diff --git a/.travis.yml b/.travis.yml
index c33a23e..067445b 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,10 +6,11 @@ install:
 - pip install jmespath
 script:
 - ansible-playbook tests/write-inventory-files.yml
-- ansible-playbook -i tests/inventory tests/3scale-saas-with-hosted-apicast.yml
+- ansible-playbook -i tests/inventory tests/3scale-saas-with-hosted-apicast-apikey.yml
+- ansible-playbook -i tests/inventory tests/3scale-saas-with-hosted-apicast-oidc.yml
 env:
   global:
     # travis encrypt "THREESCALE_INVENTORY=$(yaml2json tests/3scale-inventory.yaml|base64)"
-    secure: "TjqtVqGqWneStstIfqlTDRvPPEF7UXQbVaBvR9/g7zDZuEyzui781I3jLlv8M72omLp1yUkEorAjbmBd7So2kIaS5kl9MkqyEaG5JonPMbhBxyos47hyQlKQ9OB31UZZaQFmurOamO/aa22zEw1w3sfjqKqn+U1fYxtEg3262TMjYx3rbgRhqNYEN35hO1VpUw6elRddyrirCTV66nyfE7GQ/PIhejnruPolCGVo/h+WInIBhEz5/BUb2vRCtGn5OhHH+WdIvAp8W2adB55hRfenPTSg7qQnrCyPFgSXkeFUL0H0xc6J/n2+cch9oDRzHoANyTeb0rmdbN/bvGN3bLrojYLGuZbIK6cjmpo14wJmUaPmxzL91z/IHszAqz5f1PlfGz2J+KVcoJf4R3/91ReuQFYClrz8Wf/RlSV2yqkknk34aCr03TWhSENwVRoP1pcO96emGC2mmX+Br0DzCLK9HWsyk1yQfC4YzxU0tjqYshLLcW5olxa7kU0Wn2L3Ju+F8pTnkKCSEsdHLDGKTHlzhQVhq1gvhspC2LZGr+3zyU5vCQ53PxUNusGzRRRMbNKr/VOB1xc/+CabRUGM42GZKKCz7wGkZPmPfeMe7NCcyRPvAQSP3PupQB+PbgOgOfC8vhHXGViPix7cd2WSwLTJ1yT1jgxBvjP7TTnRS1k="
+    secure: "YKSBZJonKq/RwBtrg1wrlbw9GUaQhY0LmbUpShIPMeD1DqLQtOz9OIijAP2Uvtnn5F8josyzyYeZoRz4HOWT6DNdbZoclIT86FdT9yp9pIBuKYqaGOMmdwhTl+BXudeTCAvuj4k6eNux24WY+AqWZoXgr4E0rRJQJyD/G7gn4CMDQmn+an+RK43nhkXgMYNm6SHbR3c3wBypdWJivfgvdBfJb2VY8Q3XXQNh+ivUNW5us4Sf+G+UsjbQKeTF6G1rz8FUxGc2tElWcc+6fXWDTWI1WkZVfNm7f6cGii7X22OBDgOkoUjUKeVj/vmpgp7uOSk3XiWIC+gNsT/cS9/6XzZCnfhGmPal3QP5hXnsP5gBfKYzy8zZEp9H8NLyGA8K7M0cZGuFDdxg0HnIyXNnn7Denjyt3TopFR9ENsNOEbBar8XEb4oZicRWrXC9O/Sse4rCm5vGffXt+lcoAuypmxhASDZKNKsQRXhG+JRMZ2ONB8QOdH22mQ+JEOhOFNtiY2O9eEQOdtU92B9vWYWOztSGZ8/+AQ729bCzOw7AfxtxUyYadFnEdibAeWsl+xnlAdwmo0sNoCTGBKFMXlyP/gmcE7NdCLqWS6MSM2u4ARuQt7IS29wwlRseaMUli69vp0SqvjT6lelx4bonLFi74treKIQVLoxqSQaiU7KVTr0="
 notifications:
   webhooks: https://galaxy.ansible.com/api/v1/notifications/
diff --git a/tests/3scale-saas-with-hosted-apicast.yml b/tests/3scale-saas-with-hosted-apicast-apikey.yml
similarity index 70%
rename from tests/3scale-saas-with-hosted-apicast.yml
rename to tests/3scale-saas-with-hosted-apicast-apikey.yml
index d7956ea..8ce8228 100644
--- a/tests/3scale-saas-with-hosted-apicast.yml
+++ b/tests/3scale-saas-with-hosted-apicast-apikey.yml
@@ -7,8 +7,8 @@
     threescale_cicd_openapi_file: '{{ playbook_dir }}/api/echo-api.yaml'
   roles:
   # Test first deployment
-  - { name: 'nmasse-itix.threescale-cicd', vars: { 'round': 1 } }
+  - { role: 'nmasse-itix.threescale-cicd', vars: { 'round': 1 } }
   # Verify idempotence
-  - { name: 'nmasse-itix.threescale-cicd', vars: { 'round': 2 } }
+  - { role: 'nmasse-itix.threescale-cicd', vars: { 'round': 2 } }
   post_tasks:
   - import_tasks: 'cleanup.yaml'
diff --git a/tests/3scale-saas-with-hosted-apicast-oidc.yml b/tests/3scale-saas-with-hosted-apicast-oidc.yml
new file mode 100644
index 0000000..3922ab9
--- /dev/null
+++ b/tests/3scale-saas-with-hosted-apicast-oidc.yml
@@ -0,0 +1,14 @@
+---
+
+- name: Deploy the Echo API to a 3scale SaaS instance, with hosted APIcasts and OpenID Connect
+  hosts: threescale
+  gather_facts: no
+  vars:
+    threescale_cicd_openapi_file: '{{ playbook_dir }}/api/echo-api-oidc.yaml'
+  roles:
+  # Test first deployment
+  - { role: 'nmasse-itix.threescale-cicd', vars: { 'round': 1 } }
+  # Verify idempotence
+  - { role: 'nmasse-itix.threescale-cicd', vars: { 'round': 2 } }
+  post_tasks:
+  - import_tasks: 'cleanup.yaml'
diff --git a/tests/api/echo-api-oidc.yaml b/tests/api/echo-api-oidc.yaml
new file mode 100644
index 0000000..a215662
--- /dev/null
+++ b/tests/api/echo-api-oidc.yaml
@@ -0,0 +1,37 @@
+swagger: '2.0'
+info:
+  x-threescale-system-name: 'echo-api-oidc'
+  title: 'Echo API'
+  description: 'A very simple API.'
+  contact:
+    name: 'Nicolas MASSE'
+    url: 'http://github.com/nmasse-itix'
+    email: nmasse@redhat.com
+  license:
+    name: 'MIT License'
+    url: 'https://opensource.org/licenses/MIT'
+  version: '1.0'
+host: 'echo-api.3scale.net'
+schemes:
+- http
+paths:
+  /:
+    get:
+      operationId: Echo
+      tags:
+        - echo
+      summary: 'Get an echo'
+      description: 'Get an echo from the server'
+      x-threescale-smoketests-operation: true
+      responses:
+        200:
+          description: 'An Echo from the server'
+security:
+- oidc:
+  - openid
+securityDefinitions:
+  oidc:
+    type: oauth2
+    flow: accessCode
+    scopes:
+      openid: Get an OpenID Connect token
diff --git a/tests/inventory.j2 b/tests/inventory.j2
index 05d95c5..57f98a2 100644
--- a/tests/inventory.j2
+++ b/tests/inventory.j2
@@ -6,3 +6,12 @@ ansible_connection=local
 
 [threescale:vars]
 threescale_cicd_access_token={{ threescale_inventory.threescale_hosted.access_token }}
+
+[sso]
+{{ threescale_inventory.sso.host }}
+
+[sso:vars]
+realm={{ threescale_inventory.sso.realm }}
+client_id={{ threescale_inventory.sso.client_id }}
+client_secret={{ threescale_inventory.sso.client_secret }}
+scheme=https