Online Tools Menu Close

Validate SAML Logout Response

This tool validates a Logout Response, its signature (if provided) and its data.

To use this tool, paste the Logout Response, its signature (HTTP-Redirect binding - if you want to validate that as well), the X.509 public certificate of the entity that generated this response, and if exists, the RelayState parameter. If the Logout Response contains an encrypted element, the private key of the entity that received the response is also required.

In the validation process is checked who sent the message (EntityId of the source) and the target URL (SLO endpoint).

Plain XML or EncodedDeflated.


If the Logout Response was sent from the IdP and received at the SP, we named 'source' to the IdP and 'target' to the SP. Otherwise, we reverse the names.

Private key value is not stored

Any private key value that you enter or we generate is not stored on this site or on the OneLogin platform. Also, notice that this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen.

For extra security, please do not use production keys on this site.