diff --git a/Kentor.AuthServices/Federation.cs b/Kentor.AuthServices/Federation.cs
index efefeca66..d710380ab 100644
--- a/Kentor.AuthServices/Federation.cs
+++ b/Kentor.AuthServices/Federation.cs
@@ -43,7 +43,7 @@ public Federation(FederationElement config, IOptions options)
         /// <param name="options">Options to pass on to created IdentityProvider
         /// instances and register identity providers in.</param>
         [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly", MessageId = "sp")]
-        public Federation(Uri metadataUrl, bool allowUnsolicitedAuthnResponse, Options options)
+        public Federation(Uri metadataUrl, bool allowUnsolicitedAuthnResponse, IOptions options)
         {
             Init(metadataUrl, allowUnsolicitedAuthnResponse, options);
         }
diff --git a/SampleOwinApplication/App_Start/Startup.Auth.cs b/SampleOwinApplication/App_Start/Startup.Auth.cs
index cd19528eb..d0f416587 100644
--- a/SampleOwinApplication/App_Start/Startup.Auth.cs
+++ b/SampleOwinApplication/App_Start/Startup.Auth.cs
@@ -7,6 +7,14 @@
 using Owin;
 using SampleOwinApplication.Models;
 using Kentor.AuthServices.Owin;
+using Kentor.AuthServices.Configuration;
+using System.IdentityModel.Metadata;
+using System.Globalization;
+using Kentor.AuthServices.Metadata;
+using Kentor.AuthServices;
+using Kentor.AuthServices.WebSso;
+using System.Security.Cryptography.X509Certificates;
+using System.Web.Hosting;
 
 namespace SampleOwinApplication
 {
@@ -35,10 +43,90 @@ public void ConfigureAuth(IAppBuilder app)
                         validateInterval: TimeSpan.FromMinutes(30),
                         regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
                 }
-            });            
+            });
             app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
 
-            app.UseKentorAuthServicesAuthentication(new KentorAuthServicesAuthenticationOptions(true));
+            app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
+        }
+
+        private static KentorAuthServicesAuthenticationOptions CreateAuthServicesOptions()
+        {
+            var spOptions = CreateSPOptions();
+            var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
+            {
+                SPOptions = spOptions
+            };
+
+            authServicesOptions.IdentityProviders.Add(
+                new IdentityProvider(
+                    new EntityId("http://stubidp.kentor.se/Metadata"), spOptions)
+                {
+                    AllowUnsolicitedAuthnResponse = true,
+                    Binding = Saml2BindingType.HttpRedirect,
+                    SingleSignOnServiceUrl = new Uri("http://stubidp.kentor.se"),
+                    SigningKey = new X509Certificate2(
+                        HostingEnvironment.MapPath("~/App_Data/Kentor.AuthServices.StubIdp.pfx"))
+                        .PublicKey.Key
+                });
+
+            // It's enough to just create the federation and associate it
+            // with the options. The federation will load the metadata and
+            // update the options with any identity providers found.
+            new Federation(new Uri("http://localhost:52071/Federation"), true, authServicesOptions);
+
+            return authServicesOptions;
+        }
+
+        private static SPOptions CreateSPOptions()
+        {
+            var swedish = CultureInfo.GetCultureInfo("sv-se");
+
+            var organization = new Organization();
+            organization.Names.Add(new LocalizedName("Kentor", swedish));
+            organization.DisplayNames.Add(new LocalizedName("Kentor IT AB", swedish));
+            organization.Urls.Add(new LocalizedUri(new Uri("http://www.kentor.se"), swedish));
+
+            var spOptions = new SPOptions
+            {
+                EntityId = new EntityId("http://localhost:57294/AuthServices"),
+                ReturnUrl = new Uri("http://localhost:57294/Account/ExternalLoginCallback"),
+                DiscoveryServiceUrl = new Uri("http://localhost:52071/DiscoveryService"),
+                Organization = organization
+            };
+
+            var techContact = new ContactPerson
+            {
+                Type = ContactType.Technical
+            };
+            techContact.EmailAddresses.Add("authservices@example.com");
+            spOptions.Contacts.Add(techContact);
+
+            var supportContact = new ContactPerson
+            {
+                Type = ContactType.Support
+            };
+            supportContact.EmailAddresses.Add("support@example.com");
+            spOptions.Contacts.Add(supportContact);
+
+            var attributeConsumingService = new AttributeConsumingService("AuthServices")
+            {
+                IsDefault = true,
+            };
+
+            attributeConsumingService.RequestedAttributes.Add(
+                new RequestedAttribute("urn:someName")
+                {
+                    FriendlyName = "Some Name",
+                    IsRequired = true,
+                    NameFormat = RequestedAttribute.AttributeNameFormatUri
+                });
+
+            attributeConsumingService.RequestedAttributes.Add(
+                new RequestedAttribute("Minimal"));
+
+            spOptions.AttributeConsumingServices.Add(attributeConsumingService);
+
+            return spOptions;
         }
     }
 }
\ No newline at end of file
diff --git a/SampleOwinApplication/SampleOwinApplication.csproj b/SampleOwinApplication/SampleOwinApplication.csproj
index 6fbcf2a70..6790a08eb 100644
--- a/SampleOwinApplication/SampleOwinApplication.csproj
+++ b/SampleOwinApplication/SampleOwinApplication.csproj
@@ -87,6 +87,7 @@
     <Reference Include="System" />
     <Reference Include="System.Data" />
     <Reference Include="System.Drawing" />
+    <Reference Include="System.IdentityModel" />
     <Reference Include="System.Web.DynamicData" />
     <Reference Include="System.Web.Entity" />
     <Reference Include="System.Web.ApplicationServices" />
diff --git a/SampleOwinApplication/Web.config b/SampleOwinApplication/Web.config
index bf0adbe0d..0ff59e453 100644
--- a/SampleOwinApplication/Web.config
+++ b/SampleOwinApplication/Web.config
@@ -7,9 +7,6 @@
   <configSections>
     <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
     <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
-    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
-    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
-    <section name="kentor.authServices" type="Kentor.AuthServices.Configuration.KentorAuthServicesSection, Kentor.AuthServices" />
   </configSections>
   <connectionStrings>
     <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\aspnet-SampleOwinApplication-20140814024632.mdf;Initial Catalog=aspnet-SampleOwinApplication-20140814024632;Integrated Security=True" providerName="System.Data.SqlClient" />
@@ -30,29 +27,6 @@
       <remove name="FormsAuthentication" />
     </modules>
   </system.webServer>
-  <kentor.authServices entityId="http://localhost:57294/AuthServices" returnUrl="http://localhost:57294/Account/ExternalLoginCallback" discoveryServiceUrl="http://localhost:52071/DiscoveryService">
-    <metadata>
-      <organization name="Kentor IT AB" displayName="Kentor" url="http://www.kentor.se" language="sv" />
-      <contactPerson type="Technical" email="authservices@example.com" />
-      <contactPerson type="Support" email="support@example.com" />
-      <requestedAttributes>
-        <add friendlyName="Some Name" name="urn:someName" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
-        <add name="Minimal" />
-      </requestedAttributes>
-    </metadata>
-    <identityProviders>
-      <add entityId="http://stubidp.kentor.se/Metadata"
-           destinationUrl="http://stubidp.kentor.se/"
-           allowUnsolicitedAuthnResponse="true"
-           binding="HttpRedirect">
-        <signingCertificate fileName="~/App_Data/Kentor.AuthServices.StubIdp.pfx" />
-      </add>
-    </identityProviders>
-    <federations>
-      <add metadataUrl="http://localhost:52071/Federation" allowUnsolicitedAuthnResponse="true" />
-    </federations>
-  </kentor.authServices>
-  <system.identityModel />
   <runtime>
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
       <dependentAssembly>