diff --git a/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml b/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml
index cf6b0b4119..98bcf42ddb 100644
--- a/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml
+++ b/playbooks/hosts/osbs-dev.fedorainfracloud.org.yml
@@ -43,7 +43,32 @@
     - osbs-atomic-reactor
     - osbs-common
     - osbs-install-openshift
-    - osbs-master
+    - {
+        role: osbs-master,
+          osbs_master_export_port: true,
+          osbs_manage_firewalld: true,
+          osbs_proxy_cert_file: '/etc/origin/proxy_selfsigned.crt',
+          osbs_proxy_key_file: '/etc/origin/proxy_selfsigned.key',
+          osbs_proxy_certkey_file: '/etc/origin/proxy_certkey.crt',
+          osbs_proxy_ca_file: '/etc/origin/proxy_selfsigned.crt',
+          osbs_readonly_users: [],
+          osbs_readonly_groups: [],
+          osbs_readwrite_users: [ "{{ osbs_koji_stg_username }}" ],
+          osbs_readwrite_groups: [],
+          osbs_admin_users: [],
+          osbs_admin_groups: [],
+          osbs_master_max_pods: 3,
+          osbs_update_packages: false,
+          osbs_image_gc_high_threshold: 90,
+          osbs_image_gc_low_threshold: 80,
+          osbs_identity_provider: "htpasswd_provider",
+          osbs_identity_htpasswd: {
+            name: htpasswd_provider,
+            challenge: true,
+            login: true,
+            provider_file: "/etc/openshift/htpasswd"
+          }
+      }
     - {
       role: osbs-client,
         general: {
@@ -52,6 +77,8 @@
           openshift_required_version: 1.1.0,
         },
         default: {
+          username: "{{ osbs_koji_stg_username }}",
+          password: "{{ osbs_koji_stg_password }}",
           openshift_url: 'https://osbs-dev.fedorainfracloud.org:8443/',
           registry_uri: 'https://osbs-dev.fedorainfracloud.org:5000/v2',
           source_registry_uri: 'https://osbs-dev.fedorainfracloud.org:5000/v2',
@@ -106,6 +133,11 @@
         dest: /etc/hosts
         line: "{{ ansible_default_ipv4.address }} osbs osbs-dev.fedorainfracloud.org"
 
+    - name: place htpasswd file
+      file:
+        src: "{{private}}/files/httpd/osbs.htpasswd"
+        dest: /etc/origin/htpasswd
+
     - name: install docker
       action: "{{ ansible_pkg_mgr }} name=docker state=installed"
 
diff --git a/roles/osbs-client/defaults/main.yml b/roles/osbs-client/defaults/main.yml
index 2106a5add6..17a6f4bcc5 100644
--- a/roles/osbs-client/defaults/main.yml
+++ b/roles/osbs-client/defaults/main.yml
@@ -14,6 +14,8 @@ general:
 
 # Settings for the [default] section of the osbs.conf file
 default:
+  username: ""
+  password: ""
   openshift_url: https://osbs.localdomain:8443/
   koji_root: http://koji.fedoraproject.org/koji
   koji_hub: http://koji.fedoraproject.org/kojihub
diff --git a/roles/osbs-client/templates/osbs.conf.j2 b/roles/osbs-client/templates/osbs.conf.j2
index f94d3deada..5ec2285875 100644
--- a/roles/osbs-client/templates/osbs.conf.j2
+++ b/roles/osbs-client/templates/osbs.conf.j2
@@ -4,6 +4,12 @@ build_json_dir = {{ general.build_json_dir }}
 openshift_required_version = {{ general.openshift_required_version }}
 
 [default]
+{% if default.username %}
+username = {{ default.username }}
+{% endif %}
+{% if default.password %}
+password = {{ default.password }}
+{% endif %}
 openshift_url = {{ default.openshift_url }}
 koji_root = {{ default.koji_root }}
 koji_hub = {{ default.koji_hub }}
diff --git a/roles/osbs-master/defaults/main.yml b/roles/osbs-master/defaults/main.yml
index 19a88009d1..974141ed77 100644
--- a/roles/osbs-master/defaults/main.yml
+++ b/roles/osbs-master/defaults/main.yml
@@ -72,3 +72,23 @@ osbs_update_packages: false
 
 osbs_image_gc_high_threshold: 90
 osbs_image_gc_low_threshold: 80
+
+
+# Specify different identity providers and options needed for the master-config
+# template
+#
+# Currently supported options are:
+#   request_header
+#   htpasswd_provider
+osbs_identity_provider: "request_header"
+
+osbs_identity_request:
+  name: request_header
+  challenge: true
+  login: true
+
+osbs_identity_htpasswd:
+  name: htpasswd_provider
+  challenge: true
+  login: true
+  provider_file: /etc/openshift/htpasswd
diff --git a/roles/osbs-master/templates/master-config.yaml.j2 b/roles/osbs-master/templates/master-config.yaml.j2
index 98562c9bf9..3709770952 100644
--- a/roles/osbs-master/templates/master-config.yaml.j2
+++ b/roles/osbs-master/templates/master-config.yaml.j2
@@ -107,15 +107,26 @@ oauthConfig:
   grantConfig:
     method: auto
   identityProviders:
-  - name: request_header
-    challenge: false
-    login: false
+{% if osbs_identity_provider == "request_header" %}
+  - name: {{ osbs_identity_request.name }}
+    challenge: {{ osbs_identity_request.challenge }}
+    login: {{ osbs_identity_request.login }}
     provider:
       apiVersion: v1
       kind: RequestHeaderIdentityProvider
       clientCA: {{ osbs_proxy_ca_file | default('/etc/origin/master/ca.crt') }}
       headers:
       - X-Remote-User
+{% endif %}
+{% if osbs_identity_provider == "htpasswd_provider" %}
+  - name: {{ osbs_identity_htpasswd.name }}
+    challenge: {{ osbs_identity_htpasswd.challenge }}
+    login: {{ osbs_identity_htpasswd.login }}
+    provider:
+      apiVersion: v1
+      kind: HTPasswdPasswordIdentityProvider
+      file: {{ osbs_identity_htpasswd.provider_file }}
+{% endif %}
   masterCA: ca.crt
   masterPublicURL: https://{{ ansible_default_ipv4.address }}:8443
   masterURL: https://{{ ansible_default_ipv4.address }}:8443