diff --git a/ai_web_common/flask_sso/ext.py b/ai_web_common/flask_sso/ext.py
index 3e158f118a2b3de87d31294dde9f84e169002326..db3d16ecd1cc97b890d20c68e320f65d4e6a464c 100644
--- a/ai_web_common/flask_sso/ext.py
+++ b/ai_web_common/flask_sso/ext.py
@@ -22,10 +22,15 @@ def init_sso(app, talisman):
     if 'SSO_DOMAIN' not in app.config:
         raise Exception('Must configure SSO_DOMAIN')
 
-    pubkey_file = app.config.get(
-        'SSO_PUBLIC_KEY_FILE', '/etc/sso/public.key')
-    with open(pubkey_file, 'rb') as f:
-        pubkey = f.read()
+    # Allow passing the public key as a parameter (useful for testing)
+    # or read it from a file.
+    if 'SSO_PUBLIC_KEY' in app.config:
+        pubkey = app.config['SSO_PUBLIC_KEY']
+    else:
+        pubkey_file = app.config.get(
+            'SSO_PUBLIC_KEY_FILE', '/etc/sso/public.key')
+        with open(pubkey_file, 'rb') as f:
+            pubkey = f.read()
 
     # Ensure the login server URL is /-terminated.
     app.sso_login_server = app.config['SSO_LOGIN_SERVER'].rstrip('/') + '/'