diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
index 48c98a2a4e849c74a69712156d3ab5045c7c0d6d..a04370f78fdd901a6214f85eed04624d2d500e1b 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -283,12 +283,30 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 				throw new Exception('Unhandled SubjectConfirmationData: ' . $method->value);
 			}
 
-			$subjectConfirmationData = $this->doXPathQuery('saml:SubjectConfirmationData', $subjectConfirmation);
-			if($subjectConfirmationData === NULL) {
-				throw new Exception('Bearer confirmation node without verification data.');
-			}
+			foreach ($this->doXPathQuery('saml:SubjectConfirmationData', $subjectConfirmation)
+				as $subjectConfirmationData) {
+
+				$recipient = $subjectConfirmationData->getAttributeNode('Recipient');
+				if ($recipient !== NULL) {
+					/* The Recipient attribute contains the address this assertion should
+					 * be delivered to. Verify that it matches the current address.
+					 */
+					$recipient = $recipient->value;
+					$currentURL = SimpleSAML_Utilities::selfURL();
+
+					if ($recipient !== $currentURL) {
+						throw new Exception('Recipient in assertion doesn\'t match the ' .
+							' current URL. Recipient is "' . $recipient .
+							'", current URL is "' . $currentURL . '".');
+					}
+				}
 
-			/* TODO: Verify this subject. */
+				/* TODO: Verify the rest of the subject. Missing are:
+				 * - NotBefore & NotOnOrAfter
+				 * - InResponseTo
+				 * - Address
+				 */
+			}
 		}