diff --git a/docs/simplesamlphp-reference-idp-hosted.txt b/docs/simplesamlphp-reference-idp-hosted.txt
index 0ea1325877243e585fe8f92e6ebb0ac67e5b86a0..50b5c0da591e6aba2e5925e549e80b1f0df8e2c6 100644
--- a/docs/simplesamlphp-reference-idp-hosted.txt
+++ b/docs/simplesamlphp-reference-idp-hosted.txt
@@ -203,6 +203,13 @@ The following SAML 2.0 options are available:
 :   Whether `<saml:Assertion> elements should be signed.
     Defaults to `TRUE`.
 
+:   Note that this option also exists in the SP-remote metadata, and
+    any value in the SP-remote metadata overrides the one configured
+    in the IdP metadata.
+
+`sign.logout`
+:   Whether to sign logout messages sent from this IdP.
+
 :   Note that this option also exists in the SP-remote metadata, and
     any value in the SP-remote metadata overrides the one configured
     in the IdP metadata.
diff --git a/docs/simplesamlphp-reference-idp-remote.txt b/docs/simplesamlphp-reference-idp-remote.txt
index a903d2c5bc01599c0ac69bf5f0da9207df5eb808..0edad94e632d89dee212b230c24014f4804d1dc0 100644
--- a/docs/simplesamlphp-reference-idp-remote.txt
+++ b/docs/simplesamlphp-reference-idp-remote.txt
@@ -110,6 +110,18 @@ The following SAML 2.0 options are available:
     -   `noauthnstatement` - Ignore missing &lt;AuthnStatement&gt; in &lt;Assertion&gt;.
     -   `noattributestatement` - Ignore missing &lt;AttributeStatement&gt; in &lt;Assertion&gt;.
 
+`sign.authnrequest`
+:   Whether to sign authentication requests sent to this IdP.
+
+:   Note that this option also exists in the SP configuration.
+    This value in the IdP remote metadata overrides the value in the SP configuration.
+
+`sign.logout`
+:   Whether to sign logout messages sent to this IdP.
+
+:   Note that this option also exists in the SP configuration.
+    This value in the IdP remote metadata overrides the value in the SP configuration.
+
 `SingleLogoutService`
 :   Endpoint URL for logout requests and responses. You should obtain this from the IdP. Users who log out from your service is redirected to this URL with the LogoutRequest using HTTP-REDIRECT.
 
diff --git a/docs/simplesamlphp-reference-sp-remote.txt b/docs/simplesamlphp-reference-sp-remote.txt
index ab6fd4a41d32f85688337c35a2c1a05ff62c5c44..7a5a841e6a6d47c807b03190c1ab17c2e4b9e852 100644
--- a/docs/simplesamlphp-reference-sp-remote.txt
+++ b/docs/simplesamlphp-reference-sp-remote.txt
@@ -238,6 +238,12 @@ The following SAML 2.0 options are available:
 :   -   `raw`: Store the attribute without any modifications. This
         makes it possible to include raw XML in the response.
 
+`sign.logout`
+:   Whether to sign logout messages sent to this SP.
+
+:   Note that this option also exists in the IdP-hosted metadata.
+    The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
+
 `validate.authnrequest`
 :   Whether we require signatures on authentication requests sent from this SP.
 
diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt
index 63d61e4072c57c1cec007e0336cb61ef06b7bf6d..7d4fd1f635d186a77bb23609d03dabae0ff83d63 100644
--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -252,6 +252,24 @@ Options
 
 :   *Note*: SAML 1 specific.
 
+`sign.authnrequest`
+:   Whether to sign authentication requests sent from this SP.
+
+:   Note that this option also exists in the IdP-remote metadata, and
+    any value in the IdP-remote metadata overrides the one configured
+    in the SP configuration.
+
+:   *Note*: SAML 2 specific.
+
+`sign.logout`
+:   Whether to sign logout messages sent from this SP.
+
+:   Note that this option also exists in the IdP-remote metadata, and
+    any value in the IdP-remote metadata overrides the one configured
+    in the SP configuration.
+
+:   *Note*: SAML 2 specific.
+
 `redirect.sign`
 :   Whether authentication requests, logout requests and logout responses sent from this SP should be signed. The default is `FALSE`.
 
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index e8a96aeb29fe04a42c9470ac2aaf1a69963a9e53..a9df3f95717033533c4d8e21179838c0a72badbf 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -53,9 +53,23 @@ class sspmod_saml_Message {
 	 */
 	private static function addRedirectSign(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata, SAML2_message $message) {
 
-		$signingEnabled = $dstMetadata->getBoolean('redirect.sign', NULL);
+		if ($message instanceof SAML2_LogoutRequest || $message instanceof SAML2_LogoutResponse) {
+			$signingEnabled = $srcMetadata->getBoolean('sign.logout', NULL);
+			if ($signingEnabled === NULL) {
+				$signingEnabled = $dstMetadata->getBoolean('sign.logout', NULL);
+			}
+		} elseif ($message instanceof SAML2_AuthnRequest) {
+			$signingEnabled = $srcMetadata->getBoolean('sign.authnrequest', NULL);
+			if ($signingEnabled === NULL) {
+				$signingEnabled = $dstMetadata->getBoolean('sign.authnrequest', NULL);
+			}
+		}
+
 		if ($signingEnabled === NULL) {
-			$signingEnabled = $srcMetadata->getBoolean('redirect.sign', FALSE);
+			$signingEnabled = $dstMetadata->getBoolean('redirect.sign', NULL);
+			if ($signingEnabled === NULL) {
+				$signingEnabled = $srcMetadata->getBoolean('redirect.sign', FALSE);
+			}
 		}
 		if (!$signingEnabled) {
 			return;