diff --git a/docker-compose.yml b/docker-compose.yml
index 368d830..602f1db 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,10 +1,7 @@
 version: '3.3'
 services:
   irma:
-    build:
-      dockerfile: './irmago.Dockerfile'
-      context: 'docker'
-    user: "$USER_ID:$GROUP_ID"
+    image: ghcr.io/privacybydesign/irma:v0.15.0
     expose: [8089]
     environment:
       TZ: Europe/Amsterdam
@@ -20,10 +17,8 @@ services:
         source: ./dev-keys/jwt.pub.pem
         target: /app/config/sidn-irma-saml-bridge.pub.pem
     command:
-      - "irma"
       - "server"
       - "--verbose"
-      - "--schemes-path=/app/schemes"
       - "--schemes-update=0"
       - "--port=8089"
       - "--jwt-privkey-file=/app/config/irma-test.pem"
@@ -31,7 +26,7 @@ services:
       - "--no-email"
       - "--no-tls"
       - "--no-auth=0"
-      - "--requestors={\"sidn-irma-saml-bridge\": {\"auth_method\": \"publickey\", \"key_file\": \"/app/config/sidn-irma-saml-bridge.pub.pem\"}}"
+      - "--requestors={\"sidn-irma-saml-bridge\": {\"auth_method\": \"publickey\", \"key_file\": \"/app/config/sidn-irma-saml-bridge.pub.pem\", \"host_perms\": [\"*\"]}}"
 
   # Note: we put nginx in between to handle CORS.
   nginx:
diff --git a/docker/irmago.Dockerfile b/docker/irmago.Dockerfile
deleted file mode 100644
index 934ed68..0000000
--- a/docker/irmago.Dockerfile
+++ /dev/null
@@ -1,22 +0,0 @@
-FROM debian:buster-slim
-
-WORKDIR /root
-
-RUN set -eux; \
-    apt-get update; \
-    DEBIAN_FRONTEND=noninteractive apt-get upgrade -y; \
-    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-        ca-certificates \
-        wget \
-        unzip \
-    ; \
-    rm -rf /var/lib/apt/lists/*;
-
-RUN wget https://github.com/privacybydesign/irmago/releases/download/v0.11.0/irma-linux-amd64 -O /usr/local/bin/irma
-RUN chmod +x /usr/local/bin/irma
-
-RUN mkdir -p /app/schemes
-RUN wget -O /tmp/pbdf.zip https://github.com/privacybydesign/pbdf-schememanager/archive/refs/heads/master.zip && unzip /tmp/pbdf.zip -d /app/schemes/ && mv /app/schemes/pbdf-schememanager-master /app/schemes/pbdf
-RUN wget -O /tmp/irma-demo.zip https://github.com/privacybydesign/irma-demo-schememanager/archive/refs/heads/master.zip && unzip /tmp/irma-demo.zip -d /app/schemes/ && mv /app/schemes/irma-demo-schememanager-master /app/schemes/irma-demo
-
-CMD ["irma", "server", "-v"]
\ No newline at end of file
diff --git a/src/main/java/nl/sidn/irma/saml_bridge/controller/RequestController.java b/src/main/java/nl/sidn/irma/saml_bridge/controller/RequestController.java
index 7e699ad..0372f2e 100644
--- a/src/main/java/nl/sidn/irma/saml_bridge/controller/RequestController.java
+++ b/src/main/java/nl/sidn/irma/saml_bridge/controller/RequestController.java
@@ -360,20 +360,6 @@ public String request(
                     model);
         }
 
-        // Create the JWT request intended for IRMA.
-        TreeMap<String, Object> content = new TreeMap<>();
-        content.put("@context", "https://irma.app/ld/request/disclosure/v2");
-        content.put("disclose", condiscon);
-
-        TreeMap<String, Object> sprequest = new TreeMap<>();
-        sprequest.put("request", content);
-        sprequest.put("validity", 30); // Seconds that JWT session result is valid
-        // sprequest.put("timeout", 240); // Seconds that JWT session is valid before it
-        // times out
-
-        // Sign with our private key
-        String token = jwtUtil.createJwtToken("verification_request", "sprequest", sprequest);
-
         // Custom Connectis method to retrieve service provider identity.
         String spName = authnRequest.getProviderName();
 
@@ -389,32 +375,43 @@ public String request(
         String protocol = config.getProtocol();
         String host;
         String postfix;
-        String irmaServiceHost;
+        String irmaServiceBaseUrl;
 
         if (path == null) {
             // No specific mapping found, use generic mapping.
-            host = protocol + config.getDefaultMap().getHost();
-            irmaServiceHost = protocol + config.getDefaultMap().getIrmaServiceHost();
+            host = config.getDefaultMap().getHost();
+            irmaServiceBaseUrl = protocol + config.getDefaultMap().getIrmaServiceHost();
             postfix = config.getDefaultMap().getPostfix();
         } else {
             // Use specific mapping.
-            host = protocol + path.getHost();
-            irmaServiceHost = protocol + path.getIrmaServiceHost();
+            host = path.getHost();
+            irmaServiceBaseUrl = protocol + path.getIrmaServiceHost();
             postfix = path.getPostfix();
         }
 
         host = host.replace("{spName}", spName);
         postfix = postfix.replace("{spName}", spName);
 
+        // Create the JWT request intended for IRMA.
+        TreeMap<String, Object> content = new TreeMap<>();
+        content.put("@context", "https://irma.app/ld/request/disclosure/v2");
+        content.put("disclose", condiscon);
+        content.put("host", host);
+
+        TreeMap<String, Object> sprequest = new TreeMap<>();
+        sprequest.put("request", content);
+        sprequest.put("validity", 30); // Seconds that JWT session result is valid
+        // sprequest.put("timeout", 240); // Seconds that JWT session is valid before it
+        // times out
+
+        // Sign with our private key
+        String token = jwtUtil.createJwtToken("verification_request", "sprequest", sprequest);
+
         // start the IRMA session from the backend to see if it is possible to start
         // without errors
         String irmaSessionData = null;
         try {
-            irmaSessionData = irmaService.startSession(token, irmaServiceHost + postfix);
-
-            // replace the irmaServiceHost in the response back to the host, so the frontend
-            // used the correct host
-            irmaSessionData = irmaSessionData.replace(irmaServiceHost, host);
+            irmaSessionData = irmaService.startSession(token, irmaServiceBaseUrl + postfix);
         } catch (BridgeException e) {
             // looging already done in the irmaService
             return showError(RequestError.builder()
@@ -432,7 +429,10 @@ public String request(
         // support in irma-web to switch language manually.
         String language = "nl";
 
-        request.setAttribute("irma_server", host + postfix);
+        // Use a URL with the external host to prevent CORS issues.
+        String externalIrmaServiceBaseUrl = protocol + host;
+
+        request.setAttribute("irma_server", externalIrmaServiceBaseUrl + postfix);
         request.setAttribute("language", language);
         request.setAttribute("session_data", irmaSessionData);
         request.setAttribute("assert_url", ourPostfix + "/assert");
@@ -457,7 +457,7 @@ public String request(
         // which is under the guise of a client hostname.
         // As such we need to give permission to perform an AJAX request to that
         // hostname.
-        response.setHeader("Access-Control-Allow-Origin", host);
+        response.setHeader("Access-Control-Allow-Origin", externalIrmaServiceBaseUrl);
 
         response.setContentType("text/html");