diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
index 71ceba798221bdb301506f60194acbee28c29a85..6b1b22b6256926bf84a354321064539b9849878d 100644
--- a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
@@ -127,7 +127,8 @@ class SimpleSAML_Bindings_SAML20_HTTPPost {
 			$signer->sign($firstassertionroot, $firstassertionroot, $subjectElements[0]);
 		}
 
-		if (isset($spmd['assertion.encryption']) && $spmd['assertion.encryption']) {
+		/* if the response status is not Success (eg. NoPassive) there is no assertions (firstassertionroot == null) to encrypt */
+		if (isset($spmd['assertion.encryption']) && $spmd['assertion.encryption'] && $firstassertionroot != null) {
 			$encryptedassertion = $responsedom->createElement("saml:EncryptedAssertion");
 			$encryptedassertion->setAttribute("xmlns:saml", "urn:oasis:names:tc:SAML:2.0:assertion");
 		
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
index 32ebfb432b20e06717e318e40e2fb7c78c86a32d..080d5ea3d0793c02e924b7e4592cb6e8adc04d14 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -734,6 +734,11 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
         </saml:AuthnStatement>
         ' . $attributestatement. '
     </saml:Assertion>';
+			$statusCode = '<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>';
+		} else {
+			$statusCode = '<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
+				<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:' . $status . '"/>;
+				</samlp:statusCode>';
 		}
 		
 		
@@ -750,10 +755,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 			IssueInstant="' . $issueInstant . '"
 			Destination="' . htmlspecialchars($destination) . '">
 			<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . htmlspecialchars($issuer) . '</saml:Issuer>
-			<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
-				<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-				Value="urn:oasis:names:tc:SAML:2.0:status:' . $status . '" />
-			</samlp:Status>'
+			<samlp:Status>' . $statusCode .	'</samlp:Status>'
 			. $assertion . 
 			'</samlp:Response>';