diff --git a/docs/simplesamlphp-reference-idp-hosted.txt b/docs/simplesamlphp-reference-idp-hosted.txt
index 47f7842de3ed403e9d1676d255b53a5af74e788b..0ea1325877243e585fe8f92e6ebb0ac67e5b86a0 100644
--- a/docs/simplesamlphp-reference-idp-hosted.txt
+++ b/docs/simplesamlphp-reference-idp-hosted.txt
@@ -207,6 +207,20 @@ The following SAML 2.0 options are available:
     any value in the SP-remote metadata overrides the one configured
     in the IdP metadata.
 
+`validate.authnrequest`
+:   Whether we require signatures on authentication requests sent to this IdP.
+
+:   Note that this option also exists in the SP-remote metadata, and
+    any value in the SP-remote metadata overrides the one configured
+    in the IdP metadata.
+
+`validate.logout`
+:   Whether we require signatures on logout messages sent to this IdP.
+
+:   Note that this option also exists in the SP-remote metadata, and
+    any value in the SP-remote metadata overrides the one configured
+    in the IdP metadata.
+
 
 ### Fields for signing and validating messages
 
diff --git a/docs/simplesamlphp-reference-idp-remote.txt b/docs/simplesamlphp-reference-idp-remote.txt
index e24666c2c60a4767371ac80589f44de53fb86a00..a903d2c5bc01599c0ac69bf5f0da9207df5eb808 100644
--- a/docs/simplesamlphp-reference-idp-remote.txt
+++ b/docs/simplesamlphp-reference-idp-remote.txt
@@ -121,6 +121,12 @@ The following SAML 2.0 options are available:
 `SPNameQualifier`
 :   This corresponds to the SPNameQualifier in the SAML 2.0 specification. It allows to give subjects a SP specific namespace. This option is rarely used, so if you don't need it, leave it out. When left out, simpleSAMLphp assumes the entityID of your SP as the SPNameQualifier.
 
+`validate.logout`
+:   Whether we require signatures on logout messages sent from this IdP.
+
+:   Note that this option also exists in the SP configuration.
+    This value in the IdP remote metadata overrides the value in the SP configuration.
+
 
 ### Decrypting assertions
 
diff --git a/docs/simplesamlphp-reference-sp-remote.txt b/docs/simplesamlphp-reference-sp-remote.txt
index f0b9916c88a736a388eaadd379f56479438140c4..ab6fd4a41d32f85688337c35a2c1a05ff62c5c44 100644
--- a/docs/simplesamlphp-reference-sp-remote.txt
+++ b/docs/simplesamlphp-reference-sp-remote.txt
@@ -238,6 +238,18 @@ The following SAML 2.0 options are available:
 :   -   `raw`: Store the attribute without any modifications. This
         makes it possible to include raw XML in the response.
 
+`validate.authnrequest`
+:   Whether we require signatures on authentication requests sent from this SP.
+
+:   Note that this option also exists in the IdP-hosted metadata.
+    The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
+
+`validate.logout`
+:   Whether we require signatures on logout messages sent from this SP.
+
+:   Note that this option also exists in the IdP-hosted metadata.
+    The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
+
 
 ### Encrypting assertions
 
diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt
index d710245fc967c7cd907656697ae79a004047e336..63d61e4072c57c1cec007e0336cb61ef06b7bf6d 100644
--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -276,3 +276,12 @@ Options
             'en' => 'http://sp.example.net/en/info.html',
             'no' => 'http://sp.example.net/no/info.html',
         ),
+
+`validate.logout`
+:   Whether we require signatures on logout messages sent to this SP.
+
+:   Note that this option also exists in the IdP-remote metadata, and
+    any value in the IdP-remote metadata overrides the one configured
+    in the IdP metadata.
+
+:   *Note*: SAML 2 specific.
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index e00bce2af67f37688e712a16f03989f727a5305e..e8a96aeb29fe04a42c9470ac2aaf1a69963a9e53 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -216,9 +216,23 @@ class sspmod_saml_Message {
 		SAML2_Message $message
 		) {
 
-		$enabled = $srcMetadata->getBoolean('redirect.validate', NULL);
+		if ($message instanceof SAML2_LogoutRequest || $message instanceof SAML2_LogoutResponse) {
+			$enabled = $srcMetadata->getBoolean('validate.logout', NULL);
+			if ($enabled === NULL) {
+				$enabled = $dstMetadata->getBoolean('validate.logout', NULL);
+			}
+		} elseif ($message instanceof SAML2_AuthnRequest) {
+			$enabled = $srcMetadata->getBoolean('validate.authnrequest', NULL);
+			if ($enabled === NULL) {
+				$enabled = $dstMetadata->getBoolean('validate.authnrequest', NULL);
+			}
+		}
+
 		if ($enabled === NULL) {
-			$enabled = $dstMetadata->getBoolean('redirect.validate', FALSE);
+			$enabled = $srcMetadata->getBoolean('redirect.validate', NULL);
+			if ($enabled === NULL) {
+				$enabled = $dstMetadata->getBoolean('redirect.validate', FALSE);
+			}
 		}
 
 		if (!$enabled) {