diff --git a/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java b/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
index 583372471d738a43a2dd4ba8892a45e1ec35faac..a4f87c4282a0ab45526b6df2e2e17badb9b6ea10 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
@@ -1,12 +1,34 @@
 package it.inaf.ia2.gms;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.jwk.JwkTokenStore;
 
 @SpringBootApplication
+@EnableOAuth2Sso
 public class GmsApplication {
 
     public static void main(String[] args) {
         SpringApplication.run(GmsApplication.class, args);
     }
+
+    @Value("${security.oauth2.resource.jwk.key-set-uri}")
+    private String keySetUri;
+
+    @Bean
+    public TokenStore tokenStore() {
+        JwkTokenStore jwkTokenStore = new JwkTokenStore(keySetUri, accessTokenConverter());
+        return jwkTokenStore;
+    }
+
+    @Bean
+    public JwtAccessTokenConverter accessTokenConverter() {
+        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
+        return converter;
+    }
 }
diff --git a/gms/src/main/java/it/inaf/ia2/gms/LoginController.java b/gms/src/main/java/it/inaf/ia2/gms/LoginController.java
new file mode 100644
index 0000000000000000000000000000000000000000..9b63328a25da49f2080b28af05e442715764d366
--- /dev/null
+++ b/gms/src/main/java/it/inaf/ia2/gms/LoginController.java
@@ -0,0 +1,20 @@
+package it.inaf.ia2.gms;
+
+import java.security.Principal;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class LoginController {
+
+    @GetMapping("/login")
+    public Principal start(Principal principal) {
+        return principal;
+    }
+    
+    
+    @GetMapping("/")
+    public Principal root(Principal principal) {
+        return principal;
+    }
+}
diff --git a/gms/src/main/resources/application.properties b/gms/src/main/resources/application.properties
index 8b137891791fe96927ad78e64b0aad7bded08bdc..b2167d98813c451edc2d3398e3d5ddb58d432c72 100644
--- a/gms/src/main/resources/application.properties
+++ b/gms/src/main/resources/application.properties
@@ -1 +1,11 @@
+server.port=8081
 
+security.oauth2.client.client-id=gms
+security.oauth2.client.client-secret=gms-secret
+security.oauth2.client.access-token-uri=http://localhost/rap-ia2/auth/oauth2/token
+security.oauth2.client.user-authorization-uri=http://localhost/rap-ia2/auth/oauth2/authorize
+#security.oauth2.resource.token-info-uri=http://localhost/rap-ia2/auth/oauth2/check_token
+security.oauth2.client.scope=email,profile
+security.oauth2.resource.jwk.key-set-uri=http://localhost/rap-ia2/auth/oidc/jwks
+
+logging.level.org.springframework.security=DEBUG