diff --git a/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java b/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java
index 0973058..0907b9c 100644
--- a/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java
+++ b/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java
@@ -95,7 +95,9 @@ public class ConsumerServlet extends HttpServlet {
         ArtifactResponse artifactResponse = sendAndReceiveArtifactResolve(artifactResolve, resp);
         logger.info("ArtifactResponse received");
         logger.info("ArtifactResponse: ");
-       // OpenSAMLUtils.logSAMLObject(artifactResponse);
+        OpenSAMLUtils.logSAMLObject(artifactResponse);
+
+        validateDestinationAndLifetime(artifactResponse, req);
 
         EncryptedAssertion encryptedAssertion = getEncryptedAssertion(artifactResponse);
         Assertion assertion = decryptAssertion(encryptedAssertion);
@@ -111,6 +113,39 @@ public class ConsumerServlet extends HttpServlet {
         redirectToGotoURL(req, resp);
     }
 
+    private void validateDestinationAndLifetime(ArtifactResponse artifactResponse, HttpServletRequest request) {
+        MessageContext context = new MessageContext<ArtifactResponse>();
+        context.setMessage(artifactResponse);
+
+        SAMLMessageInfoContext messageInfoContext = context.getSubcontext(SAMLMessageInfoContext.class, true);
+        messageInfoContext.setMessageIssueInstant(artifactResponse.getIssueInstant());
+
+        MessageLifetimeSecurityHandler lifetimeSecurityHandler = new MessageLifetimeSecurityHandler();
+        lifetimeSecurityHandler.setClockSkew(1000);
+        lifetimeSecurityHandler.setMessageLifetime(2000);
+        lifetimeSecurityHandler.setRequiredRule(true);
+
+        ReceivedEndpointSecurityHandler receivedEndpointSecurityHandler = new ReceivedEndpointSecurityHandler();
+        receivedEndpointSecurityHandler.setHttpServletRequest(request);
+        List handlers = new ArrayList<MessageHandler>();
+        handlers.add(lifetimeSecurityHandler);
+        handlers.add(receivedEndpointSecurityHandler);
+
+        BasicMessageHandlerChain<ArtifactResponse> handlerChain = new BasicMessageHandlerChain<ArtifactResponse>();
+        handlerChain.setHandlers(handlers);
+
+        try {
+            handlerChain.initialize();
+            handlerChain.doInvoke(context);
+        } catch (ComponentInitializationException e) {
+            throw new RuntimeException(e);
+        } catch (MessageHandlerException e) {
+            throw new RuntimeException(e);
+        }
+
+
+    }
+
     private Assertion decryptAssertion(EncryptedAssertion encryptedAssertion) {
         StaticKeyInfoCredentialResolver keyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(SPCredentials.getCredential());