diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
index 4661d6372..bcdcb8c4e 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
@@ -6,7 +6,7 @@ use Lemonldap::NG::Common::Conf::SAML::Metadata;
 use Lemonldap::NG::Common::Session;
 use Lemonldap::NG::Common::UserAgent;
 use Lemonldap::NG::Common::FormEncode;
-use XML::Simple;
+use XML::LibXML;
 use HTML::Entities qw(decode_entities);
 use MIME::Base64;
 use HTTP::Request;         # SOAP call
@@ -32,6 +32,14 @@ has idpRules    => ( is => 'rw', default => sub { {} } );
 has spRules     => ( is => 'rw', default => sub { {} } );
 has spMacros    => ( is => 'rw', default => sub { {} } );
 
+# XML parser
+has parser => (
+    is      => 'rw',
+    builder => sub {
+        return XML::LibXML->new( load_ext_dtd => 0, expand_entities => 0 );
+    }
+);
+
 # return LWP::UserAgent object
 has ua => (
     is      => 'rw',
@@ -731,9 +739,12 @@ sub getOrganizationName {
     return unless $node;
 
     # Extract organization name
-    my $xs   = XML::Simple->new();
-    my $data = $xs->XMLin($node);
-    return $data->{OrganizationName}->{content};
+    #
+    my $data = $self->parser->parse_string($node)->documentElement;
+    return unless $data;
+    return $data->getElementsByTagNameNS(
+        "urn:oasis:names:tc:SAML:2.0:metadata",
+        'OrganizationName' )->string_value;
 }
 
 ## @method string getNextProviderId(Lasso::Logout logout)
@@ -1319,16 +1330,13 @@ sub getAttributeValue {
         my @attr_values = $_->AttributeValue();
 
         foreach (@attr_values) {
-            my $xs      = XML::Simple->new();
-            my $data    = $xs->XMLin( $_->dump() );
-            my $content = $data->{content};
-            $value .= $content . $self->conf->{multiValuesSeparator}
-              if $content;
+            $value .= $_->any->content . $self->conf->{multiValuesSeparator}
+              if $_->any->content;
         }
         $value =~ s/$self->{conf}->{multiValuesSeparator}$// if $value;
 
-        # Encode UTF-8 if force_utf8 flag
-        $value = encode( "utf8", $value ) if $force_utf8;
+        # Decode UTF-8 unless force_utf8 flag
+        $value = decode( "utf8", $value ) unless $force_utf8;
 
     }