See saml Menu

SAML Logout Request

This tool validates a Logout Request, its signature (if provided) and its data.

Paste the Logout Request if you want to also validate its signature (HTTP-Redirect binding), and paste also the X.509 public certificate of the entity that generated this request and the RelayState parameter. If the Logout Request contains an encrypted element, the private key of the entity that received the request is also required.

In the validation process the sender (EntityId of the source) of the message is checked and the target URL (SLO endpoint).

Plain XML or EncodedDeflated.


If the Logout Request was sent from the IdP and received at the SP, we named 'source' to the IdP and 'target' to the SP. Otherwise, the opposite.

Private key value is not stored

Any private key value that you enter or we generate is not stored on this site or on the OneLogin platform. Also, notice that this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen.

For extra security, please do not use production keys on this site.

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.