What is a SAML response?

A SAML (Security Assertion Markup Language) response is an XML document sent by an Identity Provider (IdP) to a Service Provider (SP) during single sign-on (SSO). It contains authentication assertions about the user.

What information does the decoder extract?

The decoder extracts and displays the issuer, NameID, session index, conditions (NotBefore, NotOnOrAfter, audience), authentication context, and all user attributes from the SAML assertion.

Utility Workspace

SAML Decoder

Q: Is my SAML data sent to a server?

No. All decoding is done entirely in your browser using JavaScript. Your SAML data never leaves your device.

Decode and inspect SAML responses and assertions

Client-sideSAML 2.0Instant

Paste Base64-Encoded SAML Response

Tool Guide

What is SAML?

SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP). It is commonly used for Single Sign-On (SSO) in enterprise environments.

Practical Flow

How to Use This Tool

1
Paste SAML Response: Copy the Base64-encoded SAML response from your browser's POST data or logs and paste it into the input area.
2
Click Decode: Press "Decode SAML" to decode the Base64 data and parse the XML.
3
View Details: See the extracted issuer, NameID, conditions, session info, authentication context, and all user attributes.
4
View Raw XML: Scroll down to see the pretty-printed XML source of the SAML response.
5
Copy XML: Click "Copy XML" to copy the formatted XML to your clipboard.

Keep In Mind

Important Note

All decoding is done entirely in your browser using JavaScript. Your SAML data never leaves your device. This tool does not validate SAML signatures — it is intended for inspection and debugging purposes.

More Details

What Information is Extracted?

Issuer: The Identity Provider that created the assertion.
NameID: The unique user identifier (often an email or username).
Conditions: Validity time range and audience restrictions.
Session Index: The session identifier from the IdP.
AuthnContext: The authentication method used (e.g., password, MFA).
Attributes: All user attributes sent in the assertion (e.g., email, roles, groups).

Explore More

JWT DecodeInspect and verify JSON Web Token payloads and headers.

UUID GeneratorGenerate UUID/GUID v1, v4, and v5 identifiers instantly.

Hash GeneratorGenerate MD5, SHA-1, SHA-256, SHA-512 hashes from any text.

Certificate DecoderParse and inspect SSL/PEM certificates in your browser.

Base64 EncodeConvert plain text or binary data into Base64 format instantly.

Base64 DecodeDecode Base64 strings back to readable text or binary data.

URL Encode/DecodeEncode or decode URLs, query strings and special characters.

Base64 ImageConvert images to Base64 strings and decode Base64 back to images.