diff --git a/lib/SAML2/HTTPPost.php b/lib/SAML2/HTTPPost.php
index 3a0a85c8b51a17da6f40e8bfa515241c316d9535..fc98537f44b971740b17d17074b1b2e1a04daf76 100644
--- a/lib/SAML2/HTTPPost.php
+++ b/lib/SAML2/HTTPPost.php
@@ -26,6 +26,9 @@ class SAML2_HTTPPost extends SAML2_Binding {
 
 		$msgStr = $message->toSignedXML();
 		$msgStr = $msgStr->ownerDocument->saveXML($msgStr);
+
+		SimpleSAML_Utilities::debugMessage($msgStr, 'out');
+
 		$msgStr = base64_encode($msgStr);
 		$msgStr = htmlspecialchars($msgStr);
 
@@ -86,6 +89,8 @@ END;
 
 		$msg = base64_decode($msg);
 
+		SimpleSAML_Utilities::debugMessage($msg, 'in');
+
 		$document = new DOMDocument();
 		$document->loadXML($msg);
 		$xml = $document->firstChild;
diff --git a/lib/SAML2/HTTPRedirect.php b/lib/SAML2/HTTPRedirect.php
index 71a32b42a1dc58382c694ceff955fe2fbc40cf77..24f13c104d62571a4e9406267aa943e1f52e3eac 100644
--- a/lib/SAML2/HTTPRedirect.php
+++ b/lib/SAML2/HTTPRedirect.php
@@ -30,6 +30,9 @@ class SAML2_HTTPRedirect extends SAML2_Binding {
 
 		$msgStr = $message->toUnsignedXML();
 		$msgStr = $msgStr->ownerDocument->saveXML($msgStr);
+
+		SimpleSAML_Utilities::debugMessage($msgStr, 'out');
+
 		$msgStr = gzdeflate($msgStr);
 		$msgStr = base64_encode($msgStr);
 
@@ -112,6 +115,8 @@ class SAML2_HTTPRedirect extends SAML2_Binding {
 			throw new Exception('Unknown SAMLEncoding: ' . var_export($encoding, TRUE));
 		}
 
+		SimpleSAML_Utilities::debugMessage($msg, 'in');
+
 		$document = new DOMDocument();
 		$document->loadXML($msg);
 		$xml = $document->firstChild;
diff --git a/lib/SAML2/SOAPClient.php b/lib/SAML2/SOAPClient.php
index 292d16699833a863ecd50a6954d7e4b30aa9702d..fc1824fea7ba58554c93e6e11cf125d75dc67142 100644
--- a/lib/SAML2/SOAPClient.php
+++ b/lib/SAML2/SOAPClient.php
@@ -91,6 +91,8 @@ class SAML2_SOAPClient {
 		$request = $msg->toSignedXML();
 		$request = self::START_SOAP_ENVELOPE . $request->ownerDocument->saveXML($request) . self::END_SOAP_ENVELOPE;
 
+		SimpleSAML_Utilities::debugMessage($request, 'out');
+
 		$action = 'http://www.oasis-open.org/committees/security';
 		$version = '1.1';
 		$destination = $msg->getDestination();
@@ -102,6 +104,8 @@ class SAML2_SOAPClient {
 			throw new Exception('Empty SOAP response, check peer certificate.');
 		}
 
+		SimpleSAML_Utilities::debugMessage($soapresponsexml, 'in');
+
 		// Convert to SAML2_Message (DOMElement)
 		$dom = new DOMDocument();
 		if (!$dom->loadXML($soapresponsexml)) {
diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index 63241b16dcb83b0b8b57e85ae2ea6b04effe4d9b..7ed7561e1082b07d528a1c48f142e030d888edb4 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -122,6 +122,8 @@ class SimpleSAML_Bindings_Shib13_Artifact {
 		$artifacts = self::getArtifacts();
 		$request = self::buildRequest($artifacts);
 
+		SimpleSAML_Utilities::debugMessage($msgStr, 'out');
+
 		$url = $idpMetadata->getDefaultEndpoint('ArtifactResolutionService', array('urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding'));
 		$url = $url['Location'];
 
@@ -166,6 +168,8 @@ class SimpleSAML_Bindings_Shib13_Artifact {
 			throw new SimpleSAML_Error_Exception('Failed to retrieve assertion from IdP.');
 		}
 
+		SimpleSAML_Utilities::debugMessage($response, 'in');
+
 		/* Find the response in the SOAP message. */
 		$response = self::extractResponse($response);
 
diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index bd6cff3a742d4f805a552de35115ba7738cb8754..ee769e5a43337e32cfbda968df7be354481c321e 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -79,6 +79,8 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 
 		$response = $responsedom->saveXML();
 
+		SimpleSAML_Utilities::debugMessage($response, 'out');
+
 		if ($this->configuration->getBoolean('debug', FALSE)) {
 			$p = new SimpleSAML_XHTML_Template($this->configuration, 'post-debug.php');
 			$p->data['header'] = 'SAML (Shibboleth 1.3) Response Debug-mode';
@@ -114,6 +116,8 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		$rawResponse = $post['SAMLResponse'];
 		$samlResponseXML = base64_decode($rawResponse);
 
+		SimpleSAML_Utilities::debugMessage($samlResponseXML, 'in');
+
 		SimpleSAML_Utilities::validateXMLDocument($samlResponseXML, 'saml11');
 
 		$samlResponse = new SimpleSAML_XML_Shib13_AuthnResponse();
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 5b78098e69391addb4123b934f822bcb920e7364..02057ee2548b8f7a171c52f64f5a47ce589705e5 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -1906,6 +1906,35 @@ class SimpleSAML_Utilities {
 		SimpleSAML_Utilities::redirect($url);
 	}
 
+
+	/**
+	 * Helper function to log messages that we send or receive.
+	 *
+	 * @param string $message  The message, as an XML string.
+	 * @param string $type  Whether this message is sent or received.
+	 */
+	public static function debugMessage($message, $type) {
+		assert('is_string($message)');
+		assert('$type === "out" || $type === "in"');
+
+		$globalConfig = SimpleSAML_Configuration::getInstance();
+		if (!$globalConfig->getBoolean('debug', FALSE)) {
+			/* Message debug disabled. */
+			return;
+		}
+
+		if ($type === 'in') {
+			SimpleSAML_Logger::debug('Received message:');
+		} else {
+			SimpleSAML_Logger::debug('Sending message:');
+		}
+
+		$str = self::formatXMLString($message);
+		foreach (explode("\n", $str) as $line) {
+			SimpleSAML_Logger::debug($line);
+		}
+	}
+
 }
 
 ?>
\ No newline at end of file