diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
index faa71637d..6501dd247 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
@@ -11,7 +11,7 @@ use Lemonldap::NG::Portal::Simple;
 use Lemonldap::NG::Portal::_SAML;
 our @ISA = qw(Lemonldap::NG::Portal::_SAML);
 
-our $VERSION = '1.3.2';
+our $VERSION = '1.4.0';
 
 ## @method void issuerDBInit()
 # Load and check SAML configuration
@@ -1180,28 +1180,13 @@ sub issuerForAuthUser {
                 $self->lmLog( "Lasso Identity loaded", 'debug' );
             }
 
-            # Get SP entityID
-            my $sp =
-              $request ? $login->remote_providerID() : $self->param("sp");
-
-            $self->lmLog( "Found entityID $sp in SAML message", 'debug' );
-
-            # SP conf key
-            my $spConfKey = $self->{_spList}->{$sp}->{confKey};
-
-            unless ($spConfKey) {
-                $self->lmLog( "$sp do not match any SP in configuration",
-                    'error' );
-                return PE_SAML_UNKNOWN_ENTITY;
-            }
-
-            $self->lmLog( "$sp match $spConfKey SP in configuration", 'debug' );
-
             my $result;
 
             # Create fake request if IDP initiated mode
             if ($idp_initiated) {
-                $result = $self->initIdpInitiatedAuthnRequest( $login, $sp );
+                $result =
+                  $self->initIdpInitiatedAuthnRequest( $login,
+                    $self->param("sp") );
                 unless ($result) {
                     $self->lmLog(
 "SSO: Fail to init IDP Initiated authentication request",
@@ -1225,6 +1210,23 @@ sub issuerForAuthUser {
                 return PE_SAML_SSO_ERROR;
             }
 
+            # Get SP entityID
+            my $sp =
+              $request ? $login->remote_providerID() : $self->param("sp");
+
+            $self->lmLog( "Found entityID $sp in SAML message", 'debug' );
+
+            # SP conf key
+            my $spConfKey = $self->{_spList}->{$sp}->{confKey};
+
+            unless ($spConfKey) {
+                $self->lmLog( "$sp do not match any SP in configuration",
+                    'error' );
+                return PE_SAML_UNKNOWN_ENTITY;
+            }
+
+            $self->lmLog( "$sp match $spConfKey SP in configuration", 'debug' );
+
             # Do we check signature?
             my $checkSSOMessageSignature =
               $self->{samlSPMetaDataOptions}->{$spConfKey}
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
index 756abc1e4..53b0a2b8e 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
@@ -21,7 +21,7 @@ use URI;                   # Get metadata URL path
 #inherits Lemonldap::NG::Common::Conf::SAML::Metadata protected service_metadata
 
 our @ISA     = (qw(Lemonldap::NG::Portal::_Browser));
-our $VERSION = '1.3.2';
+our $VERSION = '1.4.0';
 our $samlCache;
 our $initGlibDone;