See saml Menu

SAML Response

This tool validates a SAML Response, its signatures and its data.

To use this tool, paste the SAML Response XML. In order to validate the signature, the X.509 public certificate of the Identity Provider is required. If the SAML Response contains encrypted elements, the private key of the Service Provider is also required.

The SAML Response is sent by an Identity Provider and received by a Service Provider. In the validation process is checked who sent the message (IdP EntityId), who received the SAML Response (SP EntityId) and where (SP Attribute Consume Service Endpoint) and what is the final destination (Target URL, Destination).

If the SAML Response was sent after an AuthnRequest, the Request ID can also be provided in order to validate it too.

If the SAML Response is old and we want to ignore timing issues, mark the checkbox placed near the validate button.

Plain XML or Base64encoded

Private key value is not stored

Any private key value that you enter or we generate is not stored on this site or on the OneLogin platform. Also, notice that this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen.

For extra security, please do not use production keys on this site.

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.