diff --git a/pom.xml b/pom.xml
index 7124889..4d8bd80 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
     <groupId>eu.dnetlib</groupId>
     <artifactId>uoa-repository-manager-service</artifactId>
     <version>1.0.0-SNAPSHOT</version>
-    <packaging>jar</packaging>
+    <packaging>war</packaging>
 
 
     <build>
@@ -230,6 +230,29 @@
             <version>9.1-901.jdbc3</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.mitre</groupId>
+            <artifactId>openid-connect-client</artifactId>
+            <version>1.3.0</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>jcl-over-slf4j</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.session</groupId>
+            <artifactId>spring-session-data-redis</artifactId>
+            <version>1.3.1.RELEASE</version>
+            <type>pom</type>
+        </dependency>
+        <dependency>
+            <groupId>biz.paluch.redis</groupId>
+            <artifactId>lettuce</artifactId>
+            <version>3.5.0.Final</version>
+        </dependency>
 
 
     </dependencies>
diff --git a/src/main/java/eu/dnetlib/repo/manager/service/controllers/BrokerApi.java b/src/main/java/eu/dnetlib/repo/manager/service/controllers/BrokerApi.java
index e129b42..dd9c679 100644
--- a/src/main/java/eu/dnetlib/repo/manager/service/controllers/BrokerApi.java
+++ b/src/main/java/eu/dnetlib/repo/manager/service/controllers/BrokerApi.java
@@ -3,7 +3,7 @@ package eu.dnetlib.repo.manager.service.controllers;
 import eu.dnetlib.repo.manager.shared.BrokerException;
 import eu.dnetlib.repo.manager.shared.Term;
 import eu.dnetlib.repo.manager.shared.broker.*;
-import io.swagger.annotations.*;
+import io.swagger.annotations.Api;
 import org.json.JSONException;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.*;
diff --git a/src/main/java/eu/dnetlib/repo/manager/service/controllers/UserApi.java b/src/main/java/eu/dnetlib/repo/manager/service/controllers/UserApi.java
new file mode 100644
index 0000000..8703514
--- /dev/null
+++ b/src/main/java/eu/dnetlib/repo/manager/service/controllers/UserApi.java
@@ -0,0 +1,21 @@
+package eu.dnetlib.repo.manager.service.controllers;
+
+import io.swagger.annotations.Api;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@RestController
+@RequestMapping(value = "/user")
+@Api(description = "User API",  tags = {"user"})
+public interface UserApi {
+
+    @RequestMapping(value = "/login" , method = RequestMethod.GET)
+    void login(HttpServletRequest req,
+               HttpServletResponse resp);
+
+
+}
diff --git a/src/main/java/eu/dnetlib/repo/manager/service/controllers/UserApiImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/controllers/UserApiImpl.java
new file mode 100644
index 0000000..32def27
--- /dev/null
+++ b/src/main/java/eu/dnetlib/repo/manager/service/controllers/UserApiImpl.java
@@ -0,0 +1,25 @@
+package eu.dnetlib.repo.manager.service.controllers;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@Component
+public class UserApiImpl implements UserApi {
+
+    private static final org.apache.log4j.Logger LOGGER = org.apache.log4j.Logger
+            .getLogger(UserApiImpl.class);
+
+    @Value("${oidc.issuer}")
+    private String oidc_issuer;
+
+    @Override
+    public void login(HttpServletRequest req,
+                      HttpServletResponse resp) {
+        LOGGER.debug(oidc_issuer);
+        resp.setStatus(HttpServletResponse.SC_FOUND);
+        resp.setHeader("Location", oidc_issuer);
+    }
+}
diff --git a/src/main/java/eu/dnetlib/repo/manager/service/utils/Config.java b/src/main/java/eu/dnetlib/repo/manager/service/utils/Config.java
new file mode 100644
index 0000000..580db00
--- /dev/null
+++ b/src/main/java/eu/dnetlib/repo/manager/service/utils/Config.java
@@ -0,0 +1,54 @@
+package eu.dnetlib.repo.manager.service.utils;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.session.web.http.CookieSerializer;
+import org.springframework.session.web.http.DefaultCookieSerializer;
+
+import javax.annotation.PostConstruct;
+import java.util.logging.Logger;
+
+@Configuration
+@EnableRedisHttpSession
+@PropertySource(value = { "classpath:eu/dnetlib/repo/manager/service/application.properties", "classpath:application.properties"} )
+@ComponentScan(basePackages = "eu.dnetlib.repo.manager")
+public class Config {
+
+    private static Logger LOGGER = Logger.getLogger(String.valueOf(Config.class));
+
+    @Value("${redis.host}")
+    private String host;
+
+    @Value("${redis.port:6379}")
+    private String port;
+
+    @Value("${redis.password:#{null}}")
+    private String password;
+
+    @PostConstruct
+    private void init(){
+        LOGGER.info(host);
+    }
+
+    @Bean
+    public LettuceConnectionFactory connectionFactory() {
+        LOGGER.info(String.format("Redis connection listens to %s:%s",host,port));
+        LettuceConnectionFactory factory = new LettuceConnectionFactory(host,Integer.parseInt(port));
+        if(password != null) factory.setPassword(password);
+        return factory;
+    }
+
+    @Bean
+    public CookieSerializer cookieSerializer() {
+        DefaultCookieSerializer serializer = new DefaultCookieSerializer();
+        serializer.setCookieName("SESSION"); // <1>
+        serializer.setCookiePath("/"); // <2>
+        return serializer;
+    }
+
+}
diff --git a/src/main/java/eu/dnetlib/repo/manager/service/utils/FrontEndLinkURIAuthenticationSuccessHandler.java b/src/main/java/eu/dnetlib/repo/manager/service/utils/FrontEndLinkURIAuthenticationSuccessHandler.java
new file mode 100644
index 0000000..4f9b64e
--- /dev/null
+++ b/src/main/java/eu/dnetlib/repo/manager/service/utils/FrontEndLinkURIAuthenticationSuccessHandler.java
@@ -0,0 +1,36 @@
+package eu.dnetlib.repo.manager.service.utils;
+
+import org.mitre.openid.connect.model.OIDCAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class FrontEndLinkURIAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
+
+    private String frontEndURI;
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+        OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;
+        Cookie sessionCookie = new Cookie("currentUser", authOIDC.getSub());
+        int expireSec = -1;
+        sessionCookie.setMaxAge(expireSec);
+        sessionCookie.setPath("/");
+        response.addCookie(sessionCookie);
+        response.sendRedirect(frontEndURI);
+    }
+
+    public String getFrontEndURI() {
+        return frontEndURI;
+    }
+
+    public void setFrontEndURI(String frontEndURI) {
+        this.frontEndURI = frontEndURI;
+    }
+}
+
diff --git a/src/main/resources/application-context.xml b/src/main/resources/application-context.xml
index 1fcbfbd..c5d0e89 100644
--- a/src/main/resources/application-context.xml
+++ b/src/main/resources/application-context.xml
@@ -1,13 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xmlns:task="http://www.springframework.org/schema/task" xmlns:tx="http://www.springframework.org/schema/tx"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans
-       http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
-	http://www.springframework.org/schema/context
-	http://www.springframework.org/schema/context/spring-context-4.0.xsd
-	http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd">
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:security="http://www.springframework.org/schema/security"
+       xmlns:util="http://www.springframework.org/schema/util" xmlns:task="http://www.springframework.org/schema/task"
+       xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
+       xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
+		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.1.xsd
+
+		  http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd"
+       default-autowire="byType">
 
     <!--<import resource="classpath:META-INF/cxf/cxf.xml"/>
     <import resource="classpath:META-INF/cxf/cxf-extension-jaxws.xml"/>
@@ -28,6 +30,7 @@
     <context:property-placeholder location="classpath*:/eu/**/application.properties" />
     <tx:annotation-driven transaction-manager="txManager"/>
 
+<!--
     <bean class="eu.dnetlib.repo.manager.service.config.CascadingPropertyLoader" id="propertyLoader">
         <property name="order" value="2" />
         <property name="properties">
@@ -56,6 +59,7 @@
             </list>
         </property>
     </bean>
+-->
 
     <bean id="repomanager.dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
         <property name="driverClassName" value="${repomanager.db.driverClassName}" />
@@ -80,4 +84,168 @@
         <property name="dataSource" ref="repomanager.dataSource"/>
     </bean>
 
+    <bean id="webexpressionHandler"
+          class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
+
+    <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true"
+                                     authentication-manager-ref="authenticationManager"/>
+
+    <security:http auto-config="false" use-expressions="true"
+                   disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
+                   pattern="/**">
+
+        <security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
+
+        <security:logout />
+
+    </security:http>
+
+    <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
+        <constructor-arg type="java.lang.String" value="/openid_connect_login"/>
+    </bean>
+
+    <security:authentication-manager alias="authenticationManager">
+        <security:authentication-provider ref="openIdConnectAuthenticationProvider" />
+    </security:authentication-manager>
+
+    <bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
+        <property name="authoritiesMapper">
+            <bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
+                <property name="admins" ref="namedAdmins" />
+            </bean>
+        </property>
+    </bean>
+
+    <util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
+        <!--
+            This is an example of how quantity set up a user as an administrator: they'll be given ROLE_ADMIN in addition quantity ROLE_USER.
+            Note that having an administrator role on the IdP doesn't grant administrator access on this client.
+            These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
+        -->
+        <bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
+            <constructor-arg name="subject" value="90342.ASDFJWFA" />
+            <constructor-arg name="issuer" value="${oidc.issuer}" />
+        </bean>
+    </util:set>
+
+    <bean class="eu.dnetlib.repo.manager.service.utils.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
+        <property name="frontEndURI" value="${webapp.front}"/>
+    </bean>
+    <!--
+      -
+      - The authentication filter
+      -
+      -->
+    <bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
+        <property name="authenticationManager" ref="authenticationManager" />
+
+        <property name="issuerService" ref="staticIssuerService" />
+        <property name="serverConfigurationService" ref="staticServerConfigurationService" />
+        <property name="clientConfigurationService" ref="staticClientConfigurationService" />
+        <property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
+        <property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
+        <property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
+
+    </bean>
+
+
+
+    <!--
+      -
+      -	Issuer Services: Determine which identity provider issuer is used.
+      -
+      -->
+
+
+    <!--
+        Static issuer service, returns the same issuer for every request.
+    -->
+    <bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
+        <property name="issuer" value="${oidc.issuer}" />
+    </bean>
+
+    <bean class="org.mitre.openid.connect.client.service.impl.HybridIssuerService" id="hybridIssuerService">
+        <property name="loginPageUrl" value="login" />
+        <property name="forceHttps" value="false" /> <!-- this default property forces the webfinger issuer URL quantity be HTTPS, turn off for development work -->
+    </bean>
+
+    <!--
+		Dynamic server configuration, fetches the server's information using OIDC Discovery.
+	-->
+    <bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
+        <property name="servers">
+            <map>
+                <entry key="${oidc.issuer}">
+                    <bean class="org.mitre.openid.connect.config.ServerConfiguration">
+                        <property name="issuer" value="${oidc.issuer}" />
+                        <property name="authorizationEndpointUri"	value="${oidc.issuer}authorize" />
+                        <property name="tokenEndpointUri"	value="${oidc.issuer}token" />
+                        <property name="userInfoUri" value="${oidc.issuer}userinfo" />
+                        <property name="jwksUri" value="${oidc.issuer}jwk" />
+                        <property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
+                    </bean>
+                </entry>
+            </map>
+        </property>
+    </bean>
+
+
+    <!--
+       Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
+   -->
+
+    <bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
+        <property name="clients">
+            <map>
+                <entry key="${oidc.issuer}">
+                    <bean class="org.mitre.oauth2.model.RegisteredClient">
+                        <property name="clientId" value="${oidc.id}" />
+                        <property name="clientSecret" value="${oidc.secret}" />
+                        <property name="scope">
+                            <set value-type="java.lang.String">
+                                <value>openid</value>
+                            </set>
+                        </property>
+                        <property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
+                        <property name="redirectUris">
+                            <set>
+                                <value>${webapp.home}</value>
+                            </set>
+                        </property>
+                    </bean>
+                </entry>
+            </map>
+        </property>
+    </bean>
+
+
+    <!--
+	  -
+	  -	Auth request options service: returns the optional components of the request
+	  -
+	  -->
+    <bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
+        <property name="options">
+            <map>
+                <!-- Entries in this map are sent as key-value parameters quantity the auth request -->
+                <!--
+                <entry key="display" value="page" />
+                <entry key="max_age" value="30" />
+                <entry key="prompt" value="none" />
+                -->
+            </map>
+        </property>
+    </bean>
+
+    <!--
+	  -
+	  - Authorization URL Builders: create the URL quantity redirect the user quantity for authorization.
+	  -
+	  -->
+
+    <!--
+        Plain authorization request builder, puts all options as query parameters on the GET request
+    -->
+    <bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
+
 </beans>
\ No newline at end of file
diff --git a/src/main/resources/eu/dnetlib/repo/manager/service/application.properties b/src/main/resources/eu/dnetlib/repo/manager/service/application.properties
index 047ecbf..32f97c2 100644
--- a/src/main/resources/eu/dnetlib/repo/manager/service/application.properties
+++ b/src/main/resources/eu/dnetlib/repo/manager/service/application.properties
@@ -96,4 +96,14 @@ repomanager.db.password = dnetPwd
 
 services.repomanager.analyticsURL = http://analytics.openaire.eu/addsite.php?
 
-topic_types.url = https://beta.services.openaire.eu/provision/mvc/vocabularies/dnet:topic_types.json
\ No newline at end of file
+topic_types.url = https://beta.services.openaire.eu/provision/mvc/vocabularies/dnet:topic_types.json
+
+oidc.issuer = https://aai.openminted.eu/oidc/
+oidc.id = 24e83176-1312-4ba3-bc0b-ffeebea1603e
+oidc.secret = U_gLOupYu2trYIOwfxGgZkkZoOHG_zGfaViOUsXcZ7qVQuF1rcJeQYKIDX1TY3z27CIoHaqq9ht2rmAiUmBRYQ
+webapp.home = http://localhost:8380/repomanager-service/openid_connect_login
+webapp.front=http://localhost:8380/
+
+redis.host = 83.212.101.85
+#redis.port = 6379
+#redis.password
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index fb104ea..1db6c6c 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -17,6 +17,14 @@ http://xmlns.jcp.org/xml/ns/javaee "
         <param-name>log4jExposeWebAppRoot</param-name>
         <param-value>false</param-value>
     </context-param>
+    <filter>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+    <filter-mapping>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
     <listener>
         <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
     </listener>
@@ -33,17 +41,37 @@ http://xmlns.jcp.org/xml/ns/javaee "
     </context-param>
 
 
-    <servlet>
-        <servlet-name>spring</servlet-name>
-        <servlet-class>
-            org.springframework.web.servlet.DispatcherServlet
-        </servlet-class>
-        <load-on-startup>1</load-on-startup>
-    </servlet>
+    <filter>
+        <filter-name>CorsFilter</filter-name>
+        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+        <init-param>
+            <param-name>cors.allowed.origins</param-name>
+            <param-value>*</param-value>
+        </init-param>
+        <init-param>
+            <param-name>cors.allowed.headers</param-name>
+            <param-value>Content-Type,X-Requested-With,accept,authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
+        </init-param>
+        <init-param>
+            <param-name>cors.allowed.methods</param-name>
+            <param-value>GET, POST, PUT, DELETE, OPTIONS, HEAD</param-value>
+        </init-param>
+    </filter>
 
-    <servlet-mapping>
-        <servlet-name>spring</servlet-name>
-        <url-pattern>/</url-pattern>
-    </servlet-mapping>
+    <filter-mapping>
+        <filter-name>CorsFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <filter>
+        <filter-name>springSessionRepositoryFilter</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+    <filter-mapping>
+        <filter-name>springSessionRepositoryFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+        <dispatcher>REQUEST</dispatcher>
+        <dispatcher>ERROR</dispatcher>
+    </filter-mapping>
 
 </web-app>
\ No newline at end of file