diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
index 66a20bcf439732272c97375099e33d3e1c1acde9..31898338c437c3bf8f3bdd063e35111fd33a31e9 100644
--- a/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/SAML20/HTTPPost.php
@@ -123,7 +123,7 @@ class SimpleSAML_Bindings_SAML20_HTTPPost {
 // 			'http://www.w3.org/2001/10/xml-exc-c14n#'));
 			
 		$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
-			array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'),
+			array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
 			array('id_name' => 'ID'));
 		
 		#$objXMLSecDSig->addRefInternal($responseroot, $responseroot, XMLSecurityDSig::SHA1);
diff --git a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
index e57968c569e83647f05f0693b05eed1870841b07..f842e74607a7c8644d0a77e53470f0686f24de44 100644
--- a/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
+++ b/lib/SimpleSAML/Bindings/Shib13/HTTPPost.php
@@ -113,10 +113,21 @@ class SimpleSAML_Bindings_Shib13_HTTPPost {
 		
 		#$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1, #array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), null, 'ResponseID');
 		
+		/*
+		
+			Removed 2008-01-10 after a tips from Rob Richards..
+			
+			
 		$objXMLSecDSig->addReferenceList(array($responseroot), XMLSecurityDSig::SHA1,
 			array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'),
 			array('id_name' => 'ResponseID'));
 			
+			*/
+			
+		$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1,
+			array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
+			array('id_name' => 'ResponseID'));
+			
 			// TODO: Add option to sign assertion versus response
 
 		#$objXMLSecDSig->addReferenceList(array($firstassertionroot), XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature',