diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java
index e38d03499..3fad62463 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java
@@ -13,7 +13,9 @@
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -26,6 +28,7 @@
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
 
 import javax.annotation.PostConstruct;
+import javax.xml.ws.Response;
 import java.net.URI;
 import java.util.stream.Collectors;
 
@@ -152,6 +155,20 @@ public Iterable<EntityDescriptorRepresentation> getDisabledAndNotOwnedByAdmin()
                 .collect(Collectors.toList());
     }
 
+    @Secured("ROLE_ADMIN")
+    @DeleteMapping(value = "/EntityDescriptor/{resourceId}")
+    public ResponseEntity<?> deleteOne(@PathVariable String resourceId) {
+        EntityDescriptor ed = entityDescriptorRepository.findByResourceId(resourceId);
+        if (ed == null) {
+            return ResponseEntity.notFound().build();
+        } else if (ed.isServiceEnabled()) {
+            return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new ErrorResponse(HttpStatus.FORBIDDEN, "Deleting an enabled Metadata Source is not allowed. Disable the source and try again."));
+        } else {
+            entityDescriptorRepository.delete(ed);
+            return ResponseEntity.noContent().build();
+        }
+    }
+
     private static URI getResourceUriFor(EntityDescriptor ed) {
         return ServletUriComponentsBuilder
                 .fromCurrentServletMapping().path("/api/EntityDescriptor")
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ErrorResponse.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ErrorResponse.java
index fa91aa3e6..f3f84169d 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ErrorResponse.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ErrorResponse.java
@@ -4,6 +4,7 @@
 import lombok.Getter;
 import lombok.Setter;
 import lombok.ToString;
+import org.springframework.http.HttpStatus;
 
 /**
  * @author Bill Smith (wsmith@unicon.net)
@@ -15,4 +16,9 @@
 public class ErrorResponse {
     private String errorCode;
     private String errorMessage;
+
+    public ErrorResponse(HttpStatus httpStatus, String errorMessage) {
+        this.errorCode = String.valueOf(httpStatus.value());
+        this.errorMessage = errorMessage;
+    }
 }