diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index bb70d93c73818f7f02a66d9683b947345dba51b6..24a15d1ba6f652e2875e63e997f350f7645c1d88 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -681,7 +681,10 @@ class SimpleSAML_Metadata_SAMLParser {
 		if (array_key_exists('expire', $idp)) {
 			$ret['expire'] = $idp['expire'];
 		}
-
+		
+		if (array_key_exists('scopes', $idp))
+			$ret['scopes'] = $idp['scopes'];
+		
 
 		/* Enable redirect.sign if WantAuthnRequestsSigned is enabled. */
 		if ($idp['wantAuthnRequestsSigned']) {
@@ -769,6 +772,7 @@ class SimpleSAML_Metadata_SAMLParser {
 		}
 
 		$sd['protocols'] = self::getSupportedProtocols($element);
+		
 
 		/* Find all SingleLogoutService elements. */
 		$sd['singleLogoutServices'] = array();
@@ -836,6 +840,13 @@ class SimpleSAML_Metadata_SAMLParser {
 		assert('is_null($expireTime) || is_int($expireTime)');
 
 		$idp = self::parseSSODescriptor($element, $expireTime);
+		
+		$extensions = SimpleSAML_Utilities::getDOMChildren($element, 'Extensions', '@md');
+		if (!empty($extensions)) 
+			$this->processExtensions($extensions[0]);
+
+		if (!empty($this->scopes)) $idp['scopes'] = $this->scopes;
+		
 
 		/* Find all SingleSignOnService elements. */
 		$idp['singleSignOnServices'] = array();
@@ -861,7 +872,8 @@ class SimpleSAML_Metadata_SAMLParser {
 	 */
 	private function processExtensions($element) {
 		assert('$element instanceof DOMElement');
-
+		
+		
 		for($i = 0; $i < $element->childNodes->length; $i++) {
 			$child = $element->childNodes->item($i);
 
diff --git a/modules/metarefresh/lib/MetaLoader.php b/modules/metarefresh/lib/MetaLoader.php
index 272d1090011379b71be8769a41ce7dee01ccc7fa..6a189ff5ba9ff14eb02e11faef872894654d6708 100644
--- a/modules/metarefresh/lib/MetaLoader.php
+++ b/modules/metarefresh/lib/MetaLoader.php
@@ -33,15 +33,16 @@ class sspmod_metarefresh_MetaLoader {
 	public function loadSource($source) {
 
 		$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsFile($source['src']);
-	
+		$ca = NULL;
 		foreach($entities as $entity) {
-			if($source['validateFingerprint'] !== NULL) {
+			if(array_key_exists('validateFingerprint', $source) && $source['validateFingerprint'] !== NULL) {
 				if(!$entity->validateFingerprint($source['validateFingerprint'])) {
 					SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify signature.' . "\n");
 					continue;
 				}
 			}
 	
+			// TODO: $ca is always null
 			if($ca !== NULL) {
 				if(!$entity->validateCA($ca)) {
 					SimpleSAML_Logger::info('Skipping "' . $entity->getEntityId() . '" - could not verify certificate.' . "\n");