diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2031b49828f3952031a0fc828204f99ea97e1934..6ef2e522df85df6a6f2868a2c3feb00f81258f52 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - disable k8s-internal secure TLS communication: getting rid of the necessity
   to (re-)create valid/self-signed certs
   Note: using HTTP over port 443 for internal communication (Shibboleth mishap)
+- add IdP metadata from CLARIN server later in docker build build
 
 ### Removed
 ### Fixed
diff --git a/dockerfiles/Dockerfile.nginx b/dockerfiles/Dockerfile.nginx
index 6056974961c0815b6afbdf27dfc4975f40533ce1..d1f8d8e58455f2ce738d5c0bd9e9db0b37ace03f 100644
--- a/dockerfiles/Dockerfile.nginx
+++ b/dockerfiles/Dockerfile.nginx
@@ -76,8 +76,6 @@ RUN /tmp/shibboleth_sp_with_fastcgi.sh
 # copy the init script
 RUN cp /opt/shibboleth-sp-fastcgi/etc/shibboleth/shibd-debian /etc/init.d/shibd
 RUN chmod a+x /etc/init.d/shibd
-# add IdP metadata from CLARIN server
-ADD https://infra.clarin.eu/aai/prod_md_about_spf_idps.xml /opt/shibboleth-sp-fastcgi/var/cache/shibboleth/ 
 
 # create the test secure folder and set up perl fastcgi
 RUN mkdir /opt/nginx/html/secure
@@ -126,5 +124,7 @@ RUN yui-compressor -o aai.min.js aai.js
 # COPY commul-customization/certs/clarin.key /etc/ssl/private/
 # COPY commul-customization/certs/clarin_eurac_edu.crt /etc/ssl/certs/
 
+# add IdP metadata from CLARIN server
+ADD https://infra.clarin.eu/aai/prod_md_about_spf_idps.xml /opt/shibboleth-sp-fastcgi/var/cache/shibboleth/
 
 ENTRYPOINT ["/usr/local/bin/supervisord", "-c", "/etc/supervisord.conf"]