diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
index 2928e9418ff..dda437773c1 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
@@ -371,13 +371,14 @@ public static Converter<ResponseToken, Saml2ResponseValidatorResult> createDefau
 			Response response = responseToken.getResponse();
 			Saml2AuthenticationToken token = responseToken.getToken();
 			Saml2ResponseValidatorResult result = Saml2ResponseValidatorResult.success();
-			String statusCode = getStatusCode(response);
-			if (!StatusCode.SUCCESS.equals(statusCode)) {
-				String message = String.format("Invalid status [%s] for SAML response [%s]", statusCode,
-						response.getID());
-				result = result.concat(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, message));
+			List<String> statusCodes = getStatusCodes(response);
+			if (!StatusCode.SUCCESS.equals(statusCodes.get(0))) {
+				for (String statusCode : statusCodes) {
+					String message = String.format("Invalid status [%s] for SAML response [%s]", statusCode,
+							response.getID());
+					result = result.concat(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, message));
+				}
 			}
-
 			String inResponseTo = response.getInResponseTo();
 			result = result.concat(validateInResponseTo(token.getAuthenticationRequest(), inResponseTo));
 
@@ -613,14 +614,25 @@ private Consumer<ResponseToken> createDefaultResponseElementsDecrypter() {
 		};
 	}
 
-	private static String getStatusCode(Response response) {
+	private static List<String> getStatusCodes(Response response) {
+		List<String> statusCodes = new ArrayList<>();
 		if (response.getStatus() == null) {
-			return StatusCode.SUCCESS;
+			statusCodes.add(StatusCode.SUCCESS);
+			return statusCodes;
 		}
 		if (response.getStatus().getStatusCode() == null) {
-			return StatusCode.SUCCESS;
+			statusCodes.add(StatusCode.SUCCESS);
+			return statusCodes;
 		}
-		return response.getStatus().getStatusCode().getValue();
+		StatusCode parentStatusCode = response.getStatus().getStatusCode();
+		statusCodes.add(parentStatusCode.getValue());
+		StatusCode childStatusCode = parentStatusCode.getStatusCode();
+		while (childStatusCode != null) {
+			statusCodes.add(childStatusCode.getValue());
+			childStatusCode = childStatusCode.getStatusCode();
+		}
+
+		return statusCodes;
 	}
 
 	private Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionSignatureValidator() {