diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c
index b3955b2c..55bf772b 100644
--- a/lasso/id-ff/server.c
+++ b/lasso/id-ff/server.c
@@ -756,6 +756,8 @@ lasso_server_get_encryption_private_key(LassoServer *server)
  * @federation_file: a C string formatted as SAML 2.0 metadata XML content,
  * @trusted_roots:(allow-none): a PEM encoded files containing the certificates to check signatures
  * on the metadata files (optional)
+ * @blacklisted_entity_ids:(allow-none)(element-type string): a list of EntityID which should not be
+ * loaded, can be NULL.
  *
  * Load all the SAML 2.0 entities from @federation_file which contain a declaration for @role. If
  * @trusted_roots is non-NULL, use it to check a signature on the metadata file.
@@ -773,7 +775,7 @@ lasso_server_get_encryption_private_key(LassoServer *server)
  */
 lasso_error_t
 lasso_server_load_federation(LassoServer *server, LassoProviderRole role, const gchar *federation_metadata, const gchar
-		*trusted_roots)
+		*trusted_roots, GList *blacklisted_entity_ids)
 {
 	xmlDoc *doc = NULL;
 	xmlNode *root = NULL;
@@ -806,7 +808,7 @@ lasso_server_load_federation(LassoServer *server, LassoProviderRole role, const
 	}
 	/* TODO: branch to the SAML2 version of this function */
 	if (lasso_strisequal((char*)root->ns->href, LASSO_SAML2_METADATA_HREF)) {
-		lasso_check_good_rc(lasso_saml20_server_load_federation(server, role, root));
+		lasso_check_good_rc(lasso_saml20_server_load_federation(server, role, root, blacklisted_entity_ids));
 	} else {
 	/* TODO: iterate SPDescriptor and IDPDescriptor, choose which one to parse by looking at the role enum.
 	 * */
diff --git a/lasso/id-ff/server.h b/lasso/id-ff/server.h
index c5d35af2..75abd438 100644
--- a/lasso/id-ff/server.h
+++ b/lasso/id-ff/server.h
@@ -104,7 +104,7 @@ LASSO_EXPORT lasso_error_t lasso_server_set_encryption_private_key_with_password
 		const gchar *filename_or_buffer, const gchar *password);
 
 LASSO_EXPORT lasso_error_t lasso_server_load_federation(LassoServer *server, LassoProviderRole role,
-		const gchar *federation_file, const gchar *trusted_roots);
+		const gchar *federation_file, const gchar *trusted_roots, GList *blacklisted_entity_ids);
 
 #ifdef __cplusplus
 }
diff --git a/lasso/saml-2.0/server.c b/lasso/saml-2.0/server.c
index 84bc7ef4..9b750701 100644
--- a/lasso/saml-2.0/server.c
+++ b/lasso/saml-2.0/server.c
@@ -103,7 +103,7 @@ _lasso_test_idp_descriptor(xmlNode *node) {
 }
 
 lasso_error_t
-lasso_saml20_server_load_federation(LassoServer *server, LassoProviderRole role, xmlNode *root_node)
+lasso_saml20_server_load_federation(LassoServer *server, LassoProviderRole role, xmlNode *root_node, GList *blacklisted_entity_ids)
 {
 	xmlNode *child;
 	lasso_error_t rc = 0;
@@ -111,6 +111,8 @@ lasso_saml20_server_load_federation(LassoServer *server, LassoProviderRole role,
 	child = xmlSecGetNextElementNode(root_node->children);
 	/* first parse the providers... */
 	while (child) {
+		LassoProvider *provider = NULL;
+
 		if (! xmlSecCheckNodeName(child,
 					BAD_CAST LASSO_SAML2_METADATA_ELEMENT_ENTITY_DESCRIPTOR,
 					BAD_CAST LASSO_SAML2_METADATA_HREF)) {
@@ -122,12 +124,16 @@ lasso_saml20_server_load_federation(LassoServer *server, LassoProviderRole role,
 		if (role == LASSO_PROVIDER_ROLE_SP && ! _lasso_test_sp_descriptor(child)) {
 			goto next;
 		}
-		LassoProvider *provider;
 
 		provider = lasso_provider_new_from_xmlnode(role, child);
 		if (provider) {
 			char *name = g_strdup(provider->ProviderID);
 
+			if (g_list_find_custom(blacklisted_entity_ids, name,
+						(GCompareFunc) g_strcmp0)) {
+				lasso_release_gobject(provider);
+				goto next;
+			}
 			g_hash_table_insert(server->providers, name, provider);
 		}
 next:
diff --git a/lasso/saml-2.0/serverprivate.h b/lasso/saml-2.0/serverprivate.h
index 27d25716..bb2838be 100644
--- a/lasso/saml-2.0/serverprivate.h
+++ b/lasso/saml-2.0/serverprivate.h
@@ -33,7 +33,8 @@ extern "C" {
 #include "../id-ff/server.h"
 
 int lasso_saml20_server_load_affiliation(LassoServer *server, xmlNode *node);
-lasso_error_t lasso_saml20_server_load_federation(LassoServer *server, LassoProviderRole role, xmlNode *root_node);
+lasso_error_t lasso_saml20_server_load_federation(LassoServer *server, LassoProviderRole role,
+		xmlNode *root_node, GList *blacklisted_entity_ids);
 
 #ifdef __cplusplus
 }
diff --git a/tests/basic_tests.c b/tests/basic_tests.c
index c078c273..9eaabf9a 100644
--- a/tests/basic_tests.c
+++ b/tests/basic_tests.c
@@ -1946,6 +1946,7 @@ START_TEST(test13_test_lasso_server_load_federation)
 {
 	LassoServer *server = NULL;
 	char *metadata_content;
+	GList blacklisted_1 = { .data = "https://identities.univ-jfc.fr/idp/prod", .next = NULL };
 
 	check_not_null(server = lasso_server_new(
 			TESTSDATADIR "/idp5-saml2/metadata.xml",
@@ -1955,7 +1956,8 @@ START_TEST(test13_test_lasso_server_load_federation)
 	check_true(g_file_get_contents(TESTSDATADIR "/renater-metadata.xml", &metadata_content,
 				NULL, NULL));
 	check_good_rc(lasso_server_load_federation(server, LASSO_PROVIDER_ROLE_IDP,
-				metadata_content, TESTSDATADIR "/metadata-federation-renater.crt"));
+				metadata_content, TESTSDATADIR "/metadata-federation-renater.crt", &blacklisted_1));
+	check_true(g_hash_table_size(server->providers) == 101);
 	lasso_release_string(metadata_content);
 	lasso_release_gobject(server);
 }