SAML AuthnRequest Decoder
Decode SAML redirect-binding requests: URL-decode → Base64 → raw inflate → pretty-printed XML, fully client-side for safe SSO debugging.
About SAML AuthnRequest Decoder
SAML AuthnRequest Decoder unwraps SAML redirect-binding requests — URL-decode, Base64-decode, raw-inflate, then pretty-print the XML — entirely in your browser, so you can debug single sign-on without pasting sensitive requests into an unknown server.
How to use SAML AuthnRequest Decoder
- 1Paste or type your input into the box above — a sample is pre-filled so you can try it instantly.
- 2Set any options on offer (mode, key, format) to match what you need.
- 3The result appears the moment you type — no button to press, no waiting.
- 4Click Copy to grab the output — SAML AuthnRequest Decoder keeps everything on your device.
Why use SAML AuthnRequest Decoder?
- ✓Debugging why a service provider sets the wrong AssertionConsumerServiceURL or NameIDPolicy
- ✓Verifying the issuer, destination and requested authn context of an SSO request
- ✓Building a test SAMLRequest parameter to probe an identity provider endpoint
- ✓100% free with no sign-up, no watermark and no usage limits
- ✓Runs entirely in your browser — your text and keys are never uploaded, stored or logged
- ✓Works offline once loaded, with instant results and one-click copy
Frequently asked questions
Why is a SAMLRequest unreadable at first?+
The HTTP-Redirect binding sends the request as URL-encode(Base64(raw-DEFLATE(XML))). It is compressed and double-encoded for the URL, so it looks like random characters until those three layers are peeled back — which is exactly what this tool does.
Is it safe to paste a real SAML request here?+
Yes. All decoding happens with client-side JavaScript in your browser — the request is never transmitted to any server, so it is safe to inspect production SSO traffic.
Is it free to use?+
Yes — completely free with no sign-up, no account and no usage limits. There is no paywall, so you can encode, decode and convert as much as you like.
Is my data private and secure?+
Yes. This tool runs entirely in your browser using client-side JavaScript — your input is never uploaded to a server, stored or logged. Once the page has loaded you can use it offline, which makes it safe for tokens, keys and confidential data.
Related Developer tools
JSON to TypeScript Interface Generator
Paste JSON and get clean TypeScript interfaces instantly — nested objects become named interfaces, arrays of objects are merged with optional properties detected, unions inferred. 100% client-side.
● LiveIPv4 Subnet Calculator
Enter an IP and CIDR prefix to get the network, broadcast, mask, wildcard, host range and usable host count — the complete subnet breakdown, instantly.
● LiveCIDR to Subnet Mask Converter
Convert a CIDR prefix (/0–/32) to its dotted-decimal subnet mask and wildcard mask, and back again — with host counts for each prefix length.
● Live