SAML Sign XML Online – Free | 8gwifi.org

SAML Sign XML

XML Signature RSA/DSA SSO
Learn SAML Anish Nath
Sign SAML XML
Sample SAML Messages
Select a sample or paste your own XML below.
Signature Algorithm
XML to Sign
X.509 Certificate
Private Key
Your private key is processed server-side and never stored.
Optional Settings
Signed Output
Signed XML Will Appear Here

Enter XML, certificate, and private key, then click "Sign XML"

About SAML Signing

SAML XML Signing adds a digital signature to SAML messages using the XML Signature (XMLDSig) standard. This provides:

  • Message Integrity: Detects if the message was tampered with
  • Authentication: Proves the message came from the expected sender
  • Non-repudiation: Sender cannot deny sending the message

Common Use Cases:

  • Sign AuthnRequest from Service Provider (SP)
  • Sign SAML Response from Identity Provider (IdP)
  • Sign individual Assertions within a Response
  • Sign LogoutRequest/LogoutResponse messages
Signature Algorithms
Algorithm URI Status
RSA-SHA256 xmldsig-more#rsa-sha256 Recommended
RSA-SHA512 xmldsig-more#rsa-sha512 Recommended
RSA-SHA1 xmldsig#rsa-sha1 Legacy
DSA-SHA256 xmldsig11#dsa-sha256 Niche
Understanding SAML
SAML Message Types
  • AuthnRequest: SP requests authentication from IdP (base64 deflated for HTTP-Redirect)
  • SAMLResponse: IdP returns authentication result with Assertions
  • SAML Assertions: Statements about the subject (user), including attributes
  • LogoutRequest/Response: Single Logout (SLO) messages
XML Signature Locations
  • Response Signature: Signs the entire <samlp:Response>
  • Assertion Signature: Signs the <saml:Assertion> element
  • Both: Some IdPs sign both Response and Assertion
SAML Bindings
  • HTTP-POST: Full XML with embedded signature in form POST
  • HTTP-Redirect: Deflated + Base64 URL-encoded, signature in query params
  • SOAP: Used for back-channel (Artifact Resolution, AttributeQuery)
Security Considerations
  • Always verify signatures on received SAML messages
  • Use SHA-256 or stronger algorithms (avoid SHA-1)
  • Validate certificate chain and expiration
  • Check assertion conditions (NotBefore, NotOnOrAfter)
References
Related Tools
SAML Guide

Complete guide to understanding SAML 2.0
SAML Verify

Verify SAML signatures and decode messages
RSA Tools

RSA encryption, decryption, signing
PEM Parser

Parse and decode PEM certificates
JWT Decoder

Decode and verify JWT tokens
Base64

Base64 encode and decode

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users
200+ tools
100% private
One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 Stay updated Follow @anish2good
Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.
Quick Access