diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md
index 9ef80f9a064abb73956cc83701e14f91de357411..4d75fa020e33aa6281c705239ac52e8f5fa06f5c 100644
--- a/docs/simplesamlphp-changelog.md
+++ b/docs/simplesamlphp-changelog.md
@@ -16,6 +16,8 @@ Released TBD
   * Introduce new UI based on Twig templates.
     The new templates co-exist next to the old ones.
   * SimpleSAMLphp can now be used with applications that use Twig 2.
+  * Generate sessionID complying with PHP config settings.
+  * Update OpenSSL RSA bit length in docs.
   * Update configuration templates and documentation to PHP
     short array syntax.
   * All clases moved to namespaces and reformatted code to PSR-2.
@@ -35,6 +37,10 @@ Released TBD
   * Allow to specifiy NameIDPolicy Format and AllowCreate in hosted SP
     and remote IdP configurtion, and restore possibility to omit it
     from AuthnRequests entirely.
+  * Add setting `assertion.allowed_clock_skew` to influence how lenient
+    we should be with the timestamps in received SAML messages.
+  * If Issuer of IdP does not match the entity we sent the request to,
+    log a warning instead of bailing out with an exception.
 
 ## Version 1.16.2
 
diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php
index 9dcec80c5b762c119c7014a3269da63e1a63e36f..ae10a2cbdf327806fb8da0916364197758f4551e 100644
--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -17,7 +17,7 @@ try {
 } catch (Exception $e) {
     // TODO: look for a specific exception
     // This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should throw
-    // an specific exception when the binding is unknown, and we should capture that here
+    // a specific exception when the binding is unknown, and we should capture that here
     if ($e->getMessage() === 'Unable to find the current binding.') {
         throw new \SimpleSAML\Error\Error('ACSPARAMS', $e, 400);
     } else {
@@ -102,9 +102,7 @@ if ($state) {
         $idpMetadata = $source->getIdPMetadata($idp);
         $idplist = $idpMetadata->getArrayize('IDPList', []);
         if (!in_array($state['ExpectedIssuer'], $idplist, true)) {
-            throw new \SimpleSAML\Error\Exception(
-                'The issuer of the response does not match to the identity provider we sent the request to.'
-            );
+            SimpleSAML\Logger::warning('The issuer of the response not match to the identity provider we sent the request to.');
         }
     }
 } else {