diff --git a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
index 28d92f83a707cfb73b971bc5024f6dc3cbd9a696..a2c862fe410d2576cd726ae49736dbec5c59f324 100644
--- a/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/SQLPersistentNameID.php
@@ -133,6 +133,13 @@ class sspmod_saml_Auth_Process_SQLPersistentNameID extends sspmod_saml_BaseNameI
         $uid = array_values($state['Attributes'][$this->attribute]); // just in case the first index is no longer 0
         $uid = $uid[0];
 
+        if (empty($uid)) {
+            SimpleSAML\Logger::warning(
+                'Empty value in attribute '.var_export($this->attribute, true).
+                ' on user - not generating persistent NameID.'
+            );
+            return null;
+        }
 
         $value = sspmod_saml_IdP_SQLNameID::get($idpEntityId, $spEntityId, $uid);
         if ($value !== null) {