diff --git a/roles/karaage3.1.17/tasks/karaage.yml b/roles/karaage3.1.17/tasks/karaage.yml
index d1003bb09af57256aa5b4ea98a69845789f59c02..c9536a3e45ea2d0f5a60c266dbc5e110ffc1feaf 100644
--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -96,7 +96,20 @@
 -
  name: "enabling Karaage configuration"
  shell: cp -rvpf /root/karaage3.1.7/conf/karaage3-wsgi.conf /etc/httpd/conf.d/karaage3-wsgi.conf
+ sudo: true
  when: ansible_os_family == "RedHat"
+-
+ name: "Enable shibboleth, should it be in shibboleth-sp role?"
+ lineinfile: insertafter="{{ item.after }}" line="{{ item.line }}" dest=/etc/{% if ansible_os_family == 'RedHat'  %}httpd{% else %}apache2{% endif %}/conf-available/karaage3-wsgi.conf state=present
+ with_items:
+   - { after: 'EOF', line: '<Location /karaage>' } 
+   - { after: '^<Location /karaage>', line: 'AuthType Shibboleth' }
+   - { after: '^AuthType Shibboleth', line: 'ShibRequireSession On' }
+   - { after: '^ShibRequireSession On', line: 'ShibUseHeaders On' }
+   - { after: '^ShibUseHeaders On', line: 'require valid-user' }
+   - { after: '^require valid-user', line: '</Location>' }
+ sudo: true
+
 -
  name: "Installing other packages Debian"
  apt: name={{ item }} update_cache=yes
diff --git a/roles/karaage3.1.17/templates/default-ssl.j2 b/roles/karaage3.1.17/templates/default-ssl.j2
index b4bd3250eccd472f98a1c6a719c5a07e7724f7f2..6462e0a413c8c1e102d02f36eb680324c1938b5e 100644
--- a/roles/karaage3.1.17/templates/default-ssl.j2
+++ b/roles/karaage3.1.17/templates/default-ssl.j2
@@ -59,12 +59,12 @@
 	#   Note: Inside SSLCACertificatePath you need hash symlinks
 	#         to point to the certificate files. Use the provided
 	#         Makefile to update the hash symlinks after changes.
-    {% if ldapCaCertFile is defined and ldapCaCertSrc is defined %}
-	SSLCACertificatePath {{ ldapCaCertSrc }} 
-    SSLCACertificateFile {{ ldapCaCertSrc }}/{{ ldapCaCertFile }}
+    {% if ldapCaCertFile is defined and ldapCaCertDir is defined %}
+    SSLCACertificatePath {{ ldapCaCertDir }} 
+    SSLCACertificateFile {{ ldapCaCertDir }}/{{ ldapCaCertFile }}
     {% else %}
-	SSLCACertificatePath /etc/ssl/certs/
-	SSLCACertificateFile {{ x509_cacert_file }}
+    SSLCACertificatePath /etc/ssl/certs/
+    SSLCACertificateFile {{ x509_cacert_file }}
     {% endif %}
 
 	#   Certificate Revocation Lists (CRL):