diff --git a/server/sso/validate_test.go b/server/sso/validate_test.go
index 0c4edbc0dc..7b31b53749 100644
--- a/server/sso/validate_test.go
+++ b/server/sso/validate_test.go
@@ -41,11 +41,15 @@ var testResponse = `PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6
 func TestValidate(t *testing.T) {
 	tm, err := time.Parse(time.UnixDate, "Sun Apr 30 22:10:00 UTC 2017")
 	require.Nil(t, err)
+
 	clock := dsig.NewFakeClockAt(tm)
 	validator, err := NewValidator(testMetadata, Clock(clock))
 	require.Nil(t, err)
 	require.NotNil(t, validator)
+
 	auth, err := DecodeAuthResponse(testResponse)
+	require.Nil(t, err)
+
 	signed, err := validator.ValidateSignature(auth)
 	require.Nil(t, err)
 	require.NotNil(t, signed)
@@ -78,13 +82,18 @@ func tamperedResponse(original string) (string, error) {
 func TestVerfiyValidTamperedWithDocFails(t *testing.T) {
 	tampered, err := tamperedResponse(testResponse)
 	require.Nil(t, err)
+
 	tm, err := time.Parse(time.UnixDate, "Sun Apr 30 22:10:00 UTC 2017")
 	require.Nil(t, err)
+
 	clock := dsig.NewFakeClockAt(tm)
 	validator, err := NewValidator(testMetadata, Clock(clock))
 	require.Nil(t, err)
 	require.NotNil(t, validator)
+
 	auth, err := DecodeAuthResponse(tampered)
+	require.Nil(t, err)
+
 	_, err = validator.ValidateSignature(auth)
 	require.NotNil(t, err)
 }
@@ -97,7 +106,10 @@ func TestVerfiyStaleMessageFails(t *testing.T) {
 	validator, err := NewValidator(testMetadata, Clock(clock))
 	require.Nil(t, err)
 	require.NotNil(t, validator)
+
 	auth, err := DecodeAuthResponse(testResponse)
+	require.Nil(t, err)
+
 	signed, err := validator.ValidateSignature(auth)
 	require.Nil(t, err)
 	require.NotNil(t, signed)