diff --git a/www/wsfed/sp/prp.php b/www/wsfed/sp/prp.php
index 6bafe03b799d2a6e280bb4f05446b11e003de4a9..76e4584e3f668de147db4320c6fca17f095de96b 100644
--- a/www/wsfed/sp/prp.php
+++ b/www/wsfed/sp/prp.php
@@ -95,6 +95,15 @@ try {
 			$idpEntityId . '\'.');
 	}
 
+	/* Check time constraints of contitions (if present). */
+	foreach($xpath->query('./saml:Conditions', $assertion) as $condition) {
+		$notBefore = $condition->getAttribute('NotBefore');
+		$notOnOrAfter = $condition->getAttribute('NotOnOrAfter');
+		if(!SimpleSAML_Utilities::checkDateConditions($notBefore, $notOnOrAfter)) {
+			throw new Exception('The response has expired.');
+		}
+	}
+
 
 	/* Extract the name identifier from the response. */
 	$nameid = $xpath->query('./saml:AuthenticationStatement/saml:Subject/saml:NameIdentifier', $assertion);