diff --git a/lib/services/saml.go b/lib/services/saml.go
index e0c505fb66f51..2336ed135cbd2 100644
--- a/lib/services/saml.go
+++ b/lib/services/saml.go
@@ -51,10 +51,11 @@ func ValidateSAMLConnector(sc types.SAMLConnector, rg RoleGetter) error {
 		if err != nil {
 			return trace.WrapWithMessage(err, "unable to fetch entity descriptor from %v for SAML connector %v", sc.GetEntityDescriptorURL(), sc.GetName())
 		}
+		defer resp.Body.Close()
+
 		if resp.StatusCode != http.StatusOK {
 			return trace.BadParameter("status code %v when fetching from %v for SAML connector %v", resp.StatusCode, sc.GetEntityDescriptorURL(), sc.GetName())
 		}
-		defer resp.Body.Close()
 		body, err := utils.ReadAtMost(resp.Body, teleport.MaxHTTPResponseSize)
 		if err != nil {
 			return trace.Wrap(err)