Validate SAML Logout Response

This tool validates a Logout Response, its signature (if provided) and its data.

To use this tool, paste the Logout Response, its signature (HTTP-Redirect binding - if you want to validate that as well), the X.509 public certificate of the entity that generated this response, and if exists, the RelayState parameter. If the Logout Response contains an encrypted element, the private key of the entity that received the response is also required.

In the validation process is checked who sent the message (EntityId of the source) and the target URL (SLO endpoint).

SAML Logout Response

Plain XML or EncodedDeflated.

EntityId of the source Target URL, Destination of the Logout Response Request ID

Notice

If the Logout Response was sent from the IdP and received at the SP, we named 'source' to the IdP and 'target' to the SP. Otherwise, we reverse the names.

X.509 cert of the source (to check Signature)

RelayState SigAlg

Signature of the SAML Logout Response

Private key value is not stored

Any private key value that you enter or we generate is not stored on this site or on the OneLogin platform. Also, notice that this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen.

For extra security, please do not use production keys on this site.