diff --git a/roles/ipsilon/templates/configuration.conf b/roles/ipsilon/templates/configuration.conf
index 5f69b34718..5db6822276 100644
--- a/roles/ipsilon/templates/configuration.conf
+++ b/roles/ipsilon/templates/configuration.conf
@@ -74,16 +74,19 @@ openid default attribute mapping=[["*", "*"], ["_groups", "groups"], [["_extras"
 openid default attribute mapping=[["*", "*"], ["timezone", "zoneinfo"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "preferred_username"]]
 {% endif %}
 
-saml2 idp metadata file=metadata.xml
 {% if env == 'staging' %}
+saml2 idp metadata file=metadata.xml
 saml2 idp storage path=/etc/ipsilon/root/saml2
 saml2 idp nameid salt={{ ipsilon_stg_saml2_nameid_salt }}
-{% else %}
-saml2 idp storage path=/etc/ipsilon/saml2
-saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }}
-{% endif %}
 saml2 idp certificate file=idp.crt
 saml2 idp key file=idp.key
+{% else %}
+saml2 idp metadata file=/httpdir/metadata.xml
+saml2 idp storage path=/etc/ipsilon
+saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }}
+saml2 idp certificate file=saml2_idp.crt
+saml2 idp key file=saml2_idp.key
+{% endif %}
 saml2 allow self registration=False
 saml2 default nameid=transient
 saml2 default email domain=fedoraproject.org