diff --git a/modules/saml/www/sp/saml2-logout.php b/modules/saml/www/sp/saml2-logout.php
index 5f968a0aacec300af7de7982f99689d11f493df6..d1cc4dc5d93afb93b14bf61812eeb0a83b04e6f4 100644
--- a/modules/saml/www/sp/saml2-logout.php
+++ b/modules/saml/www/sp/saml2-logout.php
@@ -57,6 +57,15 @@ if ($message instanceof SAML2_LogoutResponse) {
 	SimpleSAML_Logger::debug('module/saml2/sp/logout: Request from ' . $idpEntityId);
 	SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $spEntityId . ' ' . $idpEntityId);
 
+	if ($message->isNameIdEncrypted()) {
+		try {
+			$key = self::getDecryptionKey($idpMetadata, $spMetadata);
+		} catch (Exception $e) {
+			throw new SimpleSAML_Error_Exception('Error decrypting NameID: ' . $e->getMessage());
+		}
+		$message->decryptNameId($key);
+	}
+
 	$nameId = $message->getNameId();
 	$sessionIndexes = $message->getSessionIndexes();