diff --git a/lib/SimpleSAML/IdP.php b/lib/SimpleSAML/IdP.php
index 1be653d634ed6630b744ddaacbbb9aa326a3c557..1800365cbba00f21e1df4a62a109c50cb48730c2 100644
--- a/lib/SimpleSAML/IdP.php
+++ b/lib/SimpleSAML/IdP.php
@@ -45,9 +45,17 @@ class SimpleSAML_IdP {
 		$this->id = $id;
 
 		$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+		$globalConfig = SimpleSAML_Configuration::getInstance();
+
 		if (substr($id, 0, 6) === 'saml2:') {
+			if (!$globalConfig->getBoolean('enable.saml20-idp', FALSE)) {
+				throw new SimpleSAML_Error_Exception('enable.saml20-idp disabled in config.php.');
+			}
 			$this->config = $metadata->getMetaDataConfig(substr($id, 6), 'saml20-idp-hosted');
 		} elseif (substr($id, 0, 6) === 'saml1:') {
+			if (!$globalConfig->getBoolean('enable.shib13-idp', FALSE)) {
+				throw new SimpleSAML_Error_Exception('enable.shib13-idp disabled in config.php.');
+			}
 			$this->config = $metadata->getMetaDataConfig(substr($id, 6), 'shib13-idp-hosted');
 		} else {
 			assert(FALSE);
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 6bdbcecb6a8ed1eec50dea80f0d2e8d371cc846c..3d8a6969adbc6ed3db88412b430b1c39176cf1ed 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -13,11 +13,6 @@ require_once('../../../www/_include.php');
 
 SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService');
 
-$config = SimpleSAML_Configuration::getInstance();
-if (!$config->getBoolean('enable.saml20-idp', FALSE)) {
-	throw new SimpleSAML_Error_Error('NOACCESS');
-}
-
 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
 $idp = SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php
index 5bc310a23d91195163a50b534e594182b3182578..fc3ec6b8c95ec6cec710750d36e6fa985a984dd1 100644
--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -13,11 +13,6 @@ require_once('../../../www/_include.php');
 
 SimpleSAML_Logger::info('Shib1.3 - IdP.SSOService: Accessing Shibboleth 1.3 IdP endpoint SSOService');
 
-$config = SimpleSAML_Configuration::getInstance();
-if (!$config->getBoolean('enable.shib13-idp', FALSE)) {
-	throw new SimpleSAML_Error_Error('NOACCESS');
-}
-
 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 $idpEntityId = $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
 $idp = SimpleSAML_IdP::getById('saml1:' . $idpEntityId);