diff --git a/tasks/keystone_install.yml b/tasks/keystone_install.yml
index fb3aea4f..98de9608 100644
--- a/tasks/keystone_install.yml
+++ b/tasks/keystone_install.yml
@@ -104,6 +104,12 @@
     - Manage LB
     - Restart web server
 
+- name: Install/remove apache mod packages for federated authentication
+  package:
+    name: "{{ item.name }}"
+    state: "{{ item.state }}"
+  with_items: "{{ keystone_sp_apache_mod_packages }}"
+
 - name: Install the python venv
   import_role:
     name: "python_venv_build"
diff --git a/vars/debian.yml b/vars/debian.yml
index 63ac4aff..7da9488f 100644
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -55,10 +55,11 @@ keystone_idp_distro_packages:
   - ssl-cert
   - xmlsec1
 
-keystone_sp_distro_packages:
-  - "{{ keystone_sp_apache_mod_shib | ternary('libcurl3', 'libcurl4') }}"
-  - "{{ keystone_sp_apache_mod_auth_openidc | ternary('libapache2-mod-auth-openidc',
-                                                      'libapache2-mod-shib2') }}"
+keystone_sp_apache_mod_packages:
+  - name: libapache2-mod-shib
+    state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
+  - name: libapache2-mod-auth-openidc
+    state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
 
 keystone_developer_mode_distro_packages:
   - build-essential
@@ -86,7 +87,7 @@ keystone_apache_configs:
 keystone_apache_modules:
   - name: "ssl"
     state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
-  - name: "shib2"
+  - name: "shib"
     state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
   - name: "auth_openidc"
     state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
diff --git a/vars/distro_install.yml b/vars/distro_install.yml
index 784fd5a5..9170ee1b 100644
--- a/vars/distro_install.yml
+++ b/vars/distro_install.yml
@@ -25,9 +25,6 @@ keystone_package_list: |-
   {%   if keystone_idp != {} %}
   {%     set _ = packages.extend(keystone_idp_distro_packages) %}
   {%   endif %}
-  {%   if keystone_sp != {} %}
-  {%     set _ = packages.extend(keystone_sp_distro_packages) %}
-  {%   endif %}
   {% else %}
   {%   set _ = packages.extend(keystone_nginx_distro_packages) %}
   {% endif %}
diff --git a/vars/redhat.yml b/vars/redhat.yml
index 1e4b0b7c..bcda4b00 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -49,9 +49,11 @@ keystone_nginx_distro_packages:
 keystone_idp_distro_packages:
   - xmlsec1
 
-keystone_sp_distro_packages:
-  - "{{ keystone_sp_apache_mod_auth_openidc | ternary('mod_auth_openidc',
-                                                      'shibboleth') }}"
+keystone_sp_apache_mod_packages:
+  - name: shibboleth
+    state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
+  - name: mod-auth-openidc
+    state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
 
 keystone_developer_mode_distro_packages:
   - gcc
diff --git a/vars/source_install.yml b/vars/source_install.yml
index fe5d4450..2bab1adf 100644
--- a/vars/source_install.yml
+++ b/vars/source_install.yml
@@ -25,9 +25,6 @@ keystone_package_list: |-
   {%   if keystone_idp != {} %}
   {%     set _ = packages.extend(keystone_idp_distro_packages) %}
   {%   endif %}
-  {%   if keystone_sp != {} %}
-  {%     set _ = packages.extend(keystone_sp_distro_packages) %}
-  {%   endif %}
   {% else %}
   {%   set _ = packages.extend(keystone_nginx_distro_packages) %}
   {% endif %}
diff --git a/vars/ubuntu-20.04.yml b/vars/ubuntu-20.04.yml
deleted file mode 100644
index 2d9abb0f..00000000
--- a/vars/ubuntu-20.04.yml
+++ /dev/null
@@ -1,106 +0,0 @@
----
-# Copyright 2016, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-cache_timeout: 600
-
-keystone_distro_packages:
-  - git
-  - openssh-server
-  - rsync
-  - cron
-  - libpython3-dev
-
-keystone_devel_distro_packages:
-  - docutils-common
-  - libffi-dev
-  - libjs-sphinxdoc
-  - libjs-underscore
-  - libldap2-dev
-  - libsasl2-dev
-  - libsystemd-dev
-  - libssl-dev
-  - libxslt1.1
-  - libxslt1-dev
-  - libxml2-dev
-  - pkg-config
-  - python3-dev
-
-keystone_service_distro_packages:
-  - python3-keystone
-  - python3-systemd
-  - uwsgi
-  - uwsgi-plugin-python3
-
-keystone_apache_distro_packages:
-  - apache2
-  - apache2-utils
-  - libapache2-mod-proxy-uwsgi
-
-keystone_nginx_distro_packages:
-  - nginx-extras
-
-keystone_idp_distro_packages:
-  - ssl-cert
-  - xmlsec1
-
-keystone_sp_distro_packages:
-  - libapache2-mod-auth-openidc
-  - libapache2-mod-shib
-
-keystone_developer_mode_distro_packages:
-  - build-essential
-
-keystone_oslomsg_amqp1_distro_packages:
-  - libsasl2-modules
-  - sasl2-bin
-
-keystone_apache_default_sites:
-  - "/etc/apache2/sites-enabled/000-default.conf"
-
-keystone_apache_site_available: "/etc/apache2/sites-available/keystone-httpd.conf"
-keystone_apache_site_enabled: "/etc/apache2/sites-enabled/keystone-httpd.conf"
-keystone_apache_conf: "/etc/apache2/apache2.conf"
-keystone_apache_default_log_folder: "/var/log/apache2"
-keystone_apache_default_log_owner: "root"
-keystone_apache_default_log_grp: "adm"
-keystone_apache_security_conf: "/etc/apache2/conf-available/security.conf"
-
-keystone_apache_configs:
-  - { src: "keystone-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
-  - { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
-  - { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
-
-keystone_apache_modules:
-  - name: "ssl"
-    state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
-  - name: "shib"
-    state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
-  - name: "auth_openidc"
-    state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
-  - name: "proxy_uwsgi"
-    state: "present"
-  - name: "headers"
-    state: "present"
-# This can be enabled when Apache2.5+ is available
-#  - name: "mod_journald"
-#    state: "present
-
-keystone_nginx_conf_path: "sites-available"
-
-keystone_system_service_name: apache2
-
-keystone_uwsgi_bin: '/usr/bin'
-
-keystone_sshd: ssh