diff --git a/README.md b/README.md
index f1b2306..74bf86c 100644
--- a/README.md
+++ b/README.md
@@ -13,9 +13,11 @@ Make sure to renew the cert in ten years.
 Add the following snippet to /etc/apache2/sites-real/csc (and make sure mod_proxy_fcgi is enabled):
 ```
 <Location /keycloak/saml/ >
+  SetHandler "proxy:unix:/run/saml-passthrough/server.sock|fcgi://localhost"
+</Location>
+<Location /keycloak/saml/sso >
   AuthType Mellon
   MellonEnable auth
   Require valid-user
-  SetHandler "proxy:unix:/run/saml-passthrough/server.sock|fcgi://localhost"
 </Location>
 ```
diff --git a/systemd/saml-passthrough.service b/systemd/saml-passthrough.service
index d4ad7fd..b0771ca 100644
--- a/systemd/saml-passthrough.service
+++ b/systemd/saml-passthrough.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=SAML passthrough for Keycloak
 Documentation=https://git.csclub.uwaterloo.ca/merenber/saml-passthrough
-Requires=apache2.service
+Wants=apache2.service
 After=apache2.service
 
 [Service]
@@ -11,6 +11,8 @@ RuntimeDirectory=saml-passthrough
 DynamicUser=yes
 LoadCredential=idp.key:/srv/saml-passthrough/idp.key
 ExecStart=/srv/saml-passthrough/saml-passthrough -k "${CREDENTIALS_DIRECTORY}/idp.key"
+RestartSec=5
+Restart=on-failure
 
 [Install]
 WantedBy=multi-user.target