diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index b08ed9a1e3750c29e9120d5bace55121c249bd7e..508ad15b8b561369ac50519041061d56fb7467ea 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -10,7 +10,6 @@ use SAML2\Constants;
 use SAML2\Exception\Protocol\NoAvailableIDPException;
 use SAML2\Exception\Protocol\NoPassiveException;
 use SAML2\Exception\Protocol\NoSupportedIDPException;
-use SAML2\Exception\ProtocolViolationException;
 use SAML2\LogoutRequest;
 use SAML2\XML\saml\NameID;
 use SimpleSAML\Assert\Assert;
@@ -1143,8 +1142,8 @@ class SP extends \SimpleSAML\Auth\Source
 
         Assert::true(
             $allowUnsolicited,
-            'Received an unsolicited response, which is against SAML2INT specification.',
-            ProtocolViolationException::class,
+            'Unsolicited responsed are denied by configuration.',
+            Error\BadRequest::class,
         );
 
         if (isset($state['saml:sp:isUnsolicited']) && (bool) $state['saml:sp:isUnsolicited']) {
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 7001c3a887a7156a2c070d08029860149ab174e9..097463cf98f54751c0875159a3f99ac05a274b54 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -7,7 +7,6 @@
 use SAML2\Binding;
 use SAML2\Assertion;
 use SAML2\Exception\Protocol\UnsupportedBindingException;
-use SAML2\Exception\ProtocolViolationException;
 use SAML2\HTTPArtifact;
 use SAML2\Response;
 use SimpleSAML\Assert\Assert;
@@ -109,8 +108,8 @@ $allowUnsolicited = $config->getBoolean('enable.saml20-unsolicited', true);
 
 Assert::true(
     $allowUnsolicited,
-    'Received an unsolicited response, which is against SAML2INT specification.',
-    ProtocolViolationException::class,
+    'Unsolicited responses are denied by configuration.',
+    Error\BadRequest::class,
 );
 
 if ($state) {