diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index 689d1927ba14ca774a72fabef7636dec74b60dad..6f111198a0456c88ad92931c512c58d9842c0fc9 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -586,15 +586,20 @@ class SP extends \SimpleSAML\Auth\Source
 
         $ar->setRequesterID($requesterID);
 
-        if (isset($state['saml:Extensions'])) {
+        // If the downstream SP has set extensions then use them.
+        // Otherwise use extensions that might be defined in the local SP (only makes sense in a proxy scenario)
+        if (isset($state['saml:Extensions']) && count($state['saml:Extensions']) > 0) {
             $ar->setExtensions($state['saml:Extensions']);
+        } else if ($this->metadata->getArray('saml:Extensions', null) !== null) {
+            $ar->setExtensions($this->metadata->getArray('saml:Extensions'));
         }
-        
+
         $providerName = $this->metadata->getString("ProviderName", null);
         if ($providerName !== null) {
             $ar->setProviderName($providerName);
         }
 
+
         // save IdP entity ID as part of the state
         $state['ExpectedIssuer'] = $idpMetadata->getString('entityid');