diff --git a/App/FeatureSet/Identity/Utils/SSO.ts b/App/FeatureSet/Identity/Utils/SSO.ts
index 53cec1e59f..9a56766063 100644
--- a/App/FeatureSet/Identity/Utils/SSO.ts
+++ b/App/FeatureSet/Identity/Utils/SSO.ts
@@ -81,6 +81,12 @@ export default class SSOUtil {
       throw new BadRequestException("SAML Assertion not found");
     }
 
+    if (samlAssertion.length !== 1) {
+      throw new BadRequestException(
+        "Expected exactly one Assertion in SAML Response",
+      );
+    }
+
     const samlSubject: JSONArray =
       ((samlAssertion[0] as JSONObject)["saml2:Subject"] as JSONArray) ||
       ((samlAssertion[0] as JSONObject)["saml:Subject"] as JSONArray) ||
@@ -158,6 +164,10 @@ export default class SSOUtil {
       return null;
     }
 
+    if (samlAssertion.length !== 1) {
+      return null;
+    }
+
     const samlAttributeStatement: JSONArray =
       ((samlAssertion[0] as JSONObject)[
         "saml2:AttributeStatement"
@@ -242,6 +252,12 @@ export default class SSOUtil {
       throw new BadRequestException("SAML Assertion not found");
     }
 
+    if (samlAssertion.length !== 1) {
+      throw new BadRequestException(
+        "Expected exactly one Assertion in SAML Response",
+      );
+    }
+
     const samlSubject: JSONArray =
       ((samlAssertion[0] as JSONObject)["saml2:Subject"] as JSONArray) ||
       ((samlAssertion[0] as JSONObject)["saml:Subject"] as JSONArray) ||