diff --git a/app/controllers/concerns/saml_idp_auth_concern.rb b/app/controllers/concerns/saml_idp_auth_concern.rb
index db3f2015c02..80fd3eb54ee 100644
--- a/app/controllers/concerns/saml_idp_auth_concern.rb
+++ b/app/controllers/concerns/saml_idp_auth_concern.rb
@@ -237,7 +237,12 @@ def saml_response_signature_options
 
   def saml_request_service_provider
     return @saml_request_service_provider if defined?(@saml_request_service_provider)
-    @saml_request_service_provider = ServiceProvider.find_by(issuer: current_issuer)
+    @saml_request_service_provider =
+      if current_issuer.blank?
+        nil
+      else
+        ServiceProvider.find_by(issuer: current_issuer)
+      end
   end
 
   def current_issuer
diff --git a/app/forms/openid_connect_authorize_form.rb b/app/forms/openid_connect_authorize_form.rb
index c3bbca2b17c..0b60951228a 100644
--- a/app/forms/openid_connect_authorize_form.rb
+++ b/app/forms/openid_connect_authorize_form.rb
@@ -101,7 +101,12 @@ def cannot_validate_redirect_uri?
 
   def service_provider
     return @service_provider if defined?(@service_provider)
-    @service_provider = ServiceProvider.find_by(issuer: client_id)
+    @service_provider =
+      if client_id.blank?
+        nil
+      else
+        ServiceProvider.find_by(issuer: client_id)
+      end
   end
 
   def link_identity_to_service_provider(
diff --git a/app/services/saml_request_parser.rb b/app/services/saml_request_parser.rb
index bf1e3a760ee..c85d779d5eb 100644
--- a/app/services/saml_request_parser.rb
+++ b/app/services/saml_request_parser.rb
@@ -2,6 +2,7 @@
 
 class SamlRequestParser
   URI_PATTERN = Saml::Idp::Constants::REQUESTED_ATTRIBUTES_CLASSREF
+  ESCAPED_URI_PATTERN = /#{Regexp.escape(URI_PATTERN)}/
 
   def initialize(request)
     @request = request
@@ -24,7 +25,7 @@ def authn_context_attr_nodes
         samlp: Saml::XML::Namespaces::PROTOCOL,
         saml: Saml::XML::Namespaces::ASSERTION,
       ).select do |node|
-        node.content =~ /#{Regexp.escape(URI_PATTERN)}/
+        node.content =~ ESCAPED_URI_PATTERN
       end
     end
   end
diff --git a/spec/forms/openid_connect_authorize_form_spec.rb b/spec/forms/openid_connect_authorize_form_spec.rb
index ccdfa5f3b7f..86a71c0e0f3 100644
--- a/spec/forms/openid_connect_authorize_form_spec.rb
+++ b/spec/forms/openid_connect_authorize_form_spec.rb
@@ -784,4 +784,16 @@
       end
     end
   end
+
+  describe '#service_provider' do
+    context 'empty client_id' do
+      let(:client_id) { '' }
+
+      it 'does not query the database' do
+        expect(ServiceProvider).to_not receive(:find_by)
+
+        expect(form.service_provider).to be_nil
+      end
+    end
+  end
 end