SAML Assertion Decoder

Decode Base64 (and optional DEFLATE) SAML assertions and inspect XML content. No signature verification.

Input is Base64 Deflated (Redirect binding)

Input

Decoded XML

—

How to Use

Paste SAML Content

Input your SAMLResponse or raw XML. You can toggle Base64 decoding and DEFLATE inflation depending on the binding used.

Configure Options

Check 'Input is Base64' for standard POST bindings, or 'Deflated' for Redirect bindings commonly used in SSO flows.

Inspect Results

View the decoded XML and a summary of key fields like Issuer, NameID, and user attributes automatically extracted from the assertion.

Frequently Asked Questions

What is a SAML Assertion?

Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between an identity provider and a service provider.

Does this tool verify signatures?

No. This tool is for decoding and inspection only. It does not perform cryptographic signature verification or validation against a trusted certificate.

What is the DEFLATE option for?

In the SAML Redirect binding, the XML is often deflated (compressed) and then Base64 encoded. Checking the 'Deflated' box allows the tool to decompress the data correctly.