diff --git a/composer.json b/composer.json
new file mode 100644
index 00000000..01888c25
--- /dev/null
+++ b/composer.json
@@ -0,0 +1,9 @@
+{
+  "name": "jcugno/php-saml",
+  "description": "Simple SAML toolkit for PHP",
+  "license": "BSD-3-Clause",
+  "keywords": ["saml"],
+  "autoload": {
+    "classmap": ["src/", "ext/"]
+  }
+}
diff --git a/src/OneLogin/Saml/Response.php b/src/OneLogin/Saml/Response.php
index a78a1d02..b64c3a0e 100644
--- a/src/OneLogin/Saml/Response.php
+++ b/src/OneLogin/Saml/Response.php
@@ -62,7 +62,7 @@ public function getNameId()
      * AuthnStatement element.
      * Using this attribute, the IdP suggests the local session expiration
      * time.
-     * 
+     *
      * @return The SessionNotOnOrAfter as unix epoc or NULL if not present
      */
     public function getSessionNotOnOrAfter()
@@ -107,14 +107,14 @@ protected function _queryAssertion($assertionXpath)
         $xpath->registerNamespace('saml'    , 'urn:oasis:names:tc:SAML:2.0:assertion');
         $xpath->registerNamespace('ds'      , 'http://www.w3.org/2000/09/xmldsig#');
 
-        $signatureQuery = '/samlp:Response/saml:Assertion/ds:Signature/ds:SignedInfo/ds:Reference';
+        $signatureQuery = '/samlp:Response//ds:Signature/ds:SignedInfo/ds:Reference';
         $assertionReferenceNode = $xpath->query($signatureQuery)->item(0);
         if (!$assertionReferenceNode) {
             throw new Exception('Unable to query assertion, no Signature Reference found?');
         }
         $id = substr($assertionReferenceNode->attributes->getNamedItem('URI')->nodeValue, 1);
 
-        $nameQuery = "/samlp:Response/saml:Assertion[@ID='$id']" . $assertionXpath;
+        $nameQuery = "/samlp:Response/saml:Assertion" . $assertionXpath;
         return $xpath->query($nameQuery);
     }
 }