Home SAML SP-Initiated SSO

SAML SP-Initiated SSO

The Service Provider generates an AuthnRequest and redirects the user to the IdP. The IdP authenticates and POSTs a SAMLResponse back to the ACS URL.

1
Configuration

Enter your IdP's Single Sign-On URL and configure the SP Entity ID. The ACS URL is pre-filled with the Vercel deployment URL.

2
Generate AuthnRequest XML

The SP builds a SAML <AuthnRequest> XML document. It is then DEFLATE-compressed and base64-encoded per the HTTP Redirect binding spec (RFC 7519). No signing — educational mode.

Decoded AuthnRequest XML

XML · Decoded (before compression)
// Click Generate to build the XML

Encoded SAMLRequest (DEFLATE + base64url)

URL PARAM · SAMLRequest value
// Will appear after generation
3
Build the Redirect URL

The full URL sent to the IdP combines the SSO URL with the encoded SAMLRequest query parameter and a RelayState.

GETBrowser Redirect to IdP
// Will appear after generation
4
SAMLResponse at ACS

After authentication, the IdP will HTTP-POST the SAMLResponse to your ACS URL (/saml/acs). The backend decodes and displays the full assertion on a new page.

View SP Metadata XML ↗