diff --git a/pillar/role/ipsilon.sls b/pillar/role/ipsilon.sls
index 2af7e2e..c6618cf 100644
--- a/pillar/role/ipsilon.sls
+++ b/pillar/role/ipsilon.sls
@@ -1,3 +1,9 @@
+{% if salt['grains.get']('include_secrets', True) %}
+include:
+ - secrets.role.identification
+{% endif %}
+
+
profile:
identification:
database_user: identification
diff --git a/salt/profile/identification/files/sso.opensuse.org.conf b/salt/profile/identification/files/sso.opensuse.org.conf
index d395b5d..032919b 100644
--- a/salt/profile/identification/files/sso.opensuse.org.conf
+++ b/salt/profile/identification/files/sso.opensuse.org.conf
@@ -12,13 +12,11 @@
Alias /ui /usr/share/ipsilon/ui
- WSGIScriptAlias / /usr/libexec/ipsilon
+ Alias /themes /usr/share/ipsilon/themes
+ WSGIScriptAlias / /usr/lib/ipsilon
WSGIPassAuthorization On
WSGIDaemonProcess ipsilon home=/var/lib/ipsilon processes=2 threads=2 maximum-requests=1000
WSGIApplicationGroup %{GLOBAL}
- WSGISocketPrefix /httpdir/run/wsgi
- WSGIRestrictStdout Off
- WSGIRestrictSignal Off
@@ -37,7 +35,7 @@
ErrorDocument 500 /login/gssapi/failed
-
+
Require all granted
diff --git a/salt/profile/identification/ipsilon.sls b/salt/profile/identification/ipsilon.sls
index 6158cba..6f898bd 100644
--- a/salt/profile/identification/ipsilon.sls
+++ b/salt/profile/identification/ipsilon.sls
@@ -2,8 +2,10 @@ ipsilon_dependencies:
pkg.installed:
- pkgs:
- apache2
+ - apache2-mod_auth_gssapi
- ipsilon
- ipsilon-tools-ipa
+ - ipsilon-authgssapi
- ipsilon-saml2
- ipsilon-openid
- ipsilon-openidc