diff --git a/cmd/sso-server/main.go b/cmd/sso-server/main.go
index 84f2d0abcf2edb6db847d048cf931b2297a84567..26d6cfc1dc791f2095a13d8f557533d231bf9c05 100644
--- a/cmd/sso-server/main.go
+++ b/cmd/sso-server/main.go
@@ -21,17 +21,17 @@ var (
 // Config wraps together the sso-server configuration and the standard
 // HTTP server config.
 type Config struct {
-	*server.Config
-	ServerConfig *serverutil.ServerConfig `yaml:"http_server"`
+	server.Config `yaml:",inline"`
+	ServerConfig  *serverutil.ServerConfig `yaml:"http_server"`
 }
 
-func loadConfig() (*Config, error) {
+func loadConfig(path string) (*Config, error) {
 	// Read YAML config.
-	data, err := ioutil.ReadFile(*configFile)
+	data, err := ioutil.ReadFile(path)
 	if err != nil {
 		return nil, err
 	}
-	config := Config{Config: new(server.Config)}
+	var config Config
 	if err := yaml.Unmarshal(data, &config); err != nil {
 		return nil, err
 	}
@@ -42,7 +42,7 @@ func main() {
 	log.SetFlags(0)
 	flag.Parse()
 
-	config, err := loadConfig()
+	config, err := loadConfig(*configFile)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -50,13 +50,13 @@ func main() {
 		log.Fatal(err)
 	}
 
-	loginService, err := server.NewLoginService(config.Config)
+	loginService, err := server.NewLoginService(&config.Config)
 	if err != nil {
 		log.Fatal(err)
 	}
 
 	authClient := client.New(*authSocket)
-	httpSrv, err := server.New(loginService, authClient, config.Config)
+	httpSrv, err := server.New(loginService, authClient, &config.Config)
 	if err != nil {
 		log.Fatal(err)
 	}
diff --git a/cmd/sso-server/main_test.go b/cmd/sso-server/main_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..1e26c609d3dd282f64075e5ed05682bea1af1e56
--- /dev/null
+++ b/cmd/sso-server/main_test.go
@@ -0,0 +1,54 @@
+package main
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+)
+
+var testConfig = `---
+secret_key_file: "/etc/sso/secret.key"
+public_key_file: "/etc/sso/public.key"
+domain: "example.com"
+allowed_services:
+  - "^(login|panel|monitor|logs)\\.example.com/$"
+  - "^\\d+\\.webmail\\.example.com/$"
+allowed_exchanges:
+  - src_regexp: "^www.example.com/webmail/\\d+/$"
+  - dst_regexp: "^imap.example.com/$"
+service_ttls:
+  - regexp: "^www.example.com/webmail/\\d+/$"
+    ttl: 43200
+  - regexp: "^imap.example.com/$"
+    ttl: 43200
+  - regexp: ".*"
+    ttl: 300
+auth_session_lifetime: 43200
+session_secrets:
+  - "iNQcyp5neUmbrxoj4yfRVhGL8HYGKNWRIv7t5ZiTxXwnJqBJYIU0gQx+1ar7Hsn0"
+  - "Xqphf9jjr/jZCk+m"
+csrf_secret: "XLFtiymBU5p59K/IsqW/oh/5dfP4UC6JSNWMVeiQ8t8GjnB1rzusIFnyho5y4nE1"
+auth_service: sso
+device_manager:
+  auth_key: "ffolt81h4CA5kEcwckXmuUUkchwKQmRAeWb1H6Kpzx3+uGqwrVpBfGwzRSYaeir1"
+  trusted_forwarders:
+    - 192.168.10.10
+`
+
+func TestMain_LoadConfig(t *testing.T) {
+	dir, err := ioutil.TempDir("", "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	ioutil.WriteFile(dir+"/config.yml", []byte(testConfig), 0640)
+
+	conf, err := loadConfig(dir + "/config.yml")
+	if err != nil {
+		t.Fatal("LoadConfig:", err)
+	}
+	if err := conf.Config.Compile(); err != nil {
+		t.Fatal("Compile:", err)
+	}
+}