diff --git a/bin/probe_saml_idp.sh b/bin/probe_saml_idp.sh
index d173a5b..d0d365d 100755
--- a/bin/probe_saml_idp.sh
+++ b/bin/probe_saml_idp.sh
@@ -28,7 +28,7 @@ display_help () {
 	${user_agent_string}
 
 	Given a single identifier, assumed to be an IdP entityID, probe
-	all browser-facing SAML2 SSO endpoints in metadata.
+	all browser-facing SAML2 SSO endpoints in IdP metadata.
 
 	Usage: ${0##*/} [-hvq] [-t CONNECT_TIME [-m MAX_TIME]] [-r MAX_REDIRS] (-u MDQ_BASE_URL | -f MD_PATH) ID
 	
@@ -216,7 +216,6 @@ if $md_query_mode; then
 	fi
 	$verbose_mode && printf "$script_name using base URL: %s\n" "$mdq_base_url"
 elif $md_file_mode; then
-
 	# temporary
 	echo "ERROR: $script_name: option -f not yet implemented" >&2
 	exit 2
@@ -285,11 +284,11 @@ if [ $# -ne 1 ]; then
 	echo "ERROR: $script_name: wrong number of arguments: $# (1 required)" >&2
 	exit 2
 fi
-entityID="$1"
-if [ -z "$entityID" ] ; then
+if [ -z "$1" ] ; then
 	echo "ERROR: $script_name: empty string" >&2
 	exit 2
 fi
+entityID="$1"
 $verbose_mode && echo "$script_name using entityID $entityID"
 
 #####################################################################
@@ -297,39 +296,44 @@ $verbose_mode && echo "$script_name using entityID $entityID"
 #####################################################################
 
 # determine temporary directory
-if [ -n "$TMPDIR" ] && [ -d "$TMPDIR" ]; then
+if [ -n "$TMP_DIR" ] && [ -d "$TMP_DIR" ]; then
+	# use user-provided temporary directory (remove trailing slash)
+	tmp_dir="${TMP_DIR%%/}/probe_saml_idp_$$"
+	$verbose_mode && printf "$script_name using temp dir: %s\n" "$tmp_dir"
+elif [ -n "$TMPDIR" ] && [ -d "$TMPDIR" ]; then
 	# use system temporary directory (remove trailing slash)
-	TMP_DIR="${TMPDIR%%/}/probe_saml_idp_$$"
-	$verbose_mode && printf "$script_name using temp dir: %s\n" "$TMP_DIR"
+	tmp_dir="${TMPDIR%%/}/probe_saml_idp_$$"
+	$verbose_mode && printf "$script_name using temp dir: %s\n" "$tmp_dir"
 else
 	# create temporary directory
-	tmp_dir="$( make_temp_file -d )"
-	if [ ! -d "$tmp_dir" ] ; then
+	new_dir="$( make_temp_file -d )"
+	if [ ! -d "$new_dir" ] ; then
 		printf "ERROR: $script_name unable to create temporary dir\n" >&2
 		exit 2
 	fi
 	# use temporary directory (remove trailing slash)
-	TMP_DIR="${tmp_dir%%/}/probe_saml_idp_$$"
-	$verbose_mode && printf "$script_name creating temp dir: %s\n" "$TMP_DIR"
+	tmp_dir="${new_dir%%/}/probe_saml_idp_$$"
+	$verbose_mode && printf "$script_name creating temp dir: %s\n" "$tmp_dir"
 fi
 
 # create temporary directory if necessary
-if [ ! -d "$TMP_DIR" ]; then
-	/bin/mkdir "$TMP_DIR"
+if [ ! -d "$tmp_dir" ]; then
+	/bin/mkdir "$tmp_dir"
 	exit_status=$?
 	if [ $exit_status -ne 0 ]; then
-		echo "ERROR: $script_name failed to create tmp dir ($exit_status) $TMP_DIR" >&2
+		echo "ERROR: $script_name failed to create tmp dir ($exit_status) $tmp_dir" >&2
 		exit 2
 	fi
 fi
 
 # create temporary subdirectories if necessary
-for http_binding in Redirect POST POST-SimpleSign; do
-	if [ ! -d "$TMP_DIR/$http_binding" ]; then
-		/bin/mkdir "$TMP_DIR/$http_binding"
+http_bindings="Redirect POST POST-SimpleSign"
+for http_binding in $http_bindings; do
+	if [ ! -d "$tmp_dir/$http_binding" ]; then
+		/bin/mkdir "$tmp_dir/$http_binding"
 		exit_status=$?
 		if [ $exit_status -ne 0 ]; then
-			echo "ERROR: $script_name failed to create tmp dir ($exit_status) $TMP_DIR/$http_binding" >&2
+			echo "ERROR: $script_name failed to create tmp dir ($exit_status) $tmp_dir/$http_binding" >&2
 			exit 2
 		fi
 	fi
@@ -340,7 +344,7 @@ done
 #####################################################################
 
 # get entity metadata
-entityDescriptor=$( getEntityFromServer -d "$TMP_DIR" -u "$mdq_base_url" $entityID )
+entityDescriptor=$( getEntityFromServer -d "$tmp_dir" -u "$mdq_base_url" $entityID )
 exit_status=$?
 if [ "$exit_status" -ne 0 ]; then
 	echo "ERROR: $script_name: unable to obtain metadata for entityID: $entityID" >&2
@@ -358,8 +362,8 @@ endpoints=$( echo "$entityDescriptor" \
 	| $_GREP -E '<(md:)?SingleSignOnService '
 )
 
-# iterate over the SAML2 browser-facing endpoints
-for http_binding in Redirect POST POST-SimpleSign; do
+# iterate over the SAML2 browser-facing SSO endpoints
+for http_binding in $http_bindings; do
 
 	# compute the endpoint
 	endpoint=$( echo "$endpoints" \
@@ -387,7 +391,7 @@ for http_binding in Redirect POST POST-SimpleSign; do
 	# probe the endpoint
 	output=$( probe_saml2_idp_endpoint -v \
 		-t $connect_timeout -m $max_time -r $max_redirs \
-		-T "$TMP_DIR/$http_binding" \
+		-T "$tmp_dir/$http_binding" \
 		$location $binding "$saml_message"
 	)
 	exit_status=$?
@@ -395,6 +399,7 @@ for http_binding in Redirect POST POST-SimpleSign; do
 		echo "ERROR: $script_name: probe_saml2_idp_endpoint failed ($exit_status)" >&2
 		exit 3
 	fi
+	
 	echo "$output $entityID $registrarID"
 	
 done