diff --git a/hobo/agent/authentic2/management/commands/import-wcs-roles.py b/hobo/agent/authentic2/management/commands/import-wcs-roles.py
index 5fef8e8..bdd9047 100644
--- a/hobo/agent/authentic2/management/commands/import-wcs-roles.py
+++ b/hobo/agent/authentic2/management/commands/import-wcs-roles.py
@@ -97,9 +97,13 @@ class WcsRoleImporter(object):
             {'format': 'json', 'orig': self.orig, 'email': self.email})
         signed_url = signature.sign_url(url, self.key)
         response = requests.get(signed_url)
-        for role in response.json()['data']:
-            yield Role(name=role['text'], external_id=str(role['slug']),
-                       slug=str(role['slug']))
+        if response.status_code == 200:
+            for role in response.json()['data']:
+                yield Role(name=role['text'], external_id=str(role['slug']),
+                           slug=str(role['slug']))
+        else:
+            self.logger.warn('failed to get roles for %s (response: %s)',
+                    self.wcs_url, response.status_code)
 
 
 class Command(BaseCommand):
@@ -128,13 +132,16 @@ class Command(BaseCommand):
         if not me:
             print 'skipping %s, self services is not marked' % tenant
             return
-        orig = urlparse.urlsplit(me['base_url']).netloc
+        me = me[0]
+        orig = urlparse.urlsplit(me['base_url']).netloc.split(':')[0]
         key = hashlib.sha1(orig+me['secret_key']).hexdigest()
         # FIXME: get mail of the oldest superuser, could we do better ?
         User = get_user_model()
         email = User.objects.order_by('id').filter(email__contains='@',
                                                    is_superuser=True)[0].email
         for service in hobo_environment['services']:
+            if not service.get('service-id') == 'wcs':
+                continue
             if not service.get('saml-sp-metadata-url'):
                 continue
             liberty_provider = LibertyProvider.objects.get(