diff --git a/create_saml_aws.sh b/create_saml_aws.sh
old mode 100644
new mode 100755
index 4695223..79c1f24
--- a/create_saml_aws.sh
+++ b/create_saml_aws.sh
@@ -1,11 +1,16 @@
 #!/bin/sh
-echo \# run the following commands replacing name with the IDP name (if needed)
-echo
-echo aws iam create-saml-provider --saml-metadata-document file://login.at.internet2.edu-metadata.xml --name login.at.internet2.edu
-echo
-echo \# edit shibpolicy.json and replace the ARN with the ARN of the new account
-echo
-echo aws iam create-role --role-name administrator --assume-role-policy-document file://shibpolicy.json
-echo aws iam attach-role-policy --role-name administrator --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
-echo aws iam create-role --role-name readonly --assume-role-policy-document file://shibpolicy.json
-echo aws iam attach-role-policy --role-name readonly --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
+
+[ $# -eq 0 ] && { echo "Usage: $0 name_of_idp "; exit 1; }
+
+
+aws iam create-saml-provider --saml-metadata-document file://idp.xml --name $1
+if [ $? -ne -1 ]
+  then
+    echo "creation failed, read the readme and make sure you have an IAM role to perform this action"
+    exit 1
+fi
+
+aws iam create-role --role-name administrator --assume-role-policy-document file://shibpolicy.json
+aws iam attach-role-policy --role-name administrator --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
+aws iam create-role --role-name readonly --assume-role-policy-document file://shibpolicy.json
+aws iam attach-role-policy --role-name readonly --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
diff --git a/idp.xml b/idp.xml
index e69de29..7986a64 100644
--- a/idp.xml
+++ b/idp.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="INC20170306T193623" Name="urn:mace:incommon:icmp" validUntil="2020-03-20T19:36:23Z"><ds:Signature>
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+<ds:Reference URI="#INC20170306T193623">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+<ds:DigestValue>KFGoVa3yW3VcpskjMYEfcFE68snoapGjMYuesNpzcO4=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>
+Es3REEYMqE+2JLhqo0mpFZvERjT9ihKPK2PMvCWDbL5Yov2YuixS9z+isoCB2cmkjQreCN0f0/mB
+v+wLtq7myFBDDIo+EkfYUMVHHixOfIyXUO7i8xWv32Xgi9aDAQ3MXQ0Uawwb3/iS8Ha5MxKwKeIh
+MlpvH9jhKN0FcprJ2Ynxx54wYSQ32BpsHCK5N9dTDkYk6/qtJyvecudtOilqQVq1W8dS6XPE7OZe
+UVuj057ke3lZbLBnMjNYeYjZ5HGvryMudNwXng0YonLZrruxv6OF6jhcM/Apo9Ya3eQkDI9aS6Bx
+pwSw9nanNcdlloclUOo8JMtpx6Mcag8h/wt9Hw==
+</ds:SignatureValue>
+<ds:KeyInfo>
+<ds:KeyValue>
+<ds:RSAKeyValue>
+<ds:Modulus>
+yXcrwe0GSiJxBEp3SYXeTGztL+JxToGKWmCZ7qQyiLHK4NeVdcTjoJGRRjukVQWA7c78zvxRrdED
+F/GfNj7WjKBYjE8/eZTpmyVOTA9ya0u+/4vYGbo5GvBv4dcCBLZd+4Tl77ZAG40/x5rtzMy34sfr
+FdkiMWGz9eln3ed/aOOBnXfC1vIzy7rGc2JSYssgNThJuY5C78qVcnOcOFjiCiQKFWjC549zAxVf
+GoiU5HK02eGk3N/6BMpnekGLIR/NPnXvNQJvAV2Nl7LvK5g6CsWZhxsASKzLeqCCh1EbHBFHQ1NH
+eUj3dcpKLCg2L8NKsZBk1jES0lldhW5843L+Gw==
+</ds:Modulus>
+<ds:Exponent>AQAB</ds:Exponent>
+</ds:RSAKeyValue>
+</ds:KeyValue>
+<ds:X509Data>
+<ds:X509Certificate>
+MIIDqzCCApOgAwIBAgIJAIkIlHj+D7gRMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMREw
+DwYDVQQIDAhNaWNoaWdhbjESMBAGA1UEBwwJQW5uIEFyYm9yMRIwEAYDVQQKDAlJbnRlcm5ldDIx
+IjAgBgNVBAMMGW1ldGFkYXRhLmF0LmludGVybmV0Mi5lZHUwHhcNMTcxMDExMTQxNTU0WhcNMjcx
+MDA5MTQxNTU0WjBsMQswCQYDVQQGEwJVUzERMA8GA1UECAwITWljaGlnYW4xEjAQBgNVBAcMCUFu
+biBBcmJvcjESMBAGA1UECgwJSW50ZXJuZXQyMSIwIAYDVQQDDBltZXRhZGF0YS5hdC5pbnRlcm5l
+dDIuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXcrwe0GSiJxBEp3SYXeTGzt
+L+JxToGKWmCZ7qQyiLHK4NeVdcTjoJGRRjukVQWA7c78zvxRrdEDF/GfNj7WjKBYjE8/eZTpmyVO
+TA9ya0u+/4vYGbo5GvBv4dcCBLZd+4Tl77ZAG40/x5rtzMy34sfrFdkiMWGz9eln3ed/aOOBnXfC
+1vIzy7rGc2JSYssgNThJuY5C78qVcnOcOFjiCiQKFWjC549zAxVfGoiU5HK02eGk3N/6BMpnekGL
+IR/NPnXvNQJvAV2Nl7LvK5g6CsWZhxsASKzLeqCCh1EbHBFHQ1NHeUj3dcpKLCg2L8NKsZBk1jES
+0lldhW5843L+GwIDAQABo1AwTjAdBgNVHQ4EFgQUNeFjfxOm0XN5ABaT8XjjsG/zF08wHwYDVR0j
+BBgwFoAUNeFjfxOm0XN5ABaT8XjjsG/zF08wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AQEARqaz3wRevCKTqCmq/cpIgRlqdLZIoZNAdnq7RGmPmBBV1pIj9Z/mwSZjwZ/1Jex+Z+Llwo+X
+J47c+Mnq6e/nBKVfFNDwQd8P+/BRkXnSen5QzDNtOZkS7JzRULGKIaQ76cry+uofaKlOMrKL1h2Y
+zYGnl8unkIEUwj/CJ6JnwyBm8m4/esrYe40dfv+8y7uegPvmY0YmZ+O4NN4+BI+hA+4KF2hW+7vl
+xJi2sx0+PKh4v73gVsEenJTALpyxXCNcKubXfHutll2murLAePnXFR2dcspemVby62b64smmf5PN
+nglyKd3iSqrFRL4LhHNUkhy4OnZeLYFXizIu6dgURQ==
+</ds:X509Certificate>
+</ds:X509Data>
+</ds:KeyInfo>
+</ds:Signature>
+
+   <!-- Google proxy from Cirrus Identity -->
+   <md:EntityDescriptor entityID="https://google.cirrusidentity.com/gateway">
+      <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        <Extensions>
+          <shibmd:Scope regexp="false">google.com</shibmd:Scope>
+          <mdui:UIInfo>
+              <mdui:DisplayName xml:lang="en">Google Gateway</mdui:DisplayName>
+          </mdui:UIInfo>
+        </Extensions>
+        <md:KeyDescriptor use="signing">
+          <ds:KeyInfo>
+            <ds:X509Data>
+              <ds:X509Certificate>MIIECDCCAvACCQDG6tQKXONUEzANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEDAOBgNVBAcTB09ha2xhbmQxHjAcBgNVBAoTFUNpcnJ1cyBJZGVudGl0eSwgSW5jLjEgMB4GA1UECxMXQ2lycnVzIElkZW50aXR5IEdhdGV3YXkxIjAgBgNVBAMTGWdvb2dsZS5jaXJydXNpZGVudGl0eS5jb20xKTAnBgkqhkiG9w0BCQEWGnN1cHBvcnRAY2lycnVzaWRlbnRpdHkuY29tMB4XDTE0MDEwOTE2MzUzNloXDTM0MDEwODE2MzUzNlowgcUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRAwDgYDVQQHEwdPYWtsYW5kMR4wHAYDVQQKExVDaXJydXMgSWRlbnRpdHksIEluYy4xIDAeBgNVBAsTF0NpcnJ1cyBJZGVudGl0eSBHYXRld2F5MSIwIAYDVQQDExlnb29nbGUuY2lycnVzaWRlbnRpdHkuY29tMSkwJwYJKoZIhvcNAQkBFhpzdXBwb3J0QGNpcnJ1c2lkZW50aXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNGjc5vM/ZP5uZLH3merv21m5y3CYOKJ1ZVolBlu/6FL0ssYbORtzHdX8PuUZ6WdVW9w55ORE9A+2edFUB1lRj5BGJwfW0A6TbKfPNtrc3IxkcRFpJHAf4ew6WNXtCL/UdvXP2e3it8GxP6Gl5r6HZXL3GPmYPlkEMsNsWLkmWDKCheYd+tbIZvcKnFcDUH2UGNCpMkQmfzHyFm9D02eCwY2K17Y1UzxQpHonrSQv/afPmF0O5eXFiHXu/27cyzCxTAWI5NjN/5RcYgYLF4tjsv9aBc+Tm9oKH7CfvB/D13GTWj+vwmuVlk/RyWYO7tsd79jMcTk9h8tzoEhjqa7IsCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAJ0Zx87ITJt+Uuks7AzC83uheOKUwH88sSa6XsdRNYtmXplWfxUAQn/eiZ8Fzj/nb+2udhK1oPmAltDmel6qM5BcTaAv7k9D2Gvi3QrTt1czS1m3rOwN7FU3RkIJhG32CVJNMnYkzK+JSMYFOpHoZQy46Fn66onBqwCG7aYTNr5uOzG0hdM7K3RSF5PHeXjY7X63crgL2BNtlHhPR0ZFRPcYuWFzRdYV5+1Gu5qdSLcFMmIX2DlZn5vpcQBEPCEyMe+o0tBFSMeeUFjlOVrmF28hMwdsmwYc68dn7Bw9yjHlp7/nhRtrKRrjj4+/1Zybc/EeVBn9ccka+o2a4ubqRjQ==</ds:X509Certificate>
+            </ds:X509Data>
+          </ds:KeyInfo>
+        </md:KeyDescriptor>
+        <md:KeyDescriptor use="encryption">
+          <ds:KeyInfo>
+            <ds:X509Data>
+              <ds:X509Certificate>MIIECDCCAvACCQDG6tQKXONUEzANBgkqhkiG9w0BAQUFADCBxTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEDAOBgNVBAcTB09ha2xhbmQxHjAcBgNVBAoTFUNpcnJ1cyBJZGVudGl0eSwgSW5jLjEgMB4GA1UECxMXQ2lycnVzIElkZW50aXR5IEdhdGV3YXkxIjAgBgNVBAMTGWdvb2dsZS5jaXJydXNpZGVudGl0eS5jb20xKTAnBgkqhkiG9w0BCQEWGnN1cHBvcnRAY2lycnVzaWRlbnRpdHkuY29tMB4XDTE0MDEwOTE2MzUzNloXDTM0MDEwODE2MzUzNlowgcUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRAwDgYDVQQHEwdPYWtsYW5kMR4wHAYDVQQKExVDaXJydXMgSWRlbnRpdHksIEluYy4xIDAeBgNVBAsTF0NpcnJ1cyBJZGVudGl0eSBHYXRld2F5MSIwIAYDVQQDExlnb29nbGUuY2lycnVzaWRlbnRpdHkuY29tMSkwJwYJKoZIhvcNAQkBFhpzdXBwb3J0QGNpcnJ1c2lkZW50aXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNGjc5vM/ZP5uZLH3merv21m5y3CYOKJ1ZVolBlu/6FL0ssYbORtzHdX8PuUZ6WdVW9w55ORE9A+2edFUB1lRj5BGJwfW0A6TbKfPNtrc3IxkcRFpJHAf4ew6WNXtCL/UdvXP2e3it8GxP6Gl5r6HZXL3GPmYPlkEMsNsWLkmWDKCheYd+tbIZvcKnFcDUH2UGNCpMkQmfzHyFm9D02eCwY2K17Y1UzxQpHonrSQv/afPmF0O5eXFiHXu/27cyzCxTAWI5NjN/5RcYgYLF4tjsv9aBc+Tm9oKH7CfvB/D13GTWj+vwmuVlk/RyWYO7tsd79jMcTk9h8tzoEhjqa7IsCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAJ0Zx87ITJt+Uuks7AzC83uheOKUwH88sSa6XsdRNYtmXplWfxUAQn/eiZ8Fzj/nb+2udhK1oPmAltDmel6qM5BcTaAv7k9D2Gvi3QrTt1czS1m3rOwN7FU3RkIJhG32CVJNMnYkzK+JSMYFOpHoZQy46Fn66onBqwCG7aYTNr5uOzG0hdM7K3RSF5PHeXjY7X63crgL2BNtlHhPR0ZFRPcYuWFzRdYV5+1Gu5qdSLcFMmIX2DlZn5vpcQBEPCEyMe+o0tBFSMeeUFjlOVrmF28hMwdsmwYc68dn7Bw9yjHlp7/nhRtrKRrjj4+/1Zybc/EeVBn9ccka+o2a4ubqRjQ==</ds:X509Certificate>
+            </ds:X509Data>
+          </ds:KeyInfo>
+        </md:KeyDescriptor>
+        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://google.cirrusidentity.com/idp/SSOService/HTTP-Redirect"/>
+      </IDPSSODescriptor>
+      <Organization>
+        <OrganizationName xml:lang="en">Google Gateway</OrganizationName>
+        <OrganizationDisplayName xml:lang="en">Google Gateway</OrganizationDisplayName>
+	<OrganizationURL xml:lang="en">https://www.cirrusidentity.com</OrganizationURL>
+      </Organization>
+      <md:ContactPerson contactType="technical">
+        <md:SurName>Support</md:SurName>
+        <md:EmailAddress>support@cirrusidentity.com</md:EmailAddress>
+      </md:ContactPerson>
+    </md:EntityDescriptor>
+
+
+
+
+
+</EntitiesDescriptor>