diff --git a/defaults/main.yml b/defaults/main.yml
index e4f82e0..d35f570 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -73,6 +73,21 @@ hydra_saml_app_description: Authentification via SAML
 hydra_saml_app_icon_url: 
 hydra_saml_idp_entity_id: https://samltest.id/saml/idp
 hydra_saml_idp_metadata_url: https://samltest.id/saml/idp
+hydra_saml_allowed_redirects: []
+
+hydra_saml_subject_header: subject-id
+hydra_saml_headers_attributes_mapping:
+  - header: mail
+    attribute: email
+    required: true
+
+saml_attributes:
+  - id: uid
+    name: urn:oid:0.9.2342.19200300.100.1.1
+    nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
+  - id: mail
+    name: urn:oid:0.9.2342.19200300.100.1.3
+    nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri 
 
 # OIDC Test configuration
 
diff --git a/templates/cadoles-pod-shibboleth-sp-v3.conf.j2 b/templates/cadoles-pod-shibboleth-sp-v3.conf.j2
index 88d0533..72816b1 100644
--- a/templates/cadoles-pod-shibboleth-sp-v3.conf.j2
+++ b/templates/cadoles-pod-shibboleth-sp-v3.conf.j2
@@ -8,7 +8,8 @@ PODMAN_ARGS="\
     -e 'APACHE_BACKEND_URL=http://10.0.2.2:3003' \
     -e 'APACHE_FORCE_HTTPS={{ "true" if haproxy_public_base_url.startswith('https') else "false" }}' \
     -e 'SP_HANDLER_BASE_PATH={{ haproxy_hydra_saml_base_path }}' \
+    -e 'SP_SESSIONS_REDIRECT_LIMIT=host+allow' \
+    -e 'SP_SESSIONS_REDIRECT_ALLOW={{ hydra_saml_allowed_redirects | join(',') }}' \
     -v '/etc/shibboleth/attribute-map.inc.xml:/etc/shibboleth/attribute-map.inc.xml' \
-    -v '/etc/shibboleth/shibboleth2.xml.gotmpl:/etc/shibboleth/shibboleth2.xml.gotmpl' \
     -v '/etc/shibboleth/credentials:/etc/shibboleth/credentials' \
 "
\ No newline at end of file
diff --git a/templates/hydra-remote-user.yml.j2 b/templates/hydra-remote-user.yml.j2
index 6d320c5..ca8faf0 100644
--- a/templates/hydra-remote-user.yml.j2
+++ b/templates/hydra-remote-user.yml.j2
@@ -1,6 +1,3 @@
 remote_user:
-  subject_header: subject-id
-  headers_attributes_mapping:
-    - header: mail
-      attribute: email
-      required: true
\ No newline at end of file
+  subject_header: "{{ hydra_saml_subject_header }}"
+  headers_attributes_mapping: {{ hydra_saml_headers_attributes_mapping | to_json }}
\ No newline at end of file
diff --git a/templates/shibboleth-attribute-map.inc.xml.j2 b/templates/shibboleth-attribute-map.inc.xml.j2
index 261c341..a9027d9 100644
--- a/templates/shibboleth-attribute-map.inc.xml.j2
+++ b/templates/shibboleth-attribute-map.inc.xml.j2
@@ -1,2 +1,3 @@
-<Attribute name="urn:oid:0.9.2342.19200300.100.1.1" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" id="uid" />
-<Attribute name="urn:oid:0.9.2342.19200300.100.1.3" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" id="mail" />
\ No newline at end of file
+{% for item in saml_attributes %}
+<Attribute name="{{ item.name }}" nameFormat="{{ item.nameFormat }}" id="{{ item.id }}" />
+{% endfor %}
\ No newline at end of file