diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index 6bacfd73ebbc27f70746487dd283e7d87de7d640..3f73f6db9aa4601e927737ece3e3a51cb3007d29 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -453,7 +453,7 @@ class sspmod_saml_Message {
 	 * @param SimpleSAML_Configuration $spMetadata  The metadata of the service provider.
 	 * @param SimpleSAML_Configuration $idpMetadata  The metadata of the identity provider.
 	 * @param SAML2_Response $response  The response.
-	 * @return SAML2_Assertion  The assertion in the response, if it is valid.
+	 * @return array  Array with SAML2_Assertion objects, containing valid assertions from the response.
 	 */
 	public static function processResponse(
 		SimpleSAML_Configuration $spMetadata, SimpleSAML_Configuration $idpMetadata,
@@ -482,12 +482,14 @@ class sspmod_saml_Message {
 		$assertion = $response->getAssertions();
 		if (empty($assertion)) {
 			throw new SimpleSAML_Error_Exception('No assertions found in response from IdP.');
-		} elseif (count($assertion) > 1) {
-			throw new SimpleSAML_Error_Exception('More than one assertion found in response from IdP.');
 		}
-		$assertion = $assertion[0];
 
-		return self::processAssertion($spMetadata, $idpMetadata, $response, $assertion, $responseSigned);
+		$ret = array();
+		foreach ($assertion as $a) {
+			$ret[] = self::processAssertion($spMetadata, $idpMetadata, $response, $a, $responseSigned);
+		}
+
+		return $ret;
 	}
 
 
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 5379676e521b3ff6ae17d615b3d75a97048a48ff..35fc6f60ff890530597554a66a32960abae1cfbb 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -48,6 +48,10 @@ $idpMetadata = $source->getIdPmetadata($idp);
 
 try {
 	$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
+	if (count($assertion) > 1) {
+		throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
+	}
+	$assertion = $assertion[0];
 } catch (sspmod_saml_Error $e) {
 	/* The status of the response wasn't "success". */
 	$e = $e->toException();
diff --git a/www/example-simple/attributequery.php b/www/example-simple/attributequery.php
index aecff87dba5a6b96920611d21893d5a9813bf588..8ec2fc6143e34e71e1bf8316393ebda49b92a8d0 100644
--- a/www/example-simple/attributequery.php
+++ b/www/example-simple/attributequery.php
@@ -47,6 +47,10 @@ function handleResponse() {
 	$spMetadata =  $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted');
 
 	$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
+	if (count($assertion) > 1) {
+		throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
+	}
+	$assertion = $assertion[0];
 
 	$dataId = $response->getRelayState();
 	if ($dataId === NULL) {
diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php
index 7065f049c779a40babbf1cbd3b77a698d633501e..3e36f9616a9c9f019de9dc959342b8302b9005e7 100644
--- a/www/saml2/sp/AssertionConsumerService.php
+++ b/www/saml2/sp/AssertionConsumerService.php
@@ -105,6 +105,10 @@ try {
 
 	try {
 		$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
+		if (count($assertion) > 1) {
+			throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
+		}
+		$assertion = $assertion[0];
 	} catch (sspmod_saml_Error $e) {
 		/* The status of the response wasn't "success". */