SAML Decoder

Use this tool to decode SAML requests, assertions, metadata, and more.

Use this SAML Decoder tool to decode SAML requests, assertions, metadata, or other encoded SAML output into a human-readable, formatted XML form.

How does the tool work?

It works by doing the following to the supplied input:

1. URI Decode
2. Base 64 Decode
3. Inflate
4. Format into easily readable XML

A quick overview of SAML

• SAML is a security protocol commonly used for Single Sign-on (SSO)
• SAML is a secure assertion markup language
• SAML is a grouping of one or more assertions
• SP (Service Provider): The service provider is the main app with content or some other service. It's providing the service or content that you try to sign into (through a log-in page or SSO).
• IDP (Identity Provider): The identity provider is the server/service that handles authentication. It's where the identity of the user is checked.

At a very high level SAML allows apps to read assertions about identities and rely on that information because it came from a trusted source. For example, a service provider requests information about a user in a SAML request. The IDP, after some checks about the user, can than issue a SAML response including assertions about certain attributes that user has. The service provider is then able to make decisions based on what's been asserted about that user.

How is SAML information encoded?

To make SAML requests, or other information, easier to transfer through the network in urls, it’s typically encoded using 4 steps.

Step 1: Encode UTF-16 to UTF-8.

• 8-bit Unicode Transformation Format
• 16-bit Unicode Transformation Format

Step 2: Deflate

• A lossless compression algorithm to decrease the size of the package

Step 3: Base64 encode

• Common encoding for sending information over the network

Step 4: URI encode

• Ensure that there are no special characters that would be invalid or interpreted differently