SAML Encoder

SAML Encoder – Inflate & Base64 Encode SAML Messages Online

Use this free online SAML encoder to quickly inflate and Base64-encode SAML messages for HTTP-Redirect or HTTP-POST bindings. Whether you’re preparing a SAML authentication flow, testing single sign-on (SSO), or working with identity providers (IdPs) and service providers (SPs), this tool helps you safely transform SAML requests, SAML responses, and SAML assertions into the encoded format required by your application.

Need to inspect existing SAML traffic? Pair this page with the companion SAML Decoder when you want to decode SAML, decode a SAML response, or use a full SAML assertion decoder online.

What This SAML Encoder Tool Does

This SAML encoder is designed to perform the exact steps used by many SSO and federation systems when sending SAML messages over the web:

• Inflate (optional compression step, usually DEFLATE)
• Base64-encode the SAML XML message
• Prepare data suitable for redirect or POST bindings

In practice, that means you can:

• Paste a raw SAML request XML or SAML response XML and get back an encoded SAML string.
• Use the result directly as the value of SAMLRequest or SAMLResponse in your redirects and HTML forms.
• Prepare test messages for debugging SSO integrations and identity federation workflows.

Although this page focuses on SAML encode operations, it’s built to complement the online SAML decoder on Coderstool, so you can move back and forth between encoded and decoded forms as needed.

How to Use the Online SAML Encoder

The interface is intentionally simple so you can go from XML to encoded SAML in seconds.

1. Encode a SAML Request

1. Copy your SAML request XML from your application, identity provider, or sample file.
2. Paste it into the “SAML Message (XML)” input area on this page.
3. Click Convert to encode the SAML request:
   • The tool inflates and Base64-encodes the message.
   • The result appears in the “Encoded Message” box.
4. Use the output string as the value for the SAMLRequest parameter in:
   • An HTTP Redirect URL, or
   • An HTML form field for HTTP-POST binding.

If you’re testing integrations, you can also swap content between input and output using the Swap control to quickly adjust and re-encode.

2. Encode a SAML Response or Assertion

You can use the same steps to prepare SAML responses:

1. Paste the SAML response XML or SAML assertion XML into the SAML Message field.
2. Click Convert to run the SAML encode operation.
3. Use the encoded string as the SAMLResponse parameter sent to the service provider.

This is useful when you’re:

• Crafting test SAML assertions.
• Replaying an authentication flow in a controlled environment.
• Working with a QA or staging IdP/SP setup.

3. Switch Between Encoding and Decoding

If you need to see what’s inside an encoded SAML token:

• Go to the SAML Decoder page to:
  • Decode SAML requests
  • Decode SAML responses
  • Use an online SAML decoder that performs Base64 decoding and deflating
  • Act as a SAML token decoder and SAML assertion decoder for troubleshooting

Using both tools together gives you a full SAML encoder / SAML decoder online workflow for any SAML message you capture or generate.

Decode SAML Messages with the Companion SAML Decoder

Although this page is for encoding, most SSO troubleshooting involves some kind of SAML decode step:

• Decode SAML response values captured from browser dev tools.
• Run a SAML response decode to view the XML, attributes, and conditions.
• Use the SAML request decoder to decode SAML request parameters from query strings.
• Let the tool perform a SAML request decode for HTTP-Redirect flows.
• Treat the decoder as a SAML assertion decoder when you need to inspect claims and subject details.

For all of that, use the dedicated SAML Decoder on Coderstool. It’s designed to be your SAML decoder online companion to this encoder.

Common Use Cases for a SAML Encoder / Decoder

Developers, security engineers, and DevOps teams use this SAML encoder / decoder combo in several scenarios:

• Debugging SSO issues
  Capture a SAMLRequest or SAMLResponse from the browser, decode it, adjust the XML, and then re-encode it to replay or test fixes.
• Verifying IdP and SP configuration
  Confirm that the issuer, audience, ACS URL, NameID format, or certificate details are correct in the SAML assertion.
• Reviewing SAML tokens during audits
  Use the SAML token decoder to inspect exactly what’s being sent for authentication and authorization.
• Implementing new SAML integrations
  While building support for SAML in your app, generate sample SAML messages, encode them, and test with an identity provider or service provider.
• Training and documentation
  Walk new team members through how SAML encoding works, showing them the mapping from human-readable XML to an encoded SAML string.

How SAML Encoding & Decoding Works (Under the Hood)

Understanding what happens behind the scenes helps you use tools like this online SAML decoder / encoder more confidently.

Base64 Encoding of SAML XML

SAML messages are XML documents. Before they’re sent over HTTP:

1. The XML SAML message (request, response, or assertion) is serialized as text.
2. It is often compressed (deflated) for HTTP-Redirect bindings to reduce size.
3. The resulting bytes are Base64-encoded to create a URL-safe text string.

This is exactly what this SAML encoder does for you: convert readable XML into a compact Base64-encoded SAML string ready for transport.

HTTP-Redirect vs HTTP-POST Bindings

• HTTP-Redirect binding
  • Typically uses DEFLATE compression + Base64 encoding.
  • The encoded SAML message is sent as a query string parameter (e.g., SAMLRequest).
• HTTP-POST binding
  • Uses Base64 encoding (sometimes without compression).
  • The encoded SAML message is included in a hidden HTML form field and posted to the ACS URL.

When you encode SAML with this tool, you’re preparing a message that can be used in either of these bindings, depending on how your system is configured.

Requests, Responses, and Assertions

• A SAML request asks the IdP to authenticate a user.
• A SAML response is returned by the IdP and usually contains:
  • A SAML assertion with the authenticated user’s identity and attributes.
• The SAML assertion is the core “token” that many people refer to when they say “SAML token.”

This tool doesn’t validate the semantics of your XML—it focuses on the encode / decode transformation used in transport.

Security & Privacy When Using SAML Online Tools

SAML data often contains sensitive information about users and authentication flows. When using any online SAML decoder or encoder:

• Avoid production secrets when possible
  Use sample data or sanitize your SAML messages before pasting them into tools.
• Prefer trusted tools
  Coderstool aims to provide simple, browser-based utilities that are convenient and safe for development and testing.
• Use local tooling for highly sensitive environments
  For regulated or high-security systems, combine this tool with local scripts or library calls in your own environment as part of your security best practices.

Always follow your organization’s security policies when working with SAML assertions, tokens, and identity data.

Related Online Tools on Coderstool

Working with SAML often goes hand-in-hand with other encoding and security tasks. Here are some tools that pair well with this SAML encoder / SAML decoder online workflow:

• SAML Decoder – Deflate and Base64 decode SAML request and response payloads to human-readable XML.
• JWT Decoder – If you also work with OAuth 2.0 / OpenID Connect, use this JWT decoder to inspect JSON Web Tokens (headers, payload, claims, and signature).
• Base64 Tools – A full suite of Base64 encoder/decoder utilities for text, files, and images.
• Encode / Decode Tools – Browse more encode/decode utilities for URL encoding, Base58/62/91, Morse code, and other formats.

Exploring these related tools can help streamline your entire identity and security workflow—no heavy dependencies, just fast, focused utilities you can open in your browser whenever you need them.