CARVIEW

MOTORHOMES

Select Language

HTTP/2 200 content-type: text/html last-modified: Thu, 25 Dec 2025 16:13:52 GMT etag: "2017-694d62c0-c4e332744752a01a;gz" accept-ranges: bytes content-encoding: gzip vary: Accept-Encoding content-length: 3585 date: Sat, 27 Dec 2025 18:50:23 GMT server: LiteSpeed platform: hostinger panel: hpanel content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" SAML Response Decoder

SAML Response Decoder

Drop that giant base64 string here → get readable XML in 2 seconds

Simialr Decoder Tools

JWT Decoder

Sha256 Decrypt

Zero Width Character Decoder

Zero Width Character Remover

SAML Response Decoder

What is SAML and its response?

Hey, so I’ve been debugging SSO logins for the last three years and let me tell you - nothing makes you want to throw your laptop out the window faster than a giant unreadable SAMLResponse string staring at you in the browser console. It usually looks like this nightmare:
fZLBb9owEIbveQomT0pC7JJ1KhJEiNaZMW2a2 Gunn bla bla bla.... (goes on for ten pages)

In short,

Term	Meaning
SAML	Protocol for SSO using XML messages
SAML Response	Message from IdP -> App confirming user identity
SAML Assertion	The part of the response that carries user identity + attributes

SAML stands for Security Assertion Markup Language and it is actually a protocol that is used when we try to login with Log in with Okta, Microsoft Entra ID, Google Workspace, OneLogin etc.

What is SAML Response?

SAML Response is nothing but an XML document generated by the identity provider after the user successfully authenticates. Any SAML response contains these parts:

Assertion

The key part: User identity (NameID), Attributes (email, role, groups, etc.) and Conditions (validity timestamps)

Signature

Signature is the most import part of integrity. It ensures the response wasn't tampered with.

Destination

Destination of the SAML defines which application it is intended for.

Base64 Encoding

SAML Responses are in general base64-encoded when sent through the browser.

Where SAML is used?

The whole purpose of SAML is to provide a way to authenticate. So it is majorly used in Single Sign-On (SSO) for multiple apps. For example, with Office365 ID you can login to all the apps under Microsoft environment. It is also used as federation between organizations when two companies need to share apps securely etc.

If you ever find yourself googling "how to decode SAML response" at midnight, do yourself a favor and keep this one page little tool around and bookmark this in your browser. Your future self will thank you, and you'll look like a wizard when you drop the readable XML into the Slack thread five seconds after the customer sends the HAR file.

Pro tip: 99 % of login problems are either:

wrong NameID format
missing attribute
clock skew

Original Source | Taken Source