diff --git a/roles/ipsilon/templates/configuration.conf b/roles/ipsilon/templates/configuration.conf
index 6c2ac2c66f..eb3cfc125d 100644
--- a/roles/ipsilon/templates/configuration.conf
+++ b/roles/ipsilon/templates/configuration.conf
@@ -26,6 +26,25 @@ persona issuer domain=id.fedoraproject.org
 persona idp key file=/etc/ipsilon/persona.key
 {% endif %}
 
+{% if env == 'staging' %}
+openidc endpoint url=https://id.stg.fedoraproject.org/openidc/
+openidc idp key file=/etc/ipsilon/openidc.stg.key
+openidc subject salt={{ ipsilon_stg_openidc_subject_salt }}
+{% else %}
+openidc endpoint url=https://id.fedoraproject.org/openidc/
+openidc idp key file=/etc/ipsilon/openidc.key
+openidc subject salt={{ ipsilon_openidc_subject_salt }}
+{% endif %}
+openid database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
+openidc static database url=configfile:///etc/ipsilon/openidc.static.cfg
+openidc enabled extensions=
+openidc documentation url=https://fedoraproject.org/wiki/Infrastructure/Authentication
+openidc policy url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
+openidc tos url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
+openidc idp sig key id=20161031-sig
+openidc allow dynamic client registration=False
+openidc default attribute mapping=[["*", "*"], ["timezone", "zoneinfo"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"]]
+
 {% if env == 'staging' %}
 openid endpoint url=https://id.stg.fedoraproject.org/openid/
 openid identity url template=http://%(username)s.id.stg.fedoraproject.org/