diff --git a/helios_auth/auth_systems/__init__.py b/helios_auth/auth_systems/__init__.py
index db3ed7b096f0e7bbfd64bd8b850b9b65b6744744..1085a4ea923581714fae2ed094265be7d27502a5 100644
--- a/helios_auth/auth_systems/__init__.py
+++ b/helios_auth/auth_systems/__init__.py
@@ -1,5 +1,5 @@
 from django.conf import settings
-from . import password, twitter, linkedin, cas, facebook, google, yahoo, clever
+from . import password, twitter, linkedin, cas, facebook, google, yahoo, clever, pirati
 
 AUTH_SYSTEMS = {}
 
@@ -10,8 +10,8 @@ AUTH_SYSTEMS['cas'] = cas
 AUTH_SYSTEMS['facebook'] = facebook
 AUTH_SYSTEMS['google'] = google
 AUTH_SYSTEMS['yahoo'] = yahoo
-# AUTH_SYSTEMS['pirateid'] = pirateid
 AUTH_SYSTEMS['clever'] = clever
+AUTH_SYSTEMS['pirati'] = pirati
 
 # not ready
 #import live
diff --git a/helios_auth/auth_systems/pirati.py b/helios_auth/auth_systems/pirati.py
new file mode 100644
index 0000000000000000000000000000000000000000..43d2307146d083f94b47e7a95fd39ea7b5e36e6f
--- /dev/null
+++ b/helios_auth/auth_systems/pirati.py
@@ -0,0 +1,148 @@
+"""
+Pirati Authentication
+"""
+
+from django.http import *
+from django.core.mail import send_mail
+from django.conf import settings
+
+from urllib.request import urlopen
+
+from requests_oauthlib import OAuth2Session
+
+import json
+
+
+# some parameters to indicate that status updating is not possible
+STATUS_UPDATES = False
+
+# display tweaks
+LOGIN_MESSAGE = "Přihlásit se pirátskou identitou"
+PIRATI_ENDPOINT_URL = f"{settings.PIRATI_REALM_URL}/protocol/openid-connect/auth"
+PIRATI_TOKEN_URL = f"{settings.PIRATI_REALM_URL}/protocol/openid-connect/token"
+PIRATI_USERINFO_URL = f"{settings.PIRATI_REALM_URL}/protocol/openid-connect/userinfo"
+
+
+def get_auth_url(request, redirect_url):
+    request.session["pirate_redirect_url"] = redirect_url
+    oauth = OAuth2Session(settings.PIRATI_CLIENT_ID, redirect_uri=redirect_url)
+    url, state = oauth.authorization_url(PIRATI_ENDPOINT_URL)
+    return url
+
+
+def get_user_info_after_auth(request):
+    oauth = OAuth2Session(
+        settings.PIRATI_CLIENT_ID, redirect_uri=request.session["pirate_redirect_url"]
+    )
+    token = oauth.fetch_token(
+        PIRATI_TOKEN_URL,
+        client_secret=settings.PIRATI_CLIENT_SECRET,
+        code=request.GET["code"],
+    )
+    response = oauth.get(PIRATI_USERINFO_URL)
+    data = response.json()
+    return {
+        "type": "pirati",
+        "user_id": data["preferred_username"],
+        "name": data["name"],
+        "info": {"email": data["email"]},
+        "token": {},
+    }
+
+
+def do_logout(user):
+    """
+    logout of Pirate
+    """
+    return None
+
+
+def update_status(token, message):
+    """
+    simple update
+    """
+    pass
+
+
+def send_message(user_id, user_name, user_info, subject, body):
+    """
+    send email to pirate user, user_id is combined with the domain to get the email.
+    """
+    send_mail(
+        subject,
+        body,
+        settings.SERVER_EMAIL,
+        ["%s <%s@pirati.cz>" % (user_name, user_id)],
+        fail_silently=False,
+    )
+
+
+def generate_constraint(category_id, user):
+    return category_id
+
+
+def eligibility_category_id(constraint):
+    return constraint
+
+
+def check_constraint(constraint, user):
+    """
+    for eligibility
+    """
+    userinfo = json.load(urlopen("https://graph.pirati.cz/user/" + user.user_id))
+    id = userinfo["id"]
+    usergroups = json.load(urlopen("https://graph.pirati.cz/" + id + "/groups"))
+    for usergroup in usergroups:
+        if usergroup["id"] == constraint:
+            return True
+    return False
+
+
+def can_list_categories():
+    """
+    yep, we can
+    """
+    return True
+
+
+def list_categories(user):
+    """
+    list groups from the graph api
+    """
+    groups = json.load(urlopen("https://graph.pirati.cz/groups"))
+    groups.sort(key=lambda k: k["username"].lower())
+    return [{"id": group["id"], "name": group["username"]} for group in groups]
+
+
+def can_list_category_members():
+    return True
+
+
+def list_category_members(category_id):
+    members = json.load(urlopen("https://graph.pirati.cz/" + category_id + "/members"))
+    users = []
+    for member in members:
+        users.append(
+            {
+                "type": "pirati",
+                "id": member["username"],
+                "name": member["username"],
+                "info": {"email": member["email"]},
+                "token": {},
+            }
+        )
+    return users
+
+
+def pretty_eligibility(constraint):
+    group = json.load(urlopen("https://graph.pirati.cz/" + constraint))
+    return 'Pirate users in "%s" group' % group["username"]
+
+
+#
+# Election Creation
+#
+
+
+def can_create_election(user_id, user_info):
+    return True
diff --git a/helios_auth/media/login-icons/pirati.png b/helios_auth/media/login-icons/pirati.png
new file mode 100755
index 0000000000000000000000000000000000000000..1c22646e755206601bf1690c9edb6d455665b688
Binary files /dev/null and b/helios_auth/media/login-icons/pirati.png differ
diff --git a/requirements.txt b/requirements.txt
index 9eea03f8415e6894a8dabe49f3d04eea7f33d6c2..f6063c720edf5ece1c68fafa5ce1142d0f3c27b5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,3 +20,5 @@ boto==2.49.0
 django-ses==0.8.14
 oauth2client==4.1.3
 rollbar==0.14.7
+
+requests-oauthlib==1.3.0
diff --git a/settings.py b/settings.py
index ae8f9980651067f71211d8899ac70438673f57a9..ce9b02ea75483863cab3d314c39eeb5e4fc3a66f 100644
--- a/settings.py
+++ b/settings.py
@@ -46,7 +46,7 @@ DATABASES = {
 # override if we have an env variable
 if get_from_env('DATABASE_URL', None):
     import dj_database_url
-    DATABASES['default'] = dj_database_url.config(conn_max_age=600, ssl_require=True)
+    DATABASES['default'] = dj_database_url.config(conn_max_age=600)
     DATABASES['default']['ENGINE'] = 'django.db.backends.postgresql_psycopg2'
 
 # Local time zone for this installation. Choices can be found here:
@@ -54,11 +54,11 @@ if get_from_env('DATABASE_URL', None):
 # although not all choices may be available on all operating systems.
 # If running in a Windows environment this must be set to the same as your
 # system time zone.
-TIME_ZONE = 'America/Los_Angeles'
+TIME_ZONE = 'Europe/Prague'
 
 # Language code for this installation. All choices can be found here:
 # http://www.i18nguy.com/unicode/language-identifiers.html
-LANGUAGE_CODE = 'en-us'
+LANGUAGE_CODE = 'cs-cz'
 
 SITE_ID = 1
 
@@ -210,9 +210,9 @@ HELIOS_PRIVATE_DEFAULT = False
 # authentication systems enabled
 # AUTH_ENABLED_SYSTEMS = ['password','facebook','twitter', 'google', 'yahoo']
 AUTH_ENABLED_SYSTEMS = get_from_env('AUTH_ENABLED_SYSTEMS',
-                                    get_from_env('AUTH_ENABLED_AUTH_SYSTEMS', 'password,google,facebook')
+                                    get_from_env('AUTH_ENABLED_AUTH_SYSTEMS', 'pirati')
                                     ).split(",")
-AUTH_DEFAULT_SYSTEM = get_from_env('AUTH_DEFAULT_SYSTEM', get_from_env('AUTH_DEFAULT_AUTH_SYSTEM', None))
+AUTH_DEFAULT_SYSTEM = get_from_env('AUTH_DEFAULT_SYSTEM', get_from_env('AUTH_DEFAULT_AUTH_SYSTEM', 'pirati'))
 
 # google
 GOOGLE_CLIENT_ID = get_from_env('GOOGLE_CLIENT_ID', '')
@@ -282,3 +282,8 @@ if ROLLBAR_ACCESS_TOKEN:
     'access_token': ROLLBAR_ACCESS_TOKEN,
     'environment': 'development' if DEBUG else 'production',
   }
+
+# auth setup
+PIRATI_REALM_URL = get_from_env('PIRATI_REALM_URL', '')
+PIRATI_CLIENT_ID = get_from_env('PIRATI_CLIENT_ID', '')
+PIRATI_CLIENT_SECRET = get_from_env('PIRATI_CLIENT_SECRET', '')