diff --git a/gcube/authorization_service/defaults/main.yml b/gcube/authorization_service/defaults/main.yml
new file mode 100644
index 00000000..e098f0dd
--- /dev/null
+++ b/gcube/authorization_service/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+authorization_service_install: False
+authorization_service_name: authorization-service  
+authorization_service_file: '{{ authorization_service_name }}-2.0.0-20160927.120833-1.war'
+authorization_service_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/gcube-snapshots/org/gcube/common/authorization-service/2.0.0-SNAPSHOT/{{ authorization_service_file }}'
+authorization_service_persistence_dest: WEB-INF/classes/META-INF/persistence.xml
+authorization_service_config_dest: WEB-INF/AuthorizationConfiguration.xml
+authorized_ips:
+  - 127.0.0.1
+
diff --git a/gcube/authorization_service/tasks/main.yml b/gcube/authorization_service/tasks/main.yml
new file mode 100644
index 00000000..47c350ed
--- /dev/null
+++ b/gcube/authorization_service/tasks/main.yml
@@ -0,0 +1,31 @@
+---
+- block:
+    - name: Remove the installed authorization service before upgrading
+      file: dest={{ item }} state=absent
+      with_items:
+        - '{{ auth_instance_path }}/webapps/authorization-service'
+        - '{{ auth_instance_path }}/webapps/authorization-service.war'
+      when: authorization_upgrade or not authorization_service_install
+
+    - name: Get the authorization service war file
+      get_url: url={{ authorization_service_url }} dest={{ auth_instance_path }}/webapps/{{ authorization_service_file }}
+
+    - name: Unpack the authorization service war file
+      shell: mkdir {{ auth_instance_path }}/webapps/authorization-service ; cd {{ auth_instance_path }}/webapps/authorization-service ; jar xf {{ auth_instance_path }}/webapps/{{ authorization_service_file }}
+      args:
+        creates: '{{ auth_instance_path }}/webapps/authorization-service/WEB-INF/AuthorizationConfiguration.xml'
+
+    - name: Install the authorization service AuthorizationConfiguration.xml template
+      template: src=AuthorizationConfiguration.xml.j2 dest={{ auth_instance_path }}/webapps/authorization-service/{{ authorization_service_config_dest }} mode=0440
+      with_items: '{{ tomcat_m_instances }}'
+      notify: tomcat instances restart
+
+    - name: Install the authorization service persistence.xml template
+      template: src=persistence.xml.j2 dest={{ auth_instance_path }}/webapps/authorization-service/{{ authorization_service_persistence_dest }} mode=0440
+      with_items: '{{ tomcat_m_instances }}'
+      notify: tomcat instances restart
+
+  become: True
+  become_user: '{{ auth_user }}'
+  when: authorization_service_install
+  tags: ['authorization_service', 'tomcat' ]
diff --git a/gcube/authorization_service/templates/AuthorizationConfiguration.xml.j2 b/gcube/authorization_service/templates/AuthorizationConfiguration.xml.j2
new file mode 100644
index 00000000..783c1f1d
--- /dev/null
+++ b/gcube/authorization_service/templates/AuthorizationConfiguration.xml.j2
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Configuration>
+  <Rule path="/token/user" requiresToken="false">
+    {% for ip in authorized_ips %}
+    <Entity type="IP" value="{{ ip }}" />
+    {% endfor %}
+        </Rule>
+        <Rule path="/apikey" requiresToken="true"/>
+        <Rule path="/policyManager" requiresToken="true"/>
+        <Rule path="/token/external" requiresToken="true"/>
+</Configuration>
+
diff --git a/gcube/authorization_service/templates/persistence.xml.j2 b/gcube/authorization_service/templates/persistence.xml.j2
new file mode 100644
index 00000000..3ad39bc0
--- /dev/null
+++ b/gcube/authorization_service/templates/persistence.xml.j2
@@ -0,0 +1,33 @@
+<persistence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd"
+	version="2.0" xmlns="http://java.sun.com/xml/ns/persistence">
+
+	<!-- change here if you want name of unit different -->
+	<persistence-unit name="authorization" transaction-type="RESOURCE_LOCAL">
+		<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
+		
+		<!-- Converters -->
+		<class>org.gcube.common.authorizationservice.persistence.entities.converters.StringListConverter</class>
+		
+		
+		<!-- Entities -->
+		<class>org.gcube.common.authorizationservice.persistence.entities.AuthorizationEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.ServiceAuthorizationEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.UserAuthorizationEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.ExternalServiceAuthorizationEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.NodeAuthorizationEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.PolicyEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.ServicePolicyEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.UserPolicyEntity</class>
+		<properties>
+			<property name="javax.persistence.jdbc.url"
+				value="jdbc:postgresql://{{ auth_postgresql_host }}/{{ psql_db_name }}" />
+			<property name="javax.persistence.jdbc.driver" value="org.postgresql.Driver" />
+			<property name="javax.persistence.jdbc.user" value="{{ psql_db_user }}" />
+			<property name="javax.persistence.jdbc.password" value="{{ authorization_db_pwd }}" />
+			<property name="eclipselink.ddl-generation" value="create-tables" />
+			<property name="eclipselink.ddl-generation.output-mode"
+				value="database" />
+		</properties>
+	</persistence-unit>
+</persistence>