diff --git a/metadata/saml20-idp-hosted.php b/metadata/saml20-idp-hosted.php
new file mode 100644
index 0000000000000000000000000000000000000000..86a1aeca0a13dfb12efb590a6c833591f2bcc88a
--- /dev/null
+++ b/metadata/saml20-idp-hosted.php
@@ -0,0 +1,103 @@
+<?php
+
+/**
+ * SAML 2.0 IdP configuration for SimpleSAMLphp.
+ *
+ * See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-hosted
+ */
+
+function nest($name, $value) {
+ $element = array_pop($name);
+ if ($element) return nest($name, array($element => $value));
+ else return $value;
+}
+
+$config = SimpleSAML\Configuration::getInstance();
+$db_dsn = $config->getString('database.dsn', null);
+$db_user = $config->getString('database.username', null);
+$db_passwd = $config->getString('database.password', null);
+$db = new PDO($db_dsn, $db_user, $db_passwd);
+
+$vserver = $_SERVER['SERVER_NAME'];
+$vparts = explode('.', $vserver);
+$vhost = $vparts[0];
+
+$metadata['__DYNAMIC:1__'] = [
+ /*
+ * The hostname of the server (VHOST) that will use this SAML entity.
+ *
+ * Can be '__DEFAULT__', to use this entry by default.
+ */
+ 'host' => '__DEFAULT__',
+
+ 'OrganizationName' => $vhost . ' IdP',
+ 'OrganizationDisplayName' => $vhost . ' IdP',
+ 'OrganizationURL' => 'https:// ' . $vserver . '/',
+
+ 'contacts' => [
+ 'a' => [
+ 'contactType' => 'technical',
+ 'emailAddress' => 'support@'. $vserver,
+ 'givenName' => 'John',
+ 'surName' => $vhost,
+ 'telephoneNumber' => '+31(0)12345678',
+ 'company' => $vhost . ' Inc.',
+ ],
+ ],
+
+ 'UIInfo' => array(
+ 'DisplayName' => array(
+ 'en' => $vhost . ' IdP'
+ ),
+ 'Description' => array(
+ 'en' => $vhost . ' IdP description'
+ ),
+ ),
+
+ 'RegistrationInfo' => [
+ 'authority' => 'urn:mace:' . $vhost,
+ 'instant' => '2008-01-17T11:28:03Z',
+ 'policies' => [
+ 'en' => 'http://' . $vhost . '/policy',
+ ],
+ ],
+
+ // X.509 key and certificate. Relative to the cert directory.
+ 'privatekey' => 'server.pem',
+ 'certificate' => 'server.crt',
+
+ /*
+ * Authentication source to use. Must be one that is configured in
+ * 'config/authsources.php'.
+ */
+ 'auth' => 'example-userpass',
+
+ /* Uncomment the following to use the uri NameFormat on attributes. */
+ /*
+ 'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
+ 'authproc' => [
+ // Convert LDAP names to oids.
+ 100 => ['class' => 'core:AttributeMap', 'name2oid'],
+ ],
+ */
+];
+
+$query = "select o.name, o.type, c.value from idps i
+ left join config c on c.idp_id = i.idp_id
+ left join options o on c.option_id = o.option_id
+ where i.host = :host";
+
+
+$stmt = $db->prepare($query);
+$stmt->execute(array(':host' => $vhost));
+$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+$config = array();
+foreach ($result as $row) {
+ $name = explode(':', $row['name']);
+ $value = $row['value'];
+ $config = array_merge_recursive($config, nest($name, $value));
+}
+
+$metadata['__DYNAMIC:1__'] = array_replace_recursive($metadata['__DYNAMIC:1__'], $config);
+
diff --git a/metadata/saml20-sp-remote.php b/metadata/saml20-sp-remote.php
new file mode 100644
index 0000000000000000000000000000000000000000..478a4fb028a3fc3c07511536a1da69e798ace430
--- /dev/null
+++ b/metadata/saml20-sp-remote.php
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * SAML 2.0 remote SP metadata for SimpleSAMLphp.
+ *
+ * See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote
+ */
+
+$config = SimpleSAML\Configuration::getInstance();
+$db_dsn = $config->getString('database.dsn', null);
+$db_user = $config->getString('database.username', null);
+$db_passwd = $config->getString('database.password', null);
+$db = new PDO($db_dsn, $db_user, $db_passwd);
+
+$vserver = $_SERVER['SERVER_NAME'];
+$vparts = explode('.', $vserver);
+$vhost = $vparts[0];
+
+$query = "select sp_metadata from idps i where i.host = :host";
+
+$stmt = $db->prepare($query);
+$stmt->execute(array(':host' => $vhost));
+$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+foreach ($result as $row) {
+ $xmldata = $row['sp_metadata'];
+ SimpleSAML\Utils\XML::checkSAMLMessage($xmldata, 'saml-meta');
+ $entities = SimpleSAML\Metadata\SAMLParser::parseDescriptorsString($xmldata);
+ foreach ($entities as &$entity) {
+ $entity = array('saml20-sp-remote' => $entity->getMetadata20SP());
+ }
+}
+
+if ($entities) {
+ $output = SimpleSAML\Utils\Arrays::transpose($entities);
+ $metadata = $output['saml20-sp-remote'];
+} else {
+ $metadata = array();
+}
+
diff --git a/testidp.sql b/testidp.sql
new file mode 100644
index 0000000000000000000000000000000000000000..06a13f3b0aaa6cf4734eb1c3dfe6dc87e3b04d96
--- /dev/null
+++ b/testidp.sql
@@ -0,0 +1,107 @@
+-- MySQL dump 10.17 Distrib 10.3.25-MariaDB, for debian-linux-gnu (x86_64)
+--
+-- Host: localhost Database: testidp
+-- ------------------------------------------------------
+-- Server version 10.3.25-MariaDB-0ubuntu0.20.04.1
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
+/*!40103 SET TIME_ZONE='+00:00' */;
+/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
+/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
+/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
+/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
+
+--
+-- Table structure for table `config`
+--
+
+DROP TABLE IF EXISTS `config`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `config` (
+ `idp_id` int(10) unsigned NOT NULL,
+ `option_id` int(10) unsigned NOT NULL,
+ `value` varchar(100) DEFAULT NULL,
+ KEY `config_FK` (`idp_id`),
+ KEY `config_FK_1` (`option_id`),
+ CONSTRAINT `config_FK` FOREIGN KEY (`idp_id`) REFERENCES `idps` (`idp_id`),
+ CONSTRAINT `config_FK_1` FOREIGN KEY (`option_id`) REFERENCES `options` (`option_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `config`
+--
+
+LOCK TABLES `config` WRITE;
+/*!40000 ALTER TABLE `config` DISABLE KEYS */;
+INSERT INTO `config` VALUES (1,1,'Foobar DB DisplayName'),(1,2,'Foobar DB'),(1,3,'http://foobar.org/url'),(1,5,'technical'),(1,6,'technical@geant.org'),(1,7,'FooDB'),(1,8,'Doe'),(1,9,'+316012345678'),(1,10,'Foobar DB inc.'),(1,11,'Foobar DB mdui'),(1,12,'Foober DB description mdui'),(1,13,'Foobar DB authority'),(1,14,'2008-01-17T11:28:03Z'),(1,15,'http://foobar.org/policy/en');
+/*!40000 ALTER TABLE `config` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `idps`
+--
+
+DROP TABLE IF EXISTS `idps`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `idps` (
+ `idp_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+ `host` varchar(100) NOT NULL,
+ `comment` varchar(100) DEFAULT NULL,
+ `sp_metadata` text DEFAULT NULL,
+ PRIMARY KEY (`idp_id`)
+) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `idps`
+--
+
+LOCK TABLES `idps` WRITE;
+/*!40000 ALTER TABLE `idps` DISABLE KEYS */;
+INSERT INTO `idps` VALUES (1,'foobar','Test Foobar IdP','<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"https://foobar.testidp.incubator.geant.org/saml/module.php/saml/sp/metadata.php/default-sp\">\n <md:SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol\">\n <md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://foobar.testidp.incubator.geant.org/saml/module.php/saml/sp/saml2-logout.php/default-sp\"/>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://foobar.testidp.incubator.geant.org/saml/module.php/saml/sp/saml2-acs.php/default-sp\" index=\"0\"/>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:1.0:profiles:browser-post\" Location=\"https://foobar.testidp.incubator.geant.org/saml/module.php/saml/sp/saml1-acs.php/default-sp\" index=\"1\"/>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"https://foobar.testidp.incubator.geant.org/saml/module.php/saml/sp/saml2-acs.php/default-sp\" index=\"2\"/>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:1.0:profiles:artifact-01\" Location=\"https://foobar.testidp.incubator.geant.org/saml/module.php/saml/sp/saml1-acs.php/default-sp/artifact\" index=\"3\"/>\n </md:SPSSODescriptor>\n</md:EntityDescriptor>');
+/*!40000 ALTER TABLE `idps` ENABLE KEYS */;
+UNLOCK TABLES;
+
+--
+-- Table structure for table `options`
+--
+
+DROP TABLE IF EXISTS `options`;
+/*!40101 SET @saved_cs_client = @@character_set_client */;
+/*!40101 SET character_set_client = utf8 */;
+CREATE TABLE `options` (
+ `option_id` int(10) unsigned NOT NULL AUTO_INCREMENT,
+ `name` varchar(100) NOT NULL,
+ `type` varchar(100) NOT NULL,
+ `comment` varchar(100) DEFAULT NULL,
+ PRIMARY KEY (`option_id`)
+) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4;
+/*!40101 SET character_set_client = @saved_cs_client */;
+
+--
+-- Dumping data for table `options`
+--
+
+LOCK TABLES `options` WRITE;
+/*!40000 ALTER TABLE `options` DISABLE KEYS */;
+INSERT INTO `options` VALUES (1,'OrganizationDisplayName','string','Organization Display name'),(2,'OrganizationName','string','Organization Name'),(3,'OrganizationURL','string','Organization URL'),(5,'contacts:a:contactType','string','e.g. technical or support'),(6,'contacts:a:emailAddress','string','email'),(7,'contacts:a:givenName','string','Given name of the contact'),(8,'contacts:a:surName','string','Surname'),(9,'contacts:a:telephoneNumber','string','Phone number'),(10,'contacts:a:company','string','Company name'),(11,'UIInfo:DisplayName:en','string','Display name (UIInfo)'),(12,'UIInfo:Description:en','string','Description (UIInfo)'),(13,'RegistrationInfo:authority','string','Registration authority'),(14,'RegistrationInfo:instant','date','Registraion instant (date format)'),(15,'RegistrationInfo:policies:en','string','Policy URL (en)');
+/*!40000 ALTER TABLE `options` ENABLE KEYS */;
+UNLOCK TABLES;
+/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
+
+/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
+/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
+/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
+/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
+
+-- Dump completed on 2021-04-08 12:02:51