diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml
index 8e16297678..20d9d77e5e 100644
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@@ -19,7 +19,9 @@
   - ipsilon-tools-ipa
   - mod_auth_openidc
   - mod_auth_gssapi
-  - python-psycopg2
+  - python3-psycopg2
+  # For the openid api extension
+  - python3-freeipa
   # For the playbook itself
   - git
   - krb5-workstation
@@ -318,6 +320,14 @@
   tags:
   - ipsilon
 
+- name: set sebooleans so ipsilon can talk to IPA for the openid extension
+  seboolean:
+    name: httpd_can_network_connect
+    state: true
+    persistent: true
+  tags:
+  - ipsilon
+
 - name: apply selinux type to the wsgi file
   file:
     dest: /usr/libexec/ipsilon