diff --git a/www/saml2/idp/ArtifactResolutionService.php b/www/saml2/idp/ArtifactResolutionService.php
index c4e52bd1498e45b5b7b835575b9825e7f54a08aa..d0e1e05d67e7cf14c4f410e0ed2bd04c4d634fb3 100644
--- a/www/saml2/idp/ArtifactResolutionService.php
+++ b/www/saml2/idp/ArtifactResolutionService.php
@@ -11,7 +11,7 @@
 require_once('../../_include.php');
 
 $config = \SimpleSAML\Configuration::getInstance();
-if (!$config->getBoolean('enable.saml20-idp', false)) {
+if (!$config->getBoolean('enable.saml20-idp', false) || !Module::isModuleEnabled('saml')) {
     throw new \SimpleSAML\Error\Error('NOACCESS');
 }
 
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 5a400b854499c39bc04cf7fc62d99ede897551ed..e4b8988e66e0a3b52d470f6a6f1cdf8261bb6025 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -5,7 +5,6 @@
  * from a SAML 2.0 SP, parses, and process it, and then authenticates the user and sends the user back
  * to the SP with an Authentication Response.
  *
- * @author Andreas Ă…kre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
  * @package SimpleSAMLphp
  */
 
@@ -14,6 +13,12 @@ require_once('../../_include.php');
 \SimpleSAML\Logger::info('SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService');
 
 $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+
+$config = \SimpleSAML\Configuration::getInstance();
+if (!$config->getBoolean('enable.saml20-idp', false) || !\SimpleSAML\Module::isModuleEnabled('saml')) {
+    throw new \SimpleSAML\Error\Error('NOACCESS', null, 403);
+}
+
 $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
 $idp = \SimpleSAML\IdP::getById('saml2:' . $idpEntityId);
 
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index 2d3c0e4b4a1c1f2331aab0c9da1b9e80d31b0eb1..9a6050f960db5dd2dcfa219616a1ec3f848a62f0 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -13,6 +13,12 @@ require_once('../../_include.php');
 \SimpleSAML\Logger::info('SAML2.0 - IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService');
 
 $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+
+$config = \SimpleSAML\Configuration::getInstance();
+if (!$config->getBoolean('enable.saml20-idp', false) || !\SimpleSAML\Module::isModuleEnabled('saml')) {
+    throw new \SimpleSAML\Error\Error('NOACCESS', null, 403);
+}
+
 $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
 $idp = \SimpleSAML\IdP::getById('saml2:' . $idpEntityId);
 
diff --git a/www/saml2/idp/initSLO.php b/www/saml2/idp/initSLO.php
index 82c38c8d4d0dddcb4d895916a9b09551faa76466..b5eb3c1129c15cd5202c91a3e80b3a97eeb3111a 100644
--- a/www/saml2/idp/initSLO.php
+++ b/www/saml2/idp/initSLO.php
@@ -3,6 +3,12 @@
 require_once('../../_include.php');
 
 $metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+
+$config = \SimpleSAML\Configuration::getInstance();
+if (!$config->getBoolean('enable.saml20-idp', false) || !\SimpleSAML\Module::isModuleEnabled('saml')) {
+    throw new \SimpleSAML\Error\Error('NOACCESS', null, 403);
+}
+
 $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
 $idp = \SimpleSAML\IdP::getById('saml2:' . $idpEntityId);
 
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 2f820ea8166033a48a1573a9b70b78a8fea8c530..05a1959517fb343c4aca6eea33e363785c8b181e 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -5,18 +5,17 @@ require_once('../../_include.php');
 use Symfony\Component\VarExporter\VarExporter;
 
 use SAML2\Constants;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
 use SimpleSAML\Module;
 use SimpleSAML\Utils\Auth as Auth;
 use SimpleSAML\Utils\Crypto as Crypto;
 use SimpleSAML\Utils\HTTP as HTTP;
 use SimpleSAML\Utils\Config\Metadata as Metadata;
 
-// load SimpleSAMLphp configuration and metadata
-$config = \SimpleSAML\Configuration::getInstance();
-$metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
-
-if (!$config->getBoolean('enable.saml20-idp', false)) {
-    throw new \SimpleSAML\Error\Error('NOACCESS');
+$config = Configuration::getInstance();
+if (!$config->getBoolean('enable.saml20-idp', false) || !Module::isModuleEnabled('saml')) {
+    throw new Error\Error('NOACCESS', null, 403);
 }
 
 // check if valid local session exists
@@ -24,6 +23,8 @@ if ($config->getBoolean('admin.protectmetadata', false)) {
     Auth::requireAdmin();
 }
 
+$metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
+
 try {
     $idpentityid = isset($_GET['idpentityid']) ?
         $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
@@ -150,7 +151,7 @@ try {
         );
 
         if (!$idpmeta->hasValue('OrganizationURL')) {
-            throw new \SimpleSAML\Error\Exception(
+            throw new Error\Exception(
                 'If OrganizationName is set, OrganizationURL must also be set.'
             );
         }
@@ -245,5 +246,5 @@ try {
         exit(0);
     }
 } catch (\Exception $exception) {
-    throw new \SimpleSAML\Error\Error('METADATA', $exception);
+    throw new Error\Error('METADATA', $exception);
 }