diff --git a/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/application-se.properties b/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/application-se.properties
index 2d29c855..3dd408ec 100644
--- a/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/application-se.properties
+++ b/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/application-se.properties
@@ -100,4 +100,4 @@ management.server.port=8444
 management.server.ssl.enabled=true
 
 proxy-service.syslog.enabled=true
-proxy-service.signature-algorithm.md=http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1
+
diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml
index 805897de..48dd5561 100644
--- a/global/overlay/etc/puppet/cosmos-db.yaml
+++ b/global/overlay/etc/puppet/cosmos-db.yaml
@@ -67,7 +67,7 @@ classes:
     autoupdate: null
     common: null
     eid::dockerhost: null
-    eidas_connector: &id003 {hostname: connector.eidas.swedenconnect.se, version: 1.6.0}
+    eidas_connector: &id003 {hostname: connector.eidas.swedenconnect.se, version: 1.6.1}
     entropyclient: null
     infra_ca_rp: null
     konsulter: null
@@ -126,7 +126,7 @@ classes:
   eidas-node-1.qa.sveidas.se:
     autoupdate: null
     common: null
-    eidas_connector: {hostname: qa.connector.eidas.swedenconnect.se, version: 1.6.0}
+    eidas_connector: {hostname: qa.connector.eidas.swedenconnect.se, version: 1.6.2}
     entropyclient: null
     infra_ca_rp: null
     konsulter: null
@@ -146,7 +146,7 @@ classes:
     autoupdate: null
     common: null
     eidas_proxy: {hostname: qa.proxy.eidas.swedenconnect.se, spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION,
-      version: 1.3.4}
+      version: 1.3.5}
     entropyclient: null
     infra_ca_rp: null
     konsulter: null
@@ -168,7 +168,7 @@ classes:
     common: null
     eid::dockerhost: null
     eidas_proxy: &id005 {hostname: proxy.eidas.swedenconnect.se, spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION,
-      version: 1.3.4}
+      version: 1.3.5}
     entropyclient: null
     infra_ca_rp: null
     konsulter: null
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 94f72278..99f7e91a 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -690,7 +690,7 @@ md-eu1.qa.komreg.net:
    konsulter:
    autoupdate:
    eidas_connector:
-     version: 1.6.0
+     version: 1.6.1
      hostname: connector.eidas.swedenconnect.se
    sunet::frontend::register_sites:
      sites:
@@ -716,7 +716,7 @@ md-eu1.qa.komreg.net:
    autoupdate:
    servicemonitor:
    eidas_proxy:
-      version: 1.3.4
+      version: 1.3.5
       hostname: proxy.eidas.swedenconnect.se
       spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION
    sunet::frontend::register_sites:
@@ -754,7 +754,7 @@ md-eu1.qa.komreg.net:
    sunet_iaas_cloud:
    autoupdate:
    eidas_connector:
-     version: 1.6.0
+     version: 1.6.2
      hostname: qa.connector.eidas.swedenconnect.se
    sunet::frontend::register_sites:
      sites:
@@ -771,7 +771,7 @@ md-eu1.qa.komreg.net:
    autoupdate:
    servicemonitor:
    eidas_proxy:
-      version: 1.3.4
+      version: 1.3.5
       hostname: qa.proxy.eidas.swedenconnect.se
       spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION
    sunet::frontend::register_sites:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 8f5ddc46..b0b6d3d8 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -666,13 +666,20 @@ class pages($version=undef) {
 }
 
 class metadatamgrs {
-   ssh_authorized_key {'bjorn_mattsson':
-      ensure => present,
-      name   => 'bjorn.mattsson@bth.se',
+   ssh_authorized_key {'bjorn_mattsson+000606447540':
+      ensure => absent,
+      name   => 'bjorn.mattsson@bth.se-cardno:000606447540',
       type   => 'ssh-rsa',
       key    => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDEWat69rLNIV4CXzsYKJwfT57vZJPLAiJE6jEdSWkl4yTHHl/d/fPzcCPH7FRl4O56xS0WwDn6HDeUvUBFMMH+1Jto98jhlTEcRjdn/BR9VA2nIfuEpvhZ7/m12nUeDDKISJOT9/vMZBWD3x3E4YscJm+gbyImhQ8iERTjur3eC4O4o7l9t0Uy6+wn37CwoyGCsxUVOBoptZOtA6pJ+BTEfzbt8hW2udTqg0pvSpKFQfP87Ioi1mfhRXBbvjS53sbmD/CMj8X6cs8n6zXriggaB2Iy0jfDsgLQHqUxaP2qKR4O76I1ewzkt0OXpanbgljjsDBA+cHWe1A5ViITika7Wf9qiIPKYQdknmKuuckg5c+3K+HRokwSH/2gDjIx1Ziw9eRvF3g3wctGwjAqmu+7CQmXEAlRBeMEGzj9plXOeUbo/a7VJiBIMdfs/gVUTvfnCjq1P/Wz4VO6DhWsC7GFiW7Df2El1kjKDIRwO5KypHSBOleagSLZIt3yn+mEQE+gBfoMin/KJ6C0dnWaA398AZ/pLyjL2C5ZHArt/1MwmVzHbG7JGseHXMcrLPzDUmfB0J1pmrJfEStfwmenynG+xE7ZLf6HrSjEKT+6nzxBNC7C6v4oNlwEkS/EccQQK3STO4fbfYWiY9FhSNidAFZmcNVU5roaeyx5rJ7nt+X/uw==',
       user   => 'root'
    }
+   ssh_authorized_key {'bjorn_mattsson+000606484562':
+      ensure => present,
+      name   => 'bjorn.mattsson@bth.se-cardno:000604539918',
+      type   => 'ssh-rsa',
+      key    => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDgsv4gJdi9oaylsrCC/F5fVa67jpAy8WMJPsjYUq1QkVwO+ZuN0ozTqslJf7tATw9YA8jOKahzfc+x1NFOCNkkmW+YaKtF7i8UYjGxRmwDSRCLWSSeXUuQUqz7NBRgPYu/6r/VjqrbHATpHftoAB5RkfzBPUTiLetqC8PHBorM/zrWj2CpBP6vQ4XveCq5GSBh4q4bi0SOaFKOJ+pPJR6L3PiVr76u3ryB5ZQZBZHG0gHI9wXFZcbEOzsSWHU/FKcHDI2QSWXaPtgk+sxHOoL1ZFuUS6i79sV4AFD/VaQAB+3P/QJf6seIM5AcC5fqrfBcVQe5RzC9mypbGuXim325DQBaNTtz3IZhH1IbJpA3b4x06fgjpp+2Z9qKtAZaZzNQPk+bguvyqtEZmI99l/Pa+qNTIe3x8W1960xO/jiyansd5uTBAq1+CGq5ccmVlvPlBuHPLNoV0WY4fnv8yTBj2LNYCvC9SWzmYkQ2ihZD/xauvdoV05A3iKBwxDT/LxPGfBY8YAGF5Cj3KpdTYFlUTOT3BHi3YXhcm4nzdhO4h1NP3HeEQGKPevx/POYADHUA3U7+uSkZxlT5lUl7mdHqNc+zVVHpz7PUBmdq3qVGG72K+X1G8ETtNrkfv/r7Mg7oXEjh5pkSUw8Yj1cQUcHE4js4PRqeC4n1/5hH90sweQ==',
+      user   => 'root'
+   }
    ssh_authorized_key {'paul_scott':
       ensure => present,
       name   => 'paul.scott@kau.se',
@@ -925,7 +932,7 @@ class nagios_monitor {
    $web_admin_pw   = safe_hiera('nagios_nagiosadmin_password');
    $web_admin_user = 'nagiosadmin';
 
-   package { 'libxml2-utils': ensure => installed}
+   package { 'xsltproc': ensure => installed}
    
    class { 'webserver': }
    class { 'nagioscfg':
@@ -1130,13 +1137,13 @@ class nagios_monitor {
    }
    nagioscfg::service {'check_country_eIDAS_QA':
       host_name      => ['qa.md.eidas.swedenconnect.se'],
-      check_command  => 'check_country_count!qa.md.eidas.swedenconnect.se!23!2!3',
+      check_command  => 'check_country_count!qa.md.eidas.swedenconnect.se!UK LU IT ES HR DE EE BE IS XB CY PL SK XC LT NO DK CZ SE GR XA MT SI!1!3',
       description    => 'check number of countries in eIDAS QA',
       contact_groups => ['alerts'],
    }
    nagioscfg::service {'check_country_eIDAS':
       host_name      => ['md.eidas.swedenconnect.se'],
-      check_command  => 'check_country_count!md.eidas.swedenconnect.se!8!1!2',
+      check_command  => 'check_country_count!md.eidas.swedenconnect.se!UK LU IT ES HR DE EE BE!1!3',
       description    => 'check number of countries in eIDAS',
       contact_groups => ['alerts'],
    }
diff --git a/global/overlay/usr/lib/nagios/plugins/check_eidas_country_count.sh b/global/overlay/usr/lib/nagios/plugins/check_eidas_country_count.sh
index e267e59a..80be47d6 100755
--- a/global/overlay/usr/lib/nagios/plugins/check_eidas_country_count.sh
+++ b/global/overlay/usr/lib/nagios/plugins/check_eidas_country_count.sh
@@ -1,33 +1,73 @@
 #!/bin/bash
 
+set +x
+
 . /usr/lib/nagios/plugins/utils.sh
 
 abs() { 
     [[ $[ $@ ] -lt 0 ]] && echo "$[ ($@) * -1 ]" || echo "$[ $@ ]"
 }
 
-count=$(wget -qO- https://$1/role/idp.xml | xmllint --format - | grep eidas:NodeCountry | wc -l)
+tmpx=$(mktemp)
+
+finish() {
+   rm -f $tmpx
+}
+trap finish EXIT
+
+cat>$tmpx<<EOF
+<?xml version="1.0"?>
+<xsl:stylesheet version="1.0"
+                xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+                xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+                xmlns:exsl="http://exslt.org/common"
+                extension-element-prefixes="exsl"
+                xmlns:xi="http://www.w3.org/2001/XInclude"
+                xmlns:eidas="http://eidas.europa.eu/saml-extensions"
+                xmlns:shibmd="urn:mace:shibboleth:metadata:1.0">
+  <xsl:output method="text" indent="yes" encoding="UTF-8"/>
+  <xsl:template match="md:EntitiesDescriptor"><xsl:apply-templates select="//eidas:NodeCountry"/></xsl:template>
+  <xsl:template match="eidas:NodeCountry">
+    <xsl:value-of select="text()"/><xsl:text> </xsl:text>
+  </xsl:template>
+  <xsl:template match="*"></xsl:template>
+</xsl:stylesheet>
+EOF
+
+missing() {
+   m=""
+   for x in $1; do
+      echo $2 | grep -q $x || m="$m $x"
+   done
+   echo $m
+}
+
+list=$(wget -qO- https://$1/role/idp.xml | xsltproc $tmpx -)
 if [ $? -ne 0 ]; then
    echo "CRITICAL - Service FAIL"
    echo $status
    exit $STATE_CRITICAL
 fi
 
-count_expected=$2
+list_expected=$2
+list_missing=$(missing "$list_expected" "$list")
+count=$(echo $list_missing | wc -w)
 count_diff_warn=$3
 count_diff_crit=$4
 
-d=$(abs $count - $count_expected)
-if [ $d -ge $count_diff_crit ]; then
-   echo "CRITICAL - country count is $count expected $count_expected"
+if [ $count -ge $count_diff_crit ]; then
+   echo "CRITICAL - $count countries missing: $list_missing"
    echo $status
    exit $STATE_CRITICAL
-elif [ $d -ge $count_diff_warn ]; then
-   echo "WARNING - country count is $count expected $count_expected"
+elif [ $count -ge $count_diff_warn ]; then
+   echo "WARNING - $count countries missing: $list_missing"
    echo $status
    exit $STATE_WARNING
 else
-   echo "OK - Service healthy ($count countries)"
+   echo "OK - Service healthy"
    echo $status
    exit $STATE_OK
 fi
diff --git a/global/overlay/usr/lib/nagios/plugins/check_eidas_metadata.age.sh b/global/overlay/usr/lib/nagios/plugins/check_eidas_metadata.age.sh
new file mode 100644
index 00000000..5a538e39
--- /dev/null
+++ b/global/overlay/usr/lib/nagios/plugins/check_eidas_metadata.age.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+. /usr/lib/nagios/plugins/utils.sh
+
+abs() {
+    [[ $[ $@ ] -lt 0 ]] && echo "$[ ($@) * -1 ]" || echo "$[ $@ ]"
+}
+
+diff_warn=$2
+diff_crit=$3
+
+tmpx=$(mktemp)
+
+function finish {
+   rm -f $tmpx
+}
+trap finish EXIT
+
+cat>$tmpx<<EOF
+<?xml version="1.0"?>
+<xsl:stylesheet version="1.0"
+                xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+                xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+                xmlns:exsl="http://exslt.org/common"
+                extension-element-prefixes="exsl"
+                xmlns:xi="http://www.w3.org/2001/XInclude"
+                xmlns:shibmd="urn:mace:shibboleth:metadata:1.0">
+  <xsl:output method="text" indent="yes" encoding="UTF-8"/>
+  <xsl:template match="md:EntitiesDescriptor">
+    <xsl:value-of select="@validUntil"/>
+  </xsl:template>
+</xsl:stylesheet>
+EOF
+
+dstr=$(wget -qO- $1 | xsltproc $tmpx -)
+if [ $? -ne 0 ]; then
+   echo "CRITICAL - Service $1 FAIL"
+   echo $status
+   exit $STATE_CRITICAL
+fi
+
+exp=$(date -d $dstr +%s)
+now=$(date +%s)
+
+d=$(expr $exp - $now)
+if [ $d -ge $diff_crit ]; then
+   echo "CRITICAL - metadata in $1 expires in $d seconds"
+   echo $status
+   exit $STATE_CRITICAL
+elif [ $d -ge $diff_warn ]; then
+   echo "WARNING - metadata in $1 expires in $d seconds"
+   echo $status
+   exit $STATE_WARNING
+else
+   echo "OK - metadata in $1 expires in $d seconds"
+   echo $status
+   exit $STATE_OK
+fi