diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
index 91c5c00547..b195e4945a 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilter.java
@@ -108,7 +108,7 @@ public final class Saml2MetadataFilter extends OncePerRequestFilter {
 		String fileName = metadata.getFileName();
 		String encodedFileName = URLEncoder.encode(fileName, StandardCharsets.UTF_8.name());
 		response.setHeader(HttpHeaders.CONTENT_DISPOSITION, String.format(format, fileName, encodedFileName));
-		response.setContentLength(metadata.getMetadata().length());
+		response.setContentLength(metadata.getMetadata().getBytes(StandardCharsets.UTF_8).length);
 		response.setCharacterEncoding(StandardCharsets.UTF_8.name());
 		response.getWriter().write(metadata.getMetadata());
 	}
diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
index 043b05c59a..f20d7b5822 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2MetadataFilterTests.java
@@ -177,6 +177,8 @@ public class Saml2MetadataFilterTests {
 		this.filter.doFilter(this.request, this.response, this.chain);
 		assertThat(this.response.getCharacterEncoding()).isEqualTo(StandardCharsets.UTF_8.name());
 		assertThat(this.response.getContentAsString(StandardCharsets.UTF_8)).isEqualTo(generatedMetadata);
+		assertThat(this.response.getContentLength())
+				.isEqualTo(generatedMetadata.getBytes(StandardCharsets.UTF_8).length);
 	}
 
 	@Test