diff --git a/modules/saml/src/Auth/Source/SP.php b/modules/saml/src/Auth/Source/SP.php
index 8d8bfb9b6..1d8eb66a4 100644
--- a/modules/saml/src/Auth/Source/SP.php
+++ b/modules/saml/src/Auth/Source/SP.php
@@ -17,6 +17,7 @@ use SimpleSAML\SAML2\XML\saml\NameID;
 use SimpleSAML\Store\StoreFactory;
 use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
 use Symfony\Component\HttpFoundation\{RedirectResponse, Request, Response};
+use SimpleSAML\SAML2\XML\samlp\NameIDPolicy;
 
 use function array_intersect;
 use function array_key_exists;
@@ -561,7 +562,7 @@ class SP extends Auth\Source
         }
 
         if (!empty($state['saml:NameIDPolicy'])) {
-            $ar->setNameIdPolicy($state['saml:NameIDPolicy']);
+            $ar->setNameIdPolicy(new NameIDPolicy($state['saml:NameIDPolicy']));
         }
 
         $requesterID = [];
@@ -596,8 +597,6 @@ class SP extends Auth\Source
             Logger::debug('Disabling samlp:Scoping for ' . var_export($idpMetadata->getString('entityid'), true));
         }
 
-        $ar->setRequesterID($requesterID);
-
         // If the downstream SP has set extensions then use them.
         // Otherwise use extensions that might be defined in the local SP (only makes sense in a proxy scenario)
         if (isset($state['saml:Extensions']) && count($state['saml:Extensions']) > 0) {
diff --git a/modules/saml/src/Message.php b/modules/saml/src/Message.php
index 081a0453a..390dece87 100644
--- a/modules/saml/src/Message.php
+++ b/modules/saml/src/Message.php
@@ -13,6 +13,7 @@ use SimpleSAML\SAML2\{AuthnRequest, LogoutRequest, LogoutResponse, Response, Sta
 use SimpleSAML\SAML2\{Constants as C, SignedElement};
 use SimpleSAML\SAML2\XML\saml\Issuer;
 use SimpleSAML\XMLSecurity\XML\ds\{KeyInfo, X509Certificate, X509Data};
+use SimpleSAML\SAML2\XML\samlp\NameIDPolicy;
 
 use function array_key_exists;
 use function array_filter;
@@ -487,7 +488,7 @@ class Message
         $policy = Utils\Config\Metadata::parseNameIdPolicy($nameIdPolicy);
         // empty array signals not to set any NameIdPolicy element
         if ($policy !== []) {
-            $ar->setNameIdPolicy($policy);
+            $ar->setNameIdPolicy(new NameIDPolicy($policy['Format'] ?? null));
         }
 
         $ar->setForceAuthn($spMetadata->getOptionalBoolean('ForceAuthn', false));
diff --git a/public/module.php b/public/module.php
index f59c2f05f..6920ed6cc 100644
--- a/public/module.php
+++ b/public/module.php
@@ -9,6 +9,8 @@ declare(strict_types=1);
 
 namespace SimpleSAML;
 
+$_SERVER['SERVER_PORT'] = ($_SERVER['HTTPS'] ?? 'off') == 'on' ? 443 : 80;
+
 require_once('_include.php');
 
 Module::process()->send();
diff --git a/src/SimpleSAML/Utils/HTTP.php b/src/SimpleSAML/Utils/HTTP.php
index 30df0e615..ae07472ae 100644
--- a/src/SimpleSAML/Utils/HTTP.php
+++ b/src/SimpleSAML/Utils/HTTP.php
@@ -425,7 +425,7 @@ class HTTP
             $trusted = false;
             if (!in_array($trustedRegex, [null, false])) {
                 // add self host to the white list
-                $trustedSites[] = preg_quote($self_host);
+                $trustedSites[] = $trustedRegex;
                 foreach ($trustedSites as $regex) {
                     // Add start and end delimiters.
                     $regex = "@^{$regex}$@";