diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index c8bfaf5251a0eabffccabe692c3b9162b0d98355..48e1b2459984f0e2d3dff320128462e9419b7d84 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -149,7 +149,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml1');
 		$ar->setRelayState($id);
 
-		$url = $ar->createRedirect($idpEntityId, SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php'));
+		$url = $ar->createRedirect($idpEntityId, SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php/' . $this->authId));
 
 		SimpleSAML_Logger::debug('Starting SAML 1 SSO to ' . var_export($idpEntityId, TRUE) .
 			' from ' . var_export($this->entityId, TRUE) . '.');
@@ -167,7 +167,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 
 		$ar = sspmod_saml2_Message::buildAuthnRequest($this->metadata, $idpMetadata);
 
-		$ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php'));
+		$ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId));
 		$ar->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);
 
 		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml2');
diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php
index 72a7eb5516d43fdc07c5986f6dbe7bf6cb90b9ad..3db89da7d15e442f0683acc5f61b203bfa3d9c52 100644
--- a/modules/saml/www/sp/metadata.php
+++ b/modules/saml/www/sp/metadata.php
@@ -17,22 +17,22 @@ if (!($source instanceof sspmod_saml_Auth_Source_SP)) {
 
 $entityId = $source->getEntityId();
 $metaArray11 = array(
-	'AssertionConsumerService' => SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php'),
+	'AssertionConsumerService' => SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php/' . $sourceId),
 );
 
 $spconfig = $source->getMetadata();
 if ($spconfig->getBoolean('saml11.binding.artifact.enable', FALSE)) {
-	$metaArray11['AssertionConsumerService.artifact'] = SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php/artifact');
+	$metaArray11['AssertionConsumerService.artifact'] = SimpleSAML_Module::getModuleURL('saml/sp/saml1-acs.php/' . $sourceId . '/artifact');
 }
 
 
 $metaArray20 = array(
-	'AssertionConsumerService' => SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php'),
+	'AssertionConsumerService' => SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $sourceId),
 	'SingleLogoutService' => SimpleSAML_Module::getModuleURL('saml/sp/saml2-logout.php/' . $sourceId),
 );
 	
 if ($spconfig->getBoolean('saml20.binding.artifact.enable', FALSE)) {
-	$metaArray20['AssertionConsumerService.artifact'] = SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php');
+	$metaArray20['AssertionConsumerService.artifact'] = SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $sourceId);
 }
 
 $certInfo = SimpleSAML_Utilities::loadPublicKey($spconfig->toArray());
diff --git a/modules/saml/www/sp/saml1-acs.php b/modules/saml/www/sp/saml1-acs.php
index 06cdf4ee2a5aca2ceebf0f381c2fa97e75058dc1..336d47fa43f86b175e5c45682c2b0690cd94e119 100644
--- a/modules/saml/www/sp/saml1-acs.php
+++ b/modules/saml/www/sp/saml1-acs.php
@@ -8,19 +8,22 @@ if (!array_key_exists('TARGET', $_REQUEST)) {
 	throw new SimpleSAML_Error_BadRequest('Missing TARGET parameter.');
 }
 
+$sourceId = $_SERVER['PATH_INFO'];
+$end = strpos($sourceId, '/', 1);
+if ($end === FALSE) {
+	$end = strlen($sourceId);
+}
+$sourceId = substr($sourceId, 1, $end - 1);
+
+$source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP');
+
 
 $state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:ssosent-saml1');
 
-/* Find authentication source. */
+/* Check that the authentication source is correct. */
 assert('array_key_exists("saml:sp:AuthId", $state)');
-$sourceId = $state['saml:sp:AuthId'];
-
-$source = SimpleSAML_Auth_Source::getById($sourceId);
-if ($source === NULL) {
-	throw new SimpleSAML_Error_Exception('Could not find authentication source with id ' . $sourceId);
-}
-if (!($source instanceof sspmod_saml_Auth_Source_SP)) {
-	throw new SimpleSAML_Error_Exception('Source type changed?');
+if ($state['saml:sp:AuthId'] !== $sourceId) {
+	throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
 }
 
 $idpEntityId = $state['saml:idp'];
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index df766fd5b3c8d7ab3261cd410f7f7b428091ee5f..3c9ae269d911640a24a85fbf95b6b2e7d0f65ec0 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -4,6 +4,9 @@
  * Assertion consumer service handler for SAML 2.0 SP authentication client.
  */
 
+$sourceId = substr($_SERVER['PATH_INFO'], 1);
+$source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP');
+
 $b = SAML2_Binding::getCurrentBinding();
 $response = $b->receive();
 if (!($response instanceof SAML2_Response)) {
@@ -17,16 +20,10 @@ if (empty($relayState)) {
 
 $state = SimpleSAML_Auth_State::loadState($relayState, 'saml:sp:ssosent-saml2');
 
-/* Find authentication source. */
+/* Check that the authentication source is correct. */
 assert('array_key_exists("saml:sp:AuthId", $state)');
-$sourceId = $state['saml:sp:AuthId'];
-
-$source = SimpleSAML_Auth_Source::getById($sourceId);
-if ($source === NULL) {
-	throw new Exception('Could not find authentication source with id ' . $sourceId);
-}
-if (!($source instanceof sspmod_saml_Auth_Source_SP)) {
-	throw new SimpleSAML_Error_Exception('Source type changed?');
+if ($state['saml:sp:AuthId'] !== $sourceId) {
+	throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
 }