diff --git a/cmd/oc-k8s b/cmd/oc-k8s
index b71ceb5..f1f1e2c 100755
Binary files a/cmd/oc-k8s and b/cmd/oc-k8s differ
diff --git a/cmd/test-values.yaml b/cmd/test-values.yaml
index 1e6591f..93f4462 100644
--- a/cmd/test-values.yaml
+++ b/cmd/test-values.yaml
@@ -280,9 +280,9 @@ hydra:
     config:
       dsn: memory
       urls:
-      #  login: https://localhost-login/authentication/login
-      #  consent: https://localhost-consent/consent/consent
-      #  logout: https://localhost-logout/authentication/logout
+        login: https://localhost-login/authentication/login
+        consent: https://localhost-consent/consent/consent
+        logout: https://localhost-logout/authentication/logout
         self:
           issuer: "http://test-hydra-public.test:4444/"
 
diff --git a/utils/assets/templates/oc-auth/ingress.yaml b/utils/assets/templates/oc-auth/ingress.yaml
index fa60206..fed76dc 100644
--- a/utils/assets/templates/oc-auth/ingress.yaml
+++ b/utils/assets/templates/oc-auth/ingress.yaml
@@ -15,9 +15,9 @@ spec:
         name: oc-auth-svc
         port: 8080
       middlewares:
-      #{{- if index .Values.ocAuth.enableTraefikProxyIntegration }}
-      #- name: forward-auth
-      #{{- end }}
+      {{- if index .Values.ocAuth.enableTraefikProxyIntegration }}
+      - name: root-forward-auth
+      {{- end }}
       - name: strip-auth-prefix
 ---
 apiVersion:  traefik.io/v1alpha1
diff --git a/utils/assets/templates/oc-front/config.yaml b/utils/assets/templates/oc-front/config.yaml
index 3b0fd5b..46bb2de 100644
--- a/utils/assets/templates/oc-front/config.yaml
+++ b/utils/assets/templates/oc-front/config.yaml
@@ -14,5 +14,6 @@ data:
       "DATACENTER_HOST": "datacenter",
       "COLLABORATIVE_AREA_HOST": "shared",
       "HOST": "{{ .Values.scheme }}://{{ .Values.host }}:{{ .Values.hostPort }}",
+      "CLIENT": "{{ .Values.ocFront.oauth2.client }}"
     }
 {{- end }}
\ No newline at end of file
diff --git a/utils/assets/templates/oc-scheduler/ingress.yaml b/utils/assets/templates/oc-scheduler/ingress.yaml
index 03e8c4f..3fbc8c2 100644
--- a/utils/assets/templates/oc-scheduler/ingress.yaml
+++ b/utils/assets/templates/oc-scheduler/ingress.yaml
@@ -30,4 +30,5 @@ spec:
   replacePathRegex:
     regex: ^/scheduler(.*)
     replacement: /oc$1
+
 {{- end }}
\ No newline at end of file
diff --git a/utils/assets/templates/oc-shared/ingress.yaml b/utils/assets/templates/oc-shared/ingress.yaml
index 83c956e..2087c91 100644
--- a/utils/assets/templates/oc-shared/ingress.yaml
+++ b/utils/assets/templates/oc-shared/ingress.yaml
@@ -29,4 +29,5 @@ spec:
   replacePathRegex:
     regex: ^/shared(.*)
     replacement: /oc$1
+
 {{- end }}
\ No newline at end of file
diff --git a/utils/assets/templates/openCloudConf.yaml b/utils/assets/templates/openCloudConf.yaml
index 8c95a1b..fc849f1 100644
--- a/utils/assets/templates/openCloudConf.yaml
+++ b/utils/assets/templates/openCloudConf.yaml
@@ -16,6 +16,10 @@ data:
   OC_AUTH_CONNECTOR_PUBLIC_HOST: "{{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}"
   OC_AUTH_CONNECTOR_PORT: "4444"
   OC_AUTH_CONNECTOR_ADMIN_PORT: "4445/admin"
+  OC_CLIENT_ID: "{{ (index .Values.hydra.hydra.config.clients 0).client_id }}"
+  OC_CLIENT_ADMIN_ID: "{{ (index .Values.hydra.hydra.config.clients 1).client_id }}"
+  OC_OAUTH_REDIRECT_URI: "{{ .Values.scheme }}://{{ .Values.host }}:{{ .Values.hostPort }}"
+  OC_ADMIN_OAUTH_REDIRECT_URI: "{{ .Values.schemeAdmin }}://{{ .Values.hostAdmin }}:{{ .Values.hostPortAdmin }}"
   OC_PERMISSION_CONNECTOR_READ_HOST: "{{ .Release.Name }}-keto-read.{{ .Release.Namespace }}"
   OC_PERMISSION_CONNECTOR_WRITE_HOST: "{{ .Release.Name }}-keto-write.{{ .Release.Namespace }}"
   OC_PERMISSION_CONNECTOR_PORT: "80"
diff --git a/utils/assets/templates/traefik/traefik.yaml b/utils/assets/templates/traefik/traefik.yaml
index a17fc03..1d70c7d 100644
--- a/utils/assets/templates/traefik/traefik.yaml
+++ b/utils/assets/templates/traefik/traefik.yaml
@@ -5,6 +5,19 @@ metadata:
   name: forward-auth
 spec:
   forwardAuth:
-    address: "http://oc-auth-svc.{{ .Release.Namespace }}:8080/oc/forward"
+    address: "http://oc-auth-svc:8080/oc/forward"
     trustForwardHeader: true
-{{- end }}
+    authResponseHeaders: X-Auth-Request-User,X-Auth-Request-Email
+    
+---
+
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: root-forward-auth
+spec:
+  forwardAuth:
+    address: "http://{{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}:4444/oauth2/auth"
+    trustForwardHeader: true
+    authResponseHeaders: X-Auth-Request-User,X-Auth-Request-Email
+{{- end }}
\ No newline at end of file
diff --git a/utils/assets/values.yaml.template b/utils/assets/values.yaml.template
index e093a04..0ac65be 100644
--- a/utils/assets/values.yaml.template
+++ b/utils/assets/values.yaml.template
@@ -1,10 +1,13 @@
 env: ${RELEASE:-prod} # For storage class provisioning
 clusterName: ${CLUSTER_NAME:-opencloud}
 hostNetwork: true
+hostAdmin: ${HOST_ADMIN:-admin.beta.opencloud.com}
 host: ${HOST:-beta.opencloud.com}
 hostPort: ${PORT:-80}
+hostPortAdmin: ${PORT_ADMIN:-80}
 registryHost: ${REGISTRY_HOST:-opencloudregistry}
 scheme: ${SCHEME:-http}
+schemeAdmin: ${SCHEME_ADMIN:-http}
 
 secrets:
   keys:
@@ -279,13 +282,48 @@ hydra:
     existingSecret: hydra-secret
     config:
       dsn: memory
+      oauth2:
+        expose_internal_errors: true
+      clients:
+        - client_id: ${OC_CLIENT:-test-client}
+          client_secret: ${OC_CLIENT_SECRET:-oc-client-got-secret} 
+          client_name: ${OC_CLIENT:-test-client}
+          grant_types:
+            - implicit
+            - refresh_token
+            - authorization_code
+            - client_credentials
+          response_types:
+            - id_token
+            - token
+            - code
+          scope: openid profile email roles
+          redirect_uris:
+            - "${SCHEME:-http}://${HOST:-beta.opencloud.com}:${PORT:-80}
+          token_endpoint_auth_method: client_secret_post
+        - client_id: ${OC_ADMIN_CLIENT:-test-admin-client}
+          client_secret: ${OC_ADMIN_CLIENT_SECRET:-oc-admin-client-got-secret} 
+          client_name: ${OC_ADMIN_CLIENT:-test-admin-client}
+          grant_types:
+            - implicit
+            - refresh_token
+            - authorization_code
+            - client_credentials
+          response_types:
+            - id_token
+            - token
+            - code
+          scope: openid profile email roles
+          redirect_uris:
+            - "${SCHEME_ADMIN:-http}://${HOST_ADMIN:-admin.beta.opencloud.com}:${PORT_ADMIN:-80}
+          token_endpoint_auth_method: client_secret_post
       urls:
-      #  login: https://localhost-login/authentication/login
-      #  consent: https://localhost-consent/consent/consent
-      #  logout: https://localhost-logout/authentication/logout
+        login: "http://oc-auth-svc:8080/oc/login"
+        consent: "http://oc-auth-svc:8080/oc/consent"
+        logout: "http://oc-auth-svc:8080/oc/logout"
         self:
-          issuer: "http://${RELEASE:-prod}-hydra-public.${RELEASE:-prod}:4444/"
-
+          issuer: "http://${CLUSTER_NAME:-opencloud}-hydra-public 4444"
+          public: "http://${CLUSTER_NAME:-opencloud}-hydra-public:4444"
 keto:
   enabled: ${OC_KETO_ENABLED:-true}
   keto:
@@ -467,6 +505,8 @@ ocFront:
       cpu: ${OC_FRONT_REQUESTS_CPU:-128m}
       memory: ${OC_FRONT_REQUESTS_MEMORY:-256Mi}
   replicas: 1
+  oauth2:
+    client: ${OC_CLIENT:-test-client}
   hpa:
     enabled: ${OC_FRONT_REPLICAS_ENABLED:-true}
     minReplicas: 1