diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 46a0ea887e7e6d148fd8b0efc2d59b47c67aa52c..19bbfbd40f2a5f241dcae7cbd164f4f758ee9072 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -473,6 +473,11 @@ class SimpleSAML_Utilities {
 			$url = self::selfURLhost() . $url;
 		}
 
+		/* Verify that the URL is to a http or https site. */
+		if (!preg_match('@^https?://@i', $url)) {
+			throw new SimpleSAML_Error_Exception('Redirect to invalid URL: ' . $url);
+		}
+
 		/* Determine which prefix we should put before the first
 		 * parameter.
 		 */