diff --git a/update-renater-meta.sh b/update-renater-meta.sh
new file mode 100755
index 0000000..c3c7ba2
--- /dev/null
+++ b/update-renater-meta.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+set -e
+set -x
+
+DEFAULT="/etc/default/authentic2"
+BASEDIR=`dirname $0`
+METADATA_TMP=`tempfile`
+FILTERS_TMP=`tempfile`
+CERTIFICATE_TMP=`tempfile`
+FIXTURE_TMP=`tempfile`
+
+function cleanup {
+	rm -f $METADATA_TMP $FILTERS_TMP $CERTIFICATE_TMP $FIXTURE_TMP
+}
+
+trap "cleanup" EXIT
+
+if [ -f  ]; then
+	. /etc/default/authentic2
+else
+	. $BASEDIR/`basename $DEFAULT`
+fi
+
+if ! wget --quiet $RENATER_METADATA -O$METADATA_TMP; then
+	echo ERROR: unable to retrieve metadata from $RENATER_METADATA
+	exit 1
+fi
+
+if ! wget --quiet $RENATER_ATTRIBUTE_FILTERS -O$FILTERS_TMP; then
+	echo ERROR: unable to retrieve attribute filters from $RENATER_ATTRIBUTE_FILTERS
+	exit 1
+fi
+
+if ! wget --quiet $RENATER_CERTIFICATE -O$CERTIFICATE_TMP; then
+	echo ERROR: unable to retrieve Renater metadata signing certificate from $RENATER_CERTIFICATE
+	exit 1
+fi
+
+if ! xmllint $METADATA_TMP >/dev/null; then
+	echo ERROR: xmllint failed on renater metadata
+	exit 1
+fi
+
+if ! xmllint $FILTERS_TMP >/dev/null; then
+	echo ERROR: xmllint failed on renater attribute filters
+	exit 1
+fi
+
+# Verify metadata signature
+if ! xmlsec1 --verify --id-attr:ID EntitiesDescriptor --pubkey-cert-pem $CERTIFICATE_TMP --enabled-key-data key-name $METADATA_TMP 2>/dev/null >/dev/null; then
+	echo ERROR: unable to validate signature on $RENATER_METADATA
+	exit 1
+fi
+
+# Build fixture
+cat <<EOF >$FIXTURE_TMP
+[
+{
+    "pk": [
+        "Default"
+    ], 
+    "model": "saml.libertyproviderpolicy", 
+    "fields": {
+        "name": "Default", 
+        "authn_request_signature_check_hint": 2
+    }
+}]
+EOF
+
+# Load fixture
+authentic2-ctl loaddata -v0 $FIXTURE_TMP
+
+
+sed -i 's/\<email\>/mail/' $FILTERS_TMP
+
+# Load metadataas
+authentic2-ctl sync-metadata --source=renater --shibboleth-attribute-filter-policy=$FILTERS_TMP --sp -v1 $METADATA_TMP