diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js
index e9ca8a2b..a06c906d 100644
--- a/lib/passport-saml/saml.js
+++ b/lib/passport-saml/saml.js
@@ -504,15 +504,23 @@ SAML.prototype.validateSignature = function (fullXml, currentNode, cert) {
 
 SAML.prototype.validatePostResponse = function (container, callback) {
   var self = this;
-  var xml = new Buffer(container.SAMLResponse, 'base64').toString('utf8');
-  var doc = new xmldom.DOMParser().parseFromString(xml);
 
-  var inResponseTo = xpath(doc, "/*[local-name()='Response']/@InResponseTo");
-  if(inResponseTo){
-    inResponseTo = inResponseTo.length ? inResponseTo[0].nodeValue : null;
-  }
+  var xml, doc, inResponseTo;
 
   Q.fcall(function(){
+    xml = new Buffer(container.SAMLResponse, 'base64').toString('utf8');
+    doc = new xmldom.DOMParser({
+    }).parseFromString(xml);
+
+    if (!doc.hasOwnProperty('documentElement'))
+      throw new Error('SAMLResponse is not valid base64-encoded XML');
+
+    inResponseTo = xpath(doc, "/*[local-name()='Response']/@InResponseTo");
+
+    if(inResponseTo){
+      inResponseTo = inResponseTo.length ? inResponseTo[0].nodeValue : null;
+    }
+
     if(self.options.validateInResponseTo){
       if (inResponseTo) {
         return Q.ninvoke(self.cacheProvider, 'get', inResponseTo)
diff --git a/test/tests.js b/test/tests.js
index 89279373..96a2a1ef 100644
--- a/test/tests.js
+++ b/test/tests.js
@@ -700,6 +700,15 @@ describe( 'passport-saml /', function() {
     });
 
     describe("validatePostResponse checks /", function() {
+      it('response with junk content should explain the XML or base64 is not valid', function(done) {
+        var samlObj = new SAML( { cert: TEST_CERT });
+        samlObj.validatePostResponse({SAMLResponse: "BOOM"} , function( err, profile, logout ) {
+          should.exist( err );
+          err.message.should.match( /SAMLResponse is not valid base64-encoded XML/ );
+//          should.exist( err.statusXml );
+          done();
+        });
+      });
       it('response with error status message should generate appropriate error', function(done) {
         var xml = '<?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://localhost/browserSamlLogin" ID="_6a377272c8662561acf1056274ef3f81" InResponseTo="_4324fb0d00661146f7dc" IssueInstant="2014-07-02T18:16:31.278Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.testshib.org/idp/shibboleth</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"/></saml2p:StatusCode><saml2p:StatusMessage>Required NameID format not supported</saml2p:StatusMessage></saml2p:Status></saml2p:Response>';
         var base64xml = new Buffer( xml ).toString('base64');