Merge "Update Makefile Update metadata.yml with correct URL"
diff --git a/README.rst b/README.rst
index c079e06..daff9cb 100644
--- a/README.rst
+++ b/README.rst
@@ -43,3 +43,15 @@
         aN5DvAdir7oYCpHwD5/WvHahUgsrtcz9s+pzRfiStvICVwqCsGquThZHe8YAgGpZ
         04UU/56ncPbsHf5asS3DvfVGw==
         -----END CERTIFICATE-----
+
+
+Shibboleth through HTTP proxy
+==============
+Sometimes there is needed to connect to IdP through HTTP proxy. This has to be done via adding TransportOption to MetadataProvider in Shibboleth2.xml configuration file.
+
+.. code-block:: yaml
+
+  shibboleth:
+    server:
+      enabled: true
+      proxy: http://10.10.10.12:8888
\ No newline at end of file
diff --git a/shibboleth/files/shibboleth2.xml b/shibboleth/files/shibboleth2.xml
index ad5554c..f900165 100644
--- a/shibboleth/files/shibboleth2.xml
+++ b/shibboleth/files/shibboleth2.xml
@@ -74,6 +74,9 @@
             {%- if server.idp_certificate is defined %}
             <MetadataFilter type="Signature" certificate="/etc/shibboleth/fedsigner.pem"/>
             {%- endif %}
+            {%- if server.proxy is defined %}
+            <TransportOption provider="CURL" option="10004">"{{ server.proxy }}"</TransportOption>
+            {%- endif %}
         </MetadataProvider>
 
         <!-- Example of locally maintained metadata. -->