The metadatasigner.pem certificate used to validate the federation metadata should be placed in the following location:
/opt/shibboleth-idp/credentials/

 
1. Add new block with the new link:


 <metadata:MetadataProvider id="URLMD" xsi:type="metadata:FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
                        metadataURL="https://registry.rctsaai.pt/rr/signedmetadata/federation/rctsaai/metadata.xml"
                        backingFile="/opt/shibboleth-idp/metadata/RCTSaai_metadata.xml"
                        minRefreshDelay="PT5M"
                        maxRefreshDelay="PT1H"
                        refreshDelayFactor="0.75" >


                  <metadata:MetadataFilter xsi:type="SignatureValidation" xmlns="urn:mace:shibboleth:2.0:metadata" trustEngineRef="shibboleth.RR-RCTSaaiMetadataTrustEngine"  requireSignedMetadata="true" />

</metadata:MetadataProvider>



2. Add after block </ security: Credential> the reference to metadatasigner.pem certificate:

 <security:TrustEngine id="shibboleth.RR-RCTSaaiMetadataTrustEngine" xsi:type="security:StaticExplicitKeySignature">
         <security:Credential  id="RCTSaaiFederationCredentials" xsi:type="security:X509Filesystem">
		 	<security:Certificate>/opt/shibboleth-idp/credentials/metadatasigner.pem</security:Certificate>
		 </security:Credential>
</security:TrustEngine>

The metadatasigner.pem certificate used to validate the federation metadata should be placed in the following location:
/etc/shibboleth/

<MetadataProvider type="XML" uri="https://registry.rctsaai.pt/rr/signedmetadata/federation/rctsaai/metadata.xml" backingFilePath="/etc/shibboleth/rctsaai/RCTSaai_metadata.xml"  reloadInterval="60">
	
	 <MetadataFilter type="Signature" certificate="metadatasigner.pem"/>

</MetadataProvider>

The metadatasigner.pem certificate used to validate the federation metadata should be placed in the following location:
/var/simplesaml/cert/

 <?php
   $config = array(
        'sets' => array(
                'rctsaai' => array(
                        'cron' => array('hourly'),
                        'sources' => array(
                                array( 'src' => 'https://registry.rctsaai.pt/rr/signedmetadata/federation/rctsaai/metadata.xml',
                                       'certFingerprint' => '0b3b547d116b92d5f3008a3b4058e7a762f21d9d',
                                        'certificate'               => 'metadatasigner.pem', ),
                                        ),
                                        'maxCache' => 60*60*24*4, // Maximum 4 days cache time.
                                        'maxDuration' => 60*60*24*10, // Maximum 10 days duration on ValidUntil.
                                        'outputDir' => 'metadata/rctsaai/',
                                        'outputFormat' => 'flatfile',
                                ),
        )
);