SAML 解码器在线 — 免费解码 SAML 响应和请求

将 Base64 编码的 SAML 响应和请求解码为可读的 XML。使用免费的在线 SAML 解码工具调试 SSO 身份验证令牌。

编码的 SAML

解码的 XML

关于 SAML 解码器

SAML（安全断言标记语言）是用于在身份提供者和服务提供者之间交换认证和授权数据的基于 XML 的框架。SAML 响应和请求通常是 Base64 编码的。此工具可解码 SAML 令牌并格式化 XML 以便于阅读。支持 SAML 响应（仅 Base64）和 SAML 请求（Base64 + Deflate 压缩）。

𝕏 Twitter in LinkedIn

💬 User Feedback

评价此工具

4.6 / 5 · 179 人评价

保持更新

获取每周开发技巧和新工具通知。

无垃圾邮件，随时退订。

Enjoy these free tools?

☕Buy Me a Coffee

How to Use SAML Decoder

Copy the Base64-encoded SAML response or request from your browser, IdP logs, or SP debug output
Paste the encoded SAML data into the input field
The tool automatically detects whether the input is a SAML Response (Base64) or SAML Request (Base64 + Deflate)
View the decoded, pretty-printed XML with highlighted assertion details
Copy the decoded XML for debugging or documentation

Common Use Cases

Debugging SSO login failures by inspecting SAML assertions and attributes
Verifying identity provider (IdP) configuration during SAML integration setup
Inspecting SAML NameID, audience restrictions, and conditions in authentication responses
Troubleshooting SAML signature validation errors between IdP and SP
Auditing SAML attribute mappings for user provisioning workflows

Frequently Asked Questions

What is a SAML assertion and how do I decode it?

A SAML assertion is an XML document issued by an identity provider (IdP) that contains authentication and authorization statements about a user. Assertions are Base64-encoded for transport. Paste the encoded string into this tool to instantly decode it to readable XML.

How do I decode a SAML response from my browser?

Open your browser's developer tools (F12), go to the Network tab, and look for the POST request to your SP's ACS URL. The SAMLResponse parameter in the form data is the Base64-encoded response. Copy and paste it into this tool.

What is the difference between SAML and OAuth?

SAML is an XML-based protocol primarily used for enterprise SSO between identity providers and service providers. OAuth 2.0 is a JSON-based authorization framework used for API access and third-party app authorization. SAML handles authentication while OAuth focuses on authorization.

Can this tool decode Base64-encoded SAML with Deflate compression?

Yes. SAML Requests typically use Base64 + Deflate compression (as per the HTTP-Redirect binding). This tool automatically detects and handles both plain Base64 and Base64+Deflate encoded SAML data.

Is it safe to paste SAML tokens into this decoder?

Yes, completely safe. All decoding happens locally in your browser. Your SAML data is never sent to any server, stored, or logged. The tool runs entirely client-side.

What information is contained in a SAML response?

A SAML response typically contains: the issuer (IdP), a digital signature, status codes, one or more assertions with the subject (NameID), authentication statements, attribute statements (like email, name, roles), and conditions (audience restriction, validity period).

Why is my SAML response failing to decode?

Common causes include: incomplete copy of the Base64 string, URL-encoded characters that need to be decoded first, or the data is not actually SAML. Make sure you copy the entire SAMLResponse value without truncation.