diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 19c1ed59c6424147ac3140bfbed319d23b5497ff..a1746967e2c896c7d1a7a23fc3eaffc8bcf2e8e6 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -60,6 +60,7 @@ $nameId = NULL;
 $sessionIndex = NULL;
 $expire = NULL;
 $attributes = array();
+$foundAuthnStatement = FALSE;
 foreach ($assertions as $assertion) {
 
 	/* Check for duplicate assertion (replay attack). */
@@ -96,6 +97,16 @@ foreach ($assertions as $assertion) {
 	}
 
 	$attributes = array_merge($attributes, $assertion->getAttributes());
+
+	if ($assertion->getAuthnInstant() !== NULL) {
+		/* Assertion contains AuthnStatement, since AuthnInstant is a required attribute. */
+		$foundAuthnStatement = TRUE;
+	}
+}
+
+if (!$foundAuthnStatement) {
+	$e = new SimpleSAML_Error_Exception('No AuthnStatement found in assertion(s).');
+	SimpleSAML_Auth_State::throwException($state, $e);
 }
 
 if ($expire === NULL) {