diff --git a/modules/saml/www/sp/saml2-logout.php b/modules/saml/www/sp/saml2-logout.php
index d1cc4dc5d93afb93b14bf61812eeb0a83b04e6f4..50dd62b3a39c37f514416ccd8826382f182fe76d 100644
--- a/modules/saml/www/sp/saml2-logout.php
+++ b/modules/saml/www/sp/saml2-logout.php
@@ -37,6 +37,11 @@ $spMetadata = $source->getMetadata();
 
 sspmod_saml_Message::validateMessage($idpMetadata, $spMetadata, $message);
 
+$destination = $message->getDestination();
+if ($destination !== NULL && $destination !== SimpleSAML_Utilities::selfURLNoQuery()) {
+	throw new SimpleSAML_Error_Exception('Destination in logout message is wrong.');
+}
+
 if ($message instanceof SAML2_LogoutResponse) {
 
 	$relayState = $message->getRelayState();