diff --git a/modules/saml2/lib/Message.php b/modules/saml2/lib/Message.php
index a5b1b349aa0d1a57571b36fc0ebcf074f30ab7d4..b30859947c58c42b82d865b5d94de3f4e74010b5 100644
--- a/modules/saml2/lib/Message.php
+++ b/modules/saml2/lib/Message.php
@@ -468,17 +468,22 @@ class sspmod_saml2_Message {
 		if ($attribute === NULL) {
 			$attribute = $srcMetadata->getString('simplesaml.nameidattribute', NULL);
 			if ($attribute === NULL) {
-	                       /* generate a stable id */
-	                       return SimpleSAML_Utilities::generateUserIdentifier($srcMetadata->getString( 'entityid' ),
-			               $dstMetadata->getString( 'entityid' ),
-			               $attributes );
+				/* generate a stable id */
+				try {
+					return SimpleSAML_Utilities::generateUserIdentifier($srcMetadata->getString( 'entityid' ),
+						$dstMetadata->getString( 'entityid' ),
+						$attributes );
+				} catch (Exception $e) {
+					SimpleSAML_Logger::error('Unable to generate NameID: ' . $e->getMessage());
+					return NULL;
+				}
 			}
 		}
 
 		if (!array_key_exists($attribute, $attributes)) {
 			SimpleSAML_Logger::error('Unable to add NameID: Missing ' . var_export($attribute, TRUE) .
 				' in the attributes of the user.');
-			return SimpleSAML_Utilities::generateID();
+			return NULL;
 		}
 
 		return $attributes[$attribute][0];
@@ -644,6 +649,11 @@ class sspmod_saml2_Message {
 				/* this code will end up generating either a fixed assigned id (via nameid.attribute)
 				   or random id if not assigned/configured */
 				$nameIdValue = self::generateNameIdValue($srcMetadata, $dstMetadata, $state['Attributes']);
+				if ($nameIdValue === NULL) {
+					SimpleSAML_Logger::warning('Falling back to transient NameID.');
+					$nameIdFormat = SAML2_Const::NAMEID_TRANSIENT;
+					$nameIdValue = SimpleSAML_Utilities::generateID();
+				}
 			}
 
 			$nameId = array(