Decoder

Decode SAML requests and responses

🛡️ App Screenshot
Download on the App Store

What is SAML Decoder?

SAML Decoder takes encoded SAML (Security Assertion Markup Language) messages and transforms them into readable XML. SAML is the enterprise standard for Single Sign-On, used by identity providers like Okta, Azure AD, OneLogin, and PingFederate to exchange authentication and authorization data with service providers.

SAML messages are typically Base64-encoded and, for HTTP-Redirect bindings, additionally compressed with Deflate. This makes them unreadable in their raw form. DevKit’s SAML Decoder reverses these encoding layers automatically, presenting the full XML assertion with formatting and syntax highlighting so you can inspect every element.

How to Use SAML Decoder

Copy the SAMLRequest or SAMLResponse parameter from a URL query string or form POST body. Paste it into the decoder. The tool detects the encoding method (Base64 only, or Deflate + Base64) and applies the correct decoding pipeline.

The decoded XML is pretty-printed with syntax highlighting. Key SAML elements are called out: the Issuer identifies the identity provider, the NameID shows the authenticated user, the Conditions define the validity window, and the AttributeStatement contains user attributes like email, groups, and roles.

Common Use Cases

  • SSO troubleshooting: Decode SAML responses to verify that the identity provider is sending the correct NameID format, attributes, and audience restriction.
  • Integration debugging: Inspect SAML requests generated by your application to confirm they contain the correct Issuer, AssertionConsumerServiceURL, and requested authentication context.
  • Attribute mapping: Decode assertions to see exactly which user attributes the identity provider sends, helping you map them to your application’s user model.
  • Security auditing: Verify that SAML assertions include proper signature references, valid conditions with NotBefore/NotOnOrAfter timestamps, and appropriate audience restrictions.
  • Compliance verification: Inspect SAML metadata and assertions during compliance audits to confirm that authentication flows meet security requirements.

Features

  • Decode Base64-encoded SAML responses
  • Inflate deflated SAML requests
  • Pretty-print SAML XML
  • Highlight key SAML elements
  • Extract assertion attributes
  • Validate XML signature references

Related Tools

📃

XML Formatter & XPath

Format XML and test XPath queries

🔑

JWT Decoder & Verifier

Decode and verify JWT tokens

🗜️

Gzip / Zlib / Deflate

Compress and decompress data

Try SAML Decoder on your iPhone or iPad

Download on the App Store