diff --git a/src/Saml2/Response.php b/src/Saml2/Response.php
index ef2eca4a..d716ca5d 100644
--- a/src/Saml2/Response.php
+++ b/src/Saml2/Response.php
@@ -234,6 +234,7 @@ public function isValid($requestId = null)
                     );
                 }
 
+                $this->encryptedNameId = $this->encryptedNameId || $this->_queryAssertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData')->length > 0;
                 if (!$this->encryptedNameId && $security['wantNameIdEncrypted']) {
                     throw new ValidationError(
                         "The NameID of the Response is not encrypted and the SP requires it",