diff --git a/modules/saml/src/Auth/Source/SP.php b/modules/saml/src/Auth/Source/SP.php
index e64c8d483..f2461d8c5 100644
--- a/modules/saml/src/Auth/Source/SP.php
+++ b/modules/saml/src/Auth/Source/SP.php
@@ -21,6 +21,7 @@ use SimpleSAML\SAML2\Exception\Protocol\NoPassiveException;
 use SimpleSAML\SAML2\Exception\Protocol\NoSupportedIDPException;
 use SimpleSAML\SAML2\LogoutRequest;
 use SimpleSAML\SAML2\XML\saml\NameID;
+use SimpleSAML\SAML2\XML\samlp\NameIDPolicy;
 use SimpleSAML\Session;
 use SimpleSAML\Store;
 use SimpleSAML\Store\StoreFactory;
@@ -548,7 +549,7 @@ class SP extends Auth\Source
         }
 
         if (!empty($state['saml:NameIDPolicy'])) {
-            $ar->setNameIdPolicy($state['saml:NameIDPolicy']);
+            $ar->setNameIdPolicy(new NameIDPolicy($state['saml:NameIDPolicy']));
         }
 
         $requesterID = [];
@@ -583,8 +584,6 @@ class SP extends Auth\Source
             Logger::debug('Disabling samlp:Scoping for ' . var_export($idpMetadata->getString('entityid'), true));
         }
 
-        $ar->setRequesterID($requesterID);
-
         // If the downstream SP has set extensions then use them.
         // Otherwise use extensions that might be defined in the local SP (only makes sense in a proxy scenario)
         if (isset($state['saml:Extensions']) && count($state['saml:Extensions']) > 0) {
diff --git a/modules/saml/src/Message.php b/modules/saml/src/Message.php
index 3b603a08e..5ce52beb8 100644
--- a/modules/saml/src/Message.php
+++ b/modules/saml/src/Message.php
@@ -23,6 +23,7 @@ use SimpleSAML\SAML2\XML\ds\KeyInfo;
 use SimpleSAML\SAML2\XML\ds\X509Certificate;
 use SimpleSAML\SAML2\XML\ds\X509Data;
 use SimpleSAML\SAML2\XML\saml\Issuer;
+use SimpleSAML\SAML2\XML\samlp\NameIDPolicy;
 use SimpleSAML\Utils;
 
 /**
@@ -483,7 +484,7 @@ class Message
         $policy = Utils\Config\Metadata::parseNameIdPolicy($nameIdPolicy);
         // empty array signals not to set any NameIdPolicy element
         if ($policy !== []) {
-            $ar->setNameIdPolicy($policy);
+            $ar->setNameIdPolicy(new NameIDPolicy($policy['Format'] ?? null));
         }
 
         $ar->setForceAuthn($spMetadata->getOptionalBoolean('ForceAuthn', false));
diff --git a/public/module.php b/public/module.php
index f59c2f05f..6920ed6cc 100644
--- a/public/module.php
+++ b/public/module.php
@@ -9,6 +9,8 @@ declare(strict_types=1);

 namespace SimpleSAML;

+$_SERVER['SERVER_PORT'] = ($_SERVER['HTTPS'] ?? 'off') == 'on' ? 443 : 80;
+
 require_once('_include.php');

 Module::process()->send();
diff --git a/src/SimpleSAML/Utils/HTTP.php b/src/SimpleSAML/Utils/HTTP.php
index 7a9395ae5..7fad2b5d0 100644
--- a/src/SimpleSAML/Utils/HTTP.php
+++ b/src/SimpleSAML/Utils/HTTP.php
@@ -384,7 +384,7 @@ class HTTP
             $trusted = false;
             if (!in_array($trustedRegex, [null, false])) {
                 // add self host to the white list
-                $trustedSites[] = preg_quote($self_host);
+                $trustedSites[] = $trustedRegex;
                 foreach ($trustedSites as $regex) {
                     // Add start and end delimiters.
                     $regex = "@^{$regex}$@";