diff --git a/roles/oidc-playground/defaults/main.yml b/roles/oidc-playground/defaults/main.yml
new file mode 100644
index 000000000..58cb18672
--- /dev/null
+++ b/roles/oidc-playground/defaults/main.yml
@@ -0,0 +1 @@
+oidc_playground_dir: /opt/openconext/oidc-playground
diff --git a/roles/oidc-playground/handlers/main.yml b/roles/oidc-playground/handlers/main.yml
new file mode 100644
index 000000000..f195da4bb
--- /dev/null
+++ b/roles/oidc-playground/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: restart oidc-playground-docker
+  community.docker.docker_container:
+    name: dashboardserver
+    state: started
+    restart: true
diff --git a/roles/oidc-playground/tasks/main.yml b/roles/oidc-playground/tasks/main.yml
new file mode 100644
index 000000000..83286f4b8
--- /dev/null
+++ b/roles/oidc-playground/tasks/main.yml
@@ -0,0 +1,89 @@
+---
+- name: Create oidc-playground directory
+  ansible.builtin.file:
+    dest: "{{ oidc_playground_dir }}"
+    state: directory
+    owner: root
+    group: root
+    mode: "0750"
+
+- name: Copy config
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "{{ oidc_playground_dir }}/{{ item }}"
+    owner: root
+    group: root
+    mode: "0740"
+  with_items:
+    - logback.xml
+    - serverapplication.yml
+  notify:
+    - "restart oidc-playground-docker"
+
+- name: Create and start the server container
+  community.docker.docker_container:
+    name: oidcplaygroundserver
+    image: ghcr.io/openconext/openconext-oidc-playground/oidc-playground-server:{{ oidc_playground_server_version }}
+    pull: true
+    restart_policy: "always"
+    state: started
+    networks:
+      - name: "loadbalancer"
+    mounts:
+      - source: "{{ oidc_playground_dir }}/serverapplication.yml"
+        target: /application.yml
+        type: bind
+      - source: "{{ oidc_playground_dir }}/logback.xml"
+        target: /logback.xml
+        type: bind
+    command: "-Xmx128m --spring.config.location=./"
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "wget",
+          "-no-verbose",
+          "--tries=1",
+          "--spider",
+          "http://localhost:8080/internal/health",
+        ]
+      interval: 10s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+  notify: restart oidc-playground-docker
+
+- name: Create the gui container
+  community.docker.docker_container:
+    name: oidcplaygroundgui
+    image: ghcr.io/openconext/openconext-oidc-playground/oidc-playground-gui:{{ oidc_playground_client_version }}
+    pull: true
+    restart_policy: "always"
+    state: started
+    networks:
+      - name: "loadbalancer"
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.oidc-playgroundgui.rule: "Host(`oidc-playground.{{ base_domain }}`)"
+      traefik.http.routers.oidc-playgroundgui.tls: "true"
+      traefik.http.services.oidc-playgroundgui.loadbalancer.server.port: "80"
+    healthcheck:
+      test: ["CMD", "curl", "--fail", "http://localhost/internal/health"]
+      interval: 10s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+    env:
+      HTTPD_CSP: "{{ httpd_csp.lenient }}"
+
+# - name: Include the role manage_provision_entities to provision oidc-playground resource server to Manage
+#   include_role:
+#     name: manage_provision_entities
+#   vars:
+#     entity_type: oauth20_rs
+#
+# - name: Include the role manage_provision_entities to provision oidc-playground client to Manage
+#   include_role: 
+#     name: manage_provision_entities
+#   vars: 
+#     entity_type: oidc10_rp
diff --git a/roles/oidc-playground/templates/logback.xml.j2 b/roles/oidc-playground/templates/logback.xml.j2
new file mode 100644
index 000000000..0ffde3531
--- /dev/null
+++ b/roles/oidc-playground/templates/logback.xml.j2
@@ -0,0 +1,30 @@
+#jinja2:lstrip_blocks: True
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration scan="true">
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+  <encoder>
+     <pattern>%d{ISO8601} %5p [%t] %logger{40}:%L - %m%n</pattern>
+   </encoder>
+ </appender>
+
+
+ <appender name="EMAIL" class="ch.qos.logback.classic.net.SMTPAppender">
+   <smtpHost>{{ smtp_server }}</smtpHost>
+   <from>{{ noreply_email }}</from>
+   <to>{{ error_mail_to }}</to>
+   <subject>{{ error_subject_prefix }}Unexpected error oidc-playground</subject>
+   <layout class="ch.qos.logback.classic.html.HTMLLayout"/>
+
+   <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+     <level>ERROR</level>
+   </filter>
+ </appender>
+
+ <logger name="playground" level="INFO" />
+ <root level="WARN">
+   <appender-ref ref="EMAIL" />
+   <appender-ref ref="STDOUT" />
+ </root>
+
+</configuration>
diff --git a/roles/oidc-playground/templates/serverapplication.yml.j2 b/roles/oidc-playground/templates/serverapplication.yml.j2
new file mode 100644
index 000000000..ea3261872
--- /dev/null
+++ b/roles/oidc-playground/templates/serverapplication.yml.j2
@@ -0,0 +1,53 @@
+logging:
+  config: file:///logback.xml
+  level:
+    org.springframework.data.mongodb: INFO
+
+server:
+  # The port to where this Spring Boot application listens to.
+  port: 8080
+  server-header:
+  servlet:
+    # We serve from the root. Do not change this
+    context-path:
+  max-http-header-size: 10000000
+  tomcat:
+    max-http-post-size: 10000000
+
+management:
+  health:
+    mail:
+      enabled: false
+  endpoints:
+    web:
+      exposure:
+        include: "health,info"
+      base-path: "/internal"
+  endpoint:
+    info:
+      enabled: true
+  info:
+    git:
+      mode: full
+
+oidc:
+  discovery_endpoint: "{{ oidc_playground.discovery_endpoint }}"
+  client_id: "{{ oidc_playground.client_id }}"
+  secret: "{{ oidc_playground.secret }}"
+  jwt_secret: "{{ oidc_playground.jwt_secret }}"
+  resource_server_id: "{{ oidc_playground.resource_server_id }}"
+  resource_server_secret: "{{ oidc_playground.resource_server_secret }}"
+  redirect_uri: "https://oidc-playground.{{ base_domain }}/redirect"
+  redirect_uri_form_post: "https://oidc-playground.{{ base_domain }}/oidc/api/redirect"
+  client_redirect_uri: "https://oidc-playground.{{ base_domain }}/redirect"
+
+gui:
+  disclaimer:
+    background-color: "{{ environment_ribbon_colour }}"
+    content: "{{ environment_shortname }}"
+
+acr:
+  values:
+  {% for loa in [stepup_intrinsic_loa] + stepup_loa_values_supported + oidcng.acr_values_supported %}
+    - "{{ loa }}"
+  {% endfor %}