diff --git a/docker-containers/pad/docker-compose.yml b/docker-containers/pad/docker-compose.yml
index e1960b8..37a0231 100644
--- a/docker-containers/pad/docker-compose.yml
+++ b/docker-containers/pad/docker-compose.yml
@@ -14,14 +14,27 @@ services:
     restart: always
 
   app:
-    image: quay.io/hedgedoc/hedgedoc:1.9.7
+    image: quay.io/hedgedoc/hedgedoc:1.9.9
     environment:
       - CMD_DB_URL=postgres://hedgedoc:hedgedoc@database:5432/hedgedoc
       - CMD_DOMAIN=pad.cttue.de
       - CMD_PROTOCOL_USESSL=true
+      - CMD_URL_ADDPORT=false
       - CMD_ALLOW_PDF_EXPORT=true
       - CMD_ALLOW_FREEURL=true
       - CMD_SESSION_SECRET=9yonH247cLTXEqDv9JTGEygBCxk7fHXfYY2ckkhY7n0KPEuzRJ6yfmcUNBVcEJQI
+      - CMD_ALLOW_EMAIL_REGISTER=false # We have SSO ;) But still allow existing accounts.
+      # SSO stuff
+      - CMD_OAUTH2_USER_PROFILE_URL=https://auth.cttue.de/realms/cttue/protocol/openid-connect/userinfo
+      - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
+      - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
+      - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
+      - CMD_OAUTH2_TOKEN_URL=https://auth.cttue.de/realms/cttue/protocol/openid-connect/token
+      - CMD_OAUTH2_AUTHORIZATION_URL=https://auth.cttue.de/realms/cttue/protocol/openid-connect/auth
+      - CMD_OAUTH2_CLIENT_ID=hedgedoc
+      - CMD_OAUTH2_CLIENT_SECRET=qh6WUZW7eZ8JAzDzeS9A1VJKHQ9jUO1o
+      - CMD_OAUTH2_PROVIDERNAME=Keycloak
+      - CMD_OAUTH2_SCOPE=openid email profile
       # nginx-proxy stuff
       - VIRTUAL_HOST=pad.cttue.de
       - VIRTUAL_PORT=3000