diff --git a/authnresponse.go b/authnresponse.go
index 3cf9f83..56cdef5 100644
--- a/authnresponse.go
+++ b/authnresponse.go
@@ -88,6 +88,9 @@ func (r *Response) Validate(s *ServiceProviderConfig) error {
 	if r.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.Recipient != s.AssertionConsumerServiceURL {
 		return errors.New("subject recipient mismatch, expected: " + s.AssertionConsumerServiceURL + " not " + r.Assertion.Subject.SubjectConfirmation.SubjectConfirmationData.Recipient)
 	}
+	if s.IDPCert == nil {
+		return errors.New("IDPCert is nil")
+	}
 
 	err := VerifyResponseSignature(r.originalString, s.IDPCert.Raw)
 	if err != nil {