diff --git a/SAML_README.md b/SAML_README.md
index fc1b240..23270cc 100644
--- a/SAML_README.md
+++ b/SAML_README.md
@@ -7,7 +7,7 @@
 # Moodle
 
 1. Activate SAML2 plugin
-2. Regenerate SP certificate: https://moodle.<domain>/auth/saml2/regenerate.php
+2. Regenerate SP certificate: https://moodle.<domain>/auth/saml2/regenerate.php and lock it down
 3. Download SAML2 Service Provider xml: https://moodle.<domain>/auth/saml2/sp/metadata.php
 4. Import this SP in keycloak IDP: https://sso.<domain>/auth/admin/master/console/#/create/client/poc
 5. Add builtin email, givenname and surname field mappers (https://sso.<domain>/auth/admin/master/console/#/realms/poc/clients/b7781aac-5aa5-441a-8af5-aca7cc0a1daf/mappers)
@@ -117,8 +117,8 @@ TODO: Does not map email nor friendlyname (display name). Also not tested to add
       1. x509: public.key (generated before)
       2. Private key: private.key (generated before)
    3. Identity Provider Data
-      1. Identifier of the IdP: https://sso.<domain>/auth/realms/poc
-      2. URL target of the IdP: https://sso.<domain>/auth/realms/poc/protocol/saml
+      1. Identifier of the IdP: https://sso.<domain>/auth/realms/master
+      2. URL target of the IdP: https://sso.<domain>/auth/realms/master/protocol/saml
       3. URL Location of the IdP SLO request: https://sso.<domain>/auth/realms/poc/protocol/saml
       4. Public X.509 certificate: (The RSA Certificate from keycloak at step 1). 
    4. Attribute mapping
@@ -197,9 +197,9 @@ Client Id in keycloak has to be 'php-saml' if not set at wordpress saml plugin.
    1. Enable
 3. IDENTITY PROVIDER SETTINGS
    1. iDp ENTITY ID: Anything you want
-   1. SSO Service Url: https://sso.digitaldemocratic.net/auth/realms/poc/protocol/saml
-   2. SLO Service Url: https://sso.digitaldemocratic.net/auth/realms/poc/protocol/saml
-   3. X.509 Certificate: Copy the Certificate (not the Public key) from the keycloak realm (https://sso.digitaldemocratic.net/auth/admin/master/console/#/realms/poc/keys) without the begin/end lines in the cert.
+   1. SSO Service Url: https://sso.digitaldemocratic.net/auth/realms/master/protocol/saml
+   2. SLO Service Url: https://sso.digitaldemocratic.net/auth/realms/master/protocol/saml
+   3. X.509 Certificate: Copy the Certificate (not the Public key) from the keycloak realm (https://sso.digitaldemocratic.net/auth/admin/master/console/#/realms/master/keys) without the begin/end lines in the cert.
 4. OPTIONS
    1. Create user if not exists
    2. Update user data