diff --git a/modules/saml/lib/Auth/Process/AttributeNameID.php b/modules/saml/lib/Auth/Process/AttributeNameID.php
index 356cab5b2bd6026e0c0838852f96af13abc50c11..b59bd7f52eab23bd82de6e135f99a2483211eb4a 100644
--- a/modules/saml/lib/Auth/Process/AttributeNameID.php
+++ b/modules/saml/lib/Auth/Process/AttributeNameID.php
@@ -67,6 +67,15 @@ class sspmod_saml_Auth_Process_AttributeNameID extends sspmod_saml_BaseNameIDGen
         }
         $value = array_values($state['Attributes'][$this->attribute]); // just in case the first index is no longer 0
         $value = $value[0];
+
+        if (empty($value)) {
+            SimpleSAML\Logger::warning(
+                'Empty value in attribute '.var_export($this->attribute, true).
+                ' on user - not generating persistent NameID.'
+            );
+            return null;
+        }
+
         return $value;
     }
 
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID.php b/modules/saml/lib/Auth/Process/PersistentNameID.php
index 762b613ed774b6908b65f653e157eac993e14c43..9865bc5b3d0d42f2a50436bc4ffb2c5d64e6b79d 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID.php
@@ -77,6 +77,14 @@ class sspmod_saml_Auth_Process_PersistentNameID extends sspmod_saml_BaseNameIDGe
         $uid = array_values($state['Attributes'][$this->attribute]); // just in case the first index is no longer 0
         $uid = $uid[0];
 
+        if (empty($uid)) {
+            SimpleSAML\Logger::warning(
+                'Empty value in attribute '.var_export($this->attribute, true).
+                ' on user - not generating persistent NameID.'
+            );
+            return null;
+        }
+
         $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
 
         $uidData = 'uidhashbase'.$secretSalt;