diff --git a/classes/auth.php b/classes/auth.php
index 61aaedd3e..ed75588e5 100644
--- a/classes/auth.php
+++ b/classes/auth.php
@@ -109,7 +109,8 @@ class auth extends \auth_plugin_base {
         'nameidasattrib'     => 0,
         'flagresponsetype'   => saml2_settings::OPTION_FLAGGED_LOGIN_MESSAGE,
         'flagredirecturl'    => '',
-        'flagmessage'        => '' // Set in constructor.
+        'flagmessage'        => '', // Set in constructor.
+        'tempdir'            => '/tmp/simplesaml'
     ];
 
     /**
diff --git a/config/config.php b/config/config.php
index 9abdbab01..c425d37aa 100644
--- a/config/config.php
+++ b/config/config.php
@@ -49,6 +49,7 @@
     'debug'             => ['saml' => $saml2auth->is_debugging()],
     'logging.level'     => $saml2auth->is_debugging() ? SimpleSAML\Logger::DEBUG : SimpleSAML\Logger::ERR,
     'logging.handler'   => $saml2auth->config->logtofile ? 'file' : 'errorlog',
+    'tempdir'           => $saml2auth->config->tempdir,
 
     // SSP has a %srcip token, but instead use $remoteip so Moodle handle's which header to use.
     'logging.format'    => '%date{%b %d %H:%M:%S} ' . $remoteip . ' %process %level %stat[%trackid] %msg',
diff --git a/lang/en/auth_saml2.php b/lang/en/auth_saml2.php
index c2906247f..cb3909afb 100644
--- a/lang/en/auth_saml2.php
+++ b/lang/en/auth_saml2.php
@@ -176,6 +176,9 @@
 $string['spmetadatasign_help'] = 'Sign the SP Metadata.';
 $string['spmetadatasign'] = 'SP Metadata signature';
 $string['spmetadata'] = 'SP Metadata';
+$string['tempdirdefault'] = '/tmp/simplesaml';
+$string['tempdir_help'] = 'A directory where SimpleSAMLphp can save temporary files';
+$string['tempdir'] = 'SimpleSAMLphp temporary directory';
 $string['sspversion'] = 'SimpleSAMLphp version';
 $string['stateorprovincename'] = 'State or Province';
 $string['status'] = 'Status';
diff --git a/settings.php b/settings.php
index b1dacf0c3..f665a3faa 100644
--- a/settings.php
+++ b/settings.php
@@ -360,6 +360,16 @@
         1,
         $yesno));
 
+    // SAMLPHP tempdir
+    $settings->add(new admin_setting_configtext(
+        'auth_saml2/tempdir',
+        get_string('tempdir', 'auth_saml2'),
+        get_string('tempdir_help', 'auth_saml2'),
+        get_string('tempdirdefault', 'auth_saml2'),
+        PARAM_TEXT,
+        50,
+        3));
+
     // SAMLPHP version.
     $authplugin = get_auth_plugin('saml2');
     $settings->add(new setting_textonly(
diff --git a/sp/module.php b/sp/module.php
index 482e65e08..4cc3f629a 100644
--- a/sp/module.php
+++ b/sp/module.php
@@ -33,4 +33,4 @@
     $_SERVER['SERVER_PORT'] = '443';
 }
 
-require($CFG->dirroot.'/auth/saml2/.extlib/simplesamlphp/www/module.php');
+require($CFG->dirroot.'/auth/saml2/.extlib/simplesamlphp/public/module.php');