diff --git a/templates/etherpadlite.vhost.erb b/templates/etherpadlite.vhost.erb
index a2d3e01..03d2cca 100644
--- a/templates/etherpadlite.vhost.erb
+++ b/templates/etherpadlite.vhost.erb
@@ -38,20 +38,21 @@
   # MSIE 7 and newer should be able to use keepalive
   BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 
-  <% if @auth_openid != nil %>
+  <% auth_openid = scope["etherpad_lite::apache::auth_openid"] %>
+  <% if ! [nil, :undef].include?(auth_openid) %>
   <Location /p/>
       AuthType OpenID
-      AuthName "<%= @auth_openid['banner'] %>"
+      AuthName "<%= auth_openid['banner'] %>"
       AuthOpenIDSecureCookie On
       AuthOpenIDCookieLifespan 3600
       AuthOpenIDTrustRoot https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>
       AuthOpenIDServerName https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>
-      AuthOpenIDSingleIdP <%= @auth_openid['singleIdp'] %>
-      AuthOpenIDTrusted <%= @auth_openid['trusted'] %>
-      <% if @auth_openid['any_valid_user'] %>
+      AuthOpenIDSingleIdP <%= auth_openid['singleIdp'] %>
+      AuthOpenIDTrusted <%= auth_openid['trusted'] %>
+      <% if auth_openid['any_valid_user'] %>
       Require valid-user
-      <% elsif !@auth_openid['users'].empty? %>
-      <% @auth_openid['users'].each do |user| -%>
+      <% elsif !auth_openid['users'].empty? %>
+      <% auth_openid['users'].each do |user| -%>
       Require user <%= user %>
       <% end -%>
       <% end %>