Tools

SAML Decoder

Paste a SAML Response or assertion (raw, base64, or URL-encoded) and decode its issuer, status, subject, conditions, audience, and attributes, with signature and weak-algorithm checks. Hardened against XXE.

Decoding runs locally in your browser. Nothing is sent anywhere.

Web browser SSO (SP-initiated)

Service ProviderIdentity Provider
1A user requests a protected resource at the service provider2The SP builds an AuthnRequest and redirects the browser to the IdPAuthnRequest3The IdP receives the AuthnRequest over the Redirect bindingHTTP-Redirect4The IdP authenticates the user5The IdP issues a signed Response carrying an AssertionAssertion6The browser POSTs the SAMLResponse back to the SP's ACSHTTP-POST7The SP checks the signature, conditions, and audienceConditions8The SP establishes a session and grants access

References