This tool validates a SAML Response, its signatures and its data.
To use this tool, paste the SAML Response XML. In order to validate the signature, the X.509 public certificate of the Identity Provider is required. If the SAML Response contains encrypted elements, the private key of the Service Provider is also required.
The SAML Response is sent by an Identity Provider and received by a Service Provider. In the validation process is checked who sent the message (IdP EntityId), who received the SAML Response (SP EntityId) and where (SP Attribute Consume Service Endpoint) and what is the final destination (Target URL, Destination).
If the SAML Response was sent after an AuthnRequest, the Request ID can also be provided in order to validate it too.
If the SAML Response is old and we want to ignore timing issues, mark the checkbox placed near the validate button.