diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index d8f242a60fa9a291f6c2f0cf5817eddab0b32a75..1e3f019eb1e52ab9f6afa06096f4e7fc9b8a802c 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -106,7 +106,7 @@ odfeplugin_version: "1.4.0.0"
 
 openid_realm: "SOCTOOLS1"
 openid_scope: profile
-openid_subjkey: preferred_username
+openid_subjkey: email
 
 keycloak_img: "{{repo}}/keycloak:{{version}}{{suffix}}"
 keycloak_adminpass: "Pass005"
@@ -121,4 +121,5 @@ misp_dbuser: "misp"
 misp_dbpass: "Pass007"
 # misp_salt generated with: openssl rand -base64 32
 misp_salt:   "wa2fJA2mGIn32IDl+uKrCJ069Mg3khDdGzFNv8DOwM0="
-
+misp_odic_crypto_pass: 1234567890 #TODO: Generate dynamically
+misp_crypto_pass: 1234567890 #TODO: Generate dynamically
\ No newline at end of file
diff --git a/roles/build/templates/misp/Dockerfile.j2 b/roles/build/templates/misp/Dockerfile.j2
index 3b2ce45c11a85cdc8e31f421468db70a099d4cac..4b7b6c90511036c08cbe6165f891b5cdd6041a48 100644
--- a/roles/build/templates/misp/Dockerfile.j2
+++ b/roles/build/templates/misp/Dockerfile.j2
@@ -81,6 +81,8 @@ COPY misp_rh-php72-php-fpm /etc/logrotate.d/rh-php72-php-fpm
 # 80/443 - MISP web server, 3306 - mysql, 6379 - redis, 6666 - MISP modules, 50000 - MISP ZeroMQ
 EXPOSE 80 443 6443 6379 6666 50000
 
-COPY mispsupervisord.conf /etc/supervisord.conf
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+ENV PATH "$PATH:/opt/rh/rh-php72/root/bin/"
 
+COPY mispsupervisord.conf /etc/supervisord.conf
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+ENTRYPOINT ["/bin/bash"]
diff --git a/roles/docker/tasks/misp.yml b/roles/docker/tasks/misp.yml
index 18520a14abe069a2b76040f3fab60932818fd60a..22042b5c238b5f342c1e2a93f1053f9d9cbf8ff0 100644
--- a/roles/docker/tasks/misp.yml
+++ b/roles/docker/tasks/misp.yml
@@ -7,6 +7,8 @@
     image: "{{ misp_img }}"
     networks:
       - name: "{{ soctools_netname}}"
+    entrypoint: "/bin/bash"
+    interactive: "yes"
     networks_cli_compatible: yes
     published_ports:
       - "6443:6443"
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index e3955df4e10053ec0568e2050d09adafd4b3951e..296d051e9a316d7049613c6b4b6c9b084d47ebf1 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -82,6 +82,8 @@
       local:  "roles/nifi/files/nifisecret"
     - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/kibanasecret"
       local:  "roles/odfekibana/files/kibanasecret"
+    - remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/mispsecret"
+      local:  "roles/misp/files/mispsecret"
   tags:
     - start
 
diff --git a/roles/keycloak/templates/initkeycloakrealm.sh.j2 b/roles/keycloak/templates/initkeycloakrealm.sh.j2
index 891b1a87a2afb0e5f6575906316c1656c1d2b63c..481942ebb8a47efbb0397a0f0976daf5ca762c2b 100644
--- a/roles/keycloak/templates/initkeycloakrealm.sh.j2
+++ b/roles/keycloak/templates/initkeycloakrealm.sh.j2
@@ -28,7 +28,7 @@ kcadm.sh get realms/{{openid_realm}}/clients/${NIFICLIENT}/client-secret --field
 KIBANACLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-kibana","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{dslproxy}}:5601","adminUrl": "","redirectUris": ["https://{{dslproxy}}:5601", "https://{{dslproxy}}:5601/auth/openid/login", "https://{{dslproxy}}:5601/app/kibana" ],"webOrigins": [], "publicClient": false }')
 kcadm.sh get realms/{{openid_realm}}/clients/${KIBANACLIENT}/client-secret --fields value > /opt/jboss/keycloak/kibanasecret
 
-MISPCLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-misp","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{dslproxy}}:6443","adminUrl": "","redirectUris": ["https://{{dslproxy}}:6443/oauth2callback"],"webOrigins": [], "publicClient": false }')
+MISPCLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"dsoclab-misp","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{dslproxy}}:6443","adminUrl": "","redirectUris": ["https://{{dslproxy}}:6443/users/login/keycloak"],"webOrigins": [], "publicClient": false }')
 kcadm.sh get realms/{{openid_realm}}/clients/${MISPCLIENT}/client-secret --fields value > /opt/jboss/keycloak/mispsecret
 
 kcadm.sh config truststore --delete
diff --git a/roles/misp/tasks/config.yml b/roles/misp/tasks/config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4970b8b84817628e2100cc4f8d1e6010ce61fc91
--- /dev/null
+++ b/roles/misp/tasks/config.yml
@@ -0,0 +1,21 @@
+---
+
+- name: Get API key
+  shell: '/var/www/MISP/app/Console/cake Admin getAuthkey "admin@admin.test" | /usr/bin/tail -n1'
+  register: command_output
+
+- name: Set API key fact
+  set_fact:
+   misp_api_key: "{{ command_output.stdout }}"
+
+- name: Change email of default admin
+  uri:
+   url: "https://{{dslproxy}}:6443/admin/users/edit/1"
+   method: POST
+   body_format: json
+   headers:
+    Authorization: "{{misp_api_key}}"
+    Accept: "application/json"
+    Content-type: "application/json"
+   body: '{"email": "{{soctools_users[0].email}}","external_auth_required":"true","change_pw":"false"}'    
+  ignore_errors: yes #Temporary while debugging
\ No newline at end of file
diff --git a/roles/misp/tasks/main.yml b/roles/misp/tasks/main.yml
index 773273d4f63e05489213c2328df51fbee960b85b..8dbeed353893e2f8a6c824cec161eda1e7eb8c63 100644
--- a/roles/misp/tasks/main.yml
+++ b/roles/misp/tasks/main.yml
@@ -1,59 +1,11 @@
 ---
 
-- name: Copy certificates in apache cert dir
-  copy:
-    src:  "{{ item.local }}"
-    dest: "{{ item.remote }}"
-    mode: "{{ item.mode}}"
-  with_items:
-    - local: "files/{{ inventory_hostname }}.crt"
-      remote: /etc/ssl/certs/misp.crt
-      mode: '0644'
-    - local: "files/{{ inventory_hostname }}.key"
-      remote: /etc/ssl/certs/misp.key
-      mode: '0600'
-    - local: "files/{{ ca_cn }}.crt"
-      remote: /etc/ssl/certs/ca.crt
-      mode: '0644'
+- include: start.yml
   tags:
-    - start
-
-- name: Configure Apache web server for misp
-  template:
-    src: misp.conf.j2
-    dest: /etc/httpd/conf.d/misp.conf
-  tags:
-    - start
-
-- name: Configure MISP database access
-  template:
-    src: database.php.j2
-    dest: /var/www/MISP/app/Config/database.php
-  tags:
-    - start
-
-- name: Configure MISP app
-  template:
-    src: config.php.j2
-    dest: /var/www/MISP/app/Config/config.php
-  tags:
-    - start
-
-- name: Configure MISP database initialization script
-  template:
-    src: checkdb.sh.j2
-    dest: /var/www/MISP/checkdb.sh
-    mode: '0700'
-  tags:
-    - start
-
-- name: Check if database is initialized
-  command: /var/www/MISP/checkdb.sh
+   - start
+- include: config.yml
   tags:
-    - start
-
-- name: Start MISP Services
-  command: "supervisorctl start all"
-  tags:
-    - start
-
+   - start
+   - config
+- include: stop.yml
+  tags: stop
\ No newline at end of file
diff --git a/roles/misp/tasks/start.yml b/roles/misp/tasks/start.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a2562d07bd24db29545cd124fa85b875f7e86245
--- /dev/null
+++ b/roles/misp/tasks/start.yml
@@ -0,0 +1,68 @@
+---
+
+#- name: Set php path
+#  copy:
+#    src: php_path.sh
+#    dest: /etc/profile.d/php_path.sh
+
+- name: Set PHP symbolic link
+  file:
+   src: /opt/rh/rh-php72/root/bin/php  
+   dest: /usr/bin/php
+   state: link
+
+- name: Copy certificates
+  copy:
+    src:  "{{ item.local }}"
+    dest: "{{ item.remote }}"
+    mode: "{{ item.mode}}"
+  with_items:
+    - local: "files/{{ inventory_hostname }}.crt"
+      remote: /etc/ssl/certs/misp.crt
+      mode: '0644'
+    - local: "files/{{ inventory_hostname }}.key"
+      remote: /etc/ssl/certs/misp.key
+      mode: '0600'
+    - local: "files/{{ ca_cn }}.crt"
+      remote: /etc/ssl/certs/ca.crt
+      mode: '0644'
+    - local: "files/{{ ca_cn }}.crt"
+      remote: /etc/pki/ca-trust/source/anchors/ca.crt
+      mode: '0644'
+
+- name: Update CA trust
+  command: update-ca-trust
+
+- name: Get openid authkey
+  set_fact:
+    mispsecret: "{{lookup('file', 'files/mispsecret',convert_data=False) | from_json }}"
+
+- name: Configure Apache web server for misp
+  template:
+    src: misp.conf.j2
+    dest: /etc/httpd/conf.d/misp.conf
+
+- name: Configure MISP database access
+  template:
+    src: database.php.j2
+    dest: /var/www/MISP/app/Config/database.php
+
+- name: Configure MISP app
+  template:
+    src: config.php.j2
+    dest: /var/www/MISP/app/Config/config.php
+
+- name: Configure MISP database initialization script
+  template:
+    src: checkdb.sh.j2
+    dest: /var/www/MISP/checkdb.sh
+    mode: '0700'
+
+- name: Check if database is initialized
+  command: /var/www/MISP/checkdb.sh
+
+- name: Start supervisord
+  shell: "/usr/bin/supervisord -c /etc/supervisord.conf &"
+
+- name: Start MISP Services
+  command: "supervisorctl start all"
diff --git a/roles/misp/tasks/stop.yml b/roles/misp/tasks/stop.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ed97d539c095cf1413af30cc23dea272095b97dd
--- /dev/null
+++ b/roles/misp/tasks/stop.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/misp/templates/checkdb.sh.j2 b/roles/misp/templates/checkdb.sh.j2
index 5aba69f866bb0343a8abbbadd3e6606213574123..5bea05ab971b254e7db23bd66c3cd4c8c8852676 100644
--- a/roles/misp/templates/checkdb.sh.j2
+++ b/roles/misp/templates/checkdb.sh.j2
@@ -1,5 +1,5 @@
 #!/bin/bash -x
-MISPINIT=$(echo "SELECT COUNT(DISTINCT 'table_name') FROM information_schema.columns WHERE table_schema = '{{misp_dbname}}';" | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}})
+MISPINIT=$(echo "SELECT COUNT(DISTINCT 'table_name') FROM information_schema.columns WHERE table_schema = '{{misp_dbname}}';" | mysql -s -h {{mysql_name}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}})
 if [ ${MISPINIT} == "0" ]; then
-  cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -s -h {{groups['mysql'][0]}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}}
+  cat /var/www/MISP/INSTALL/MYSQL.sql | mysql -s -h {{mysql_name}} -u {{misp_dbuser}} -p{{misp_dbpass}} {{misp_dbname}}
 fi
diff --git a/roles/misp/templates/database.php.j2 b/roles/misp/templates/database.php.j2
index 0cf1934f76488c257a3f68c2a4cf97ae58a8dead..549c3cc124ddfff3f3e659ff2b8713f51f08a451 100755
--- a/roles/misp/templates/database.php.j2
+++ b/roles/misp/templates/database.php.j2
@@ -63,7 +63,7 @@ class DATABASE_CONFIG {
 		'datasource' => 'Database/Mysql',
 		//'datasource' => 'Database/Postgres',
 		'persistent' => false,
-		'host' => '{{groups['mysql'][0]}}',
+		'host' => '{{mysql_name}}',
 		'login' => '{{misp_dbuser}}',
 		'port' => 3306, // MySQL & MariaDB
 		//'port' => 5432, // PostgreSQL
diff --git a/roles/misp/templates/misp.conf.j2 b/roles/misp/templates/misp.conf.j2
index 3a9cb85aa753ba49e5cdeec63daf64a76f46e340..091de03cccaeb32262d78736ce553bf1a4721bcd 100644
--- a/roles/misp/templates/misp.conf.j2
+++ b/roles/misp/templates/misp.conf.j2
@@ -10,15 +10,23 @@ AllowOverride all
 
 DirectoryIndex index.php
 
-# ProxyPassMatch ^/info$ fcgi://127.0.0.1:9000/var/www/MISP/app/webroot/info.php
 ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/MISP/app/webroot/$1
 
-#<FilesMatch "\.php$">
-#     SetHandler "proxy:fcgi://127.0.0.1:9000"
-#     ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
-#     AddHandler php72-fcgi .php
-#     Action php72-fcgi /cgi-bin/php72.fcgi
-#</FilesMatch>
+OIDCCryptoPassphrase {{misp_crypto_pass}}
+OIDCProviderMetadataURL https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
+OIDCRedirectURI https://{{dslproxy}}:6443/users/login/keycloak
+OIDCClientID dsoclab-misp
+OIDCScope "openid profile"
+OIDCClientSecret {{mispsecret.value}}
+OIDCRemoteUserClaim email
+OIDCProviderTokenEndpointAuth client_secret_basic
+
+<Location /users/login>
+  AuthType openid-connect
+  Require valid-user
+  RequestHeader set X-Remote-User %{OIDC_CLAIM_email}e
+</Location>
+
 
 SSLEngine On
 SSLCertificateFile /etc/ssl/certs/misp.crt
diff --git a/roles/mysql/tasks/misp.yml b/roles/mysql/tasks/misp.yml
index 93362972423ec7f1a71e25af6ac946f90472093b..b3262fcc10144feeb4dbd8b6c0934ee4c735054c 100644
--- a/roles/mysql/tasks/misp.yml
+++ b/roles/mysql/tasks/misp.yml
@@ -10,8 +10,8 @@
 - name: Create misp user
   mysql_user:
     name: "{{misp_dbuser}}"
-#    host: "{{item}}.{{soctools_netname}}"
-    host: "gateway"
+    #host: "{{item}}.{{soctools_netname}}"
+    host: "%"
     password: "{{misp_dbpass}}"
     priv: "{{misp_dbname}}.*:ALL"
   with_items: "{{groups['mispcontainers']}}"
diff --git a/soctools.yml b/soctools.yml
index c25b56f32c95d5973e64ce70d6a1d7b4c3eae539..d5e037443b84ef3f188e038af1490a1ec8d36abe 100644
--- a/soctools.yml
+++ b/soctools.yml
@@ -2,7 +2,7 @@
 
 - name: Start soctools cluster
   import_playbook: startsoctools.yml
-  when: "'start' in ansible_run_tags"
+  when: "'start' in ansible_run_tags or 'config' in ansible_run_tags"
 
 - name: Stop soctools cluster
   import_playbook: stopsoctools.yml