diff --git a/modules/consent/lib/Auth/Process/Consent.php b/modules/consent/lib/Auth/Process/Consent.php
index b0a6cd5df378e79599529b2a60bbf3a43b55dd10..0647ac84f194f457b48e5d83139f23cd30067ddf 100644
--- a/modules/consent/lib/Auth/Process/Consent.php
+++ b/modules/consent/lib/Auth/Process/Consent.php
@@ -375,6 +375,9 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
     public static function getAttributeHash($attributes, $includeValues = false)
     {
         if ($includeValues) {
+            foreach ($attributes as &$values) {
+                sort($values);
+            }
             ksort($attributes);
             $hashBase = serialize($attributes);
         } else {
diff --git a/tests/modules/consent/lib/Auth/Process/ConsentTest.php b/tests/modules/consent/lib/Auth/Process/ConsentTest.php
index 887e11b433e8daffa88fdef506339124d9622685..97534dc4382390cd61d45bb072f579eacc64b9c5 100644
--- a/tests/modules/consent/lib/Auth/Process/ConsentTest.php
+++ b/tests/modules/consent/lib/Auth/Process/ConsentTest.php
@@ -120,4 +120,63 @@ class ConsentTest extends TestCase
         // the state should NOT have changed because NO consent should be necessary (match)
         $this->assertEquals($request, $result);
     }
+
+    public function testAttributeHashIsConsistentWhenOrderOfValuesChange()
+    {
+        $attributes1 = array(
+            'attribute1' => array('val1', 'val2'),
+            'attribute2' => array('val1', 'val2')
+        );
+        $attributeHash1 = \sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes1, true);
+
+        $attributes2 = array(
+            'attribute1' => array('val1', 'val2'),
+            'attribute2' => array('val2', 'val1')
+        );
+        $attributeHash2 = \sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes2, true);
+
+        $this->assertEquals($attributeHash1, $attributeHash2, "Hash is not the same when the order of values changes");
+    }
+
+    public function testAttributeHashIsConsistentWhenOrderOfAttributesChange()
+    {
+        $attributes1 = array(
+            'attribute2' => array('val1', 'val2'),
+            'attribute1' => array('val1', 'val2')
+        );
+        $attributeHash1 = \sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes1, true);
+
+        $attributes2 = array(
+            'attribute1' => array('val1', 'val2'),
+            'attribute2' => array('val1', 'val2')
+        );
+        $attributeHash2 = \sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes2, true);
+
+        $this->assertEquals(
+            $attributeHash1,
+            $attributeHash2,
+            "Hash is not the same when the order of the attributs changes"
+        );
+    }
+
+    public function testAttributeHashIsConsistentWithoutValuesWhenOrderOfAttributesChange()
+    {
+        $attributes1 = array(
+            'attribute2' => array('val1', 'val2'),
+            'attribute1' => array('val1', 'val2')
+        );
+        $attributeHash1 = \sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes1);
+
+        $attributes2 = array(
+            'attribute1' => array('val1', 'val2'),
+            'attribute2' => array('val1', 'val2')
+        );
+        $attributeHash2 = \sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes2);
+
+        $this->assertEquals(
+            $attributeHash1,
+            $attributeHash2,
+            "Hash is not the same when the order of the attributs changes and the values are not included"
+        );
+    }
 }