From e6745532ce8978d69ef742916381002933dd88e7 Mon Sep 17 00:00:00 2001
From: William DeCoste <bdecoste@gmail.com>
Date: Wed, 2 Sep 2015 09:05:54 -0700
Subject: [PATCH 01/35] KEYCLOAK-1779

---
 .../subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java
index 08dbdd7422..6cd1856ffe 100755
--- a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java
+++ b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java
@@ -67,7 +67,7 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
         // if secure-deployment configuration exists for web app, we force KEYCLOAK auth method on it
         // otherwise we only set up KEYCLOAK auth if it's requested through web.xml auth-method
         LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
-        if (!service.isSecureDeployment(deploymentName) && (loginConfig == null || !loginConfig.getAuthMethod().equalsIgnoreCase("KEYCLOAK"))) {
+        if (!service.isSecureDeployment(deploymentName) || loginConfig == null || !loginConfig.getAuthMethod().equalsIgnoreCase("KEYCLOAK")) {
             return;
         }
 

From b0095154d14710833d6b83921a850b8a7bfbbf7f Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Fri, 4 Sep 2015 14:11:54 +0200
Subject: [PATCH 02/35] KEYCLOAK-1779 NPE due to missing web.xml/jboss-web.xml
 - improved code readability and npe fix

---
 ...cloakAdapterConfigDeploymentProcessor.java | 35 +++++++++++--------
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java
index 6cd1856ffe..5891b4b802 100755
--- a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java
+++ b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigDeploymentProcessor.java
@@ -64,23 +64,28 @@ public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitP
 
         KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
 
-        // if secure-deployment configuration exists for web app, we force KEYCLOAK auth method on it
-        // otherwise we only set up KEYCLOAK auth if it's requested through web.xml auth-method
+        // otherwise
         LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
-        if (!service.isSecureDeployment(deploymentName) || loginConfig == null || !loginConfig.getAuthMethod().equalsIgnoreCase("KEYCLOAK")) {
-            return;
+
+        boolean hasSubsystemConfig = service.isSecureDeployment(deploymentName);
+        boolean webRequiresKC = loginConfig != null && "KEYCLOAK".equalsIgnoreCase(loginConfig.getAuthMethod());
+
+        if (hasSubsystemConfig || webRequiresKC) {
+            log.debug("Setting up KEYCLOAK auth method for WAR: " + deploymentName);
+
+            // if secure-deployment configuration exists for web app, we force KEYCLOAK auth method on it
+            if (hasSubsystemConfig) {
+                addJSONData(service.getJSON(deploymentName), warMetaData);
+                if (loginConfig != null) {
+                    loginConfig.setAuthMethod("KEYCLOAK");
+                    loginConfig.setRealmName(service.getRealmName(deploymentName));
+                } else {
+                    log.warn("Failed to set up KEYCLOAK auth method for WAR: " + deploymentName + " (loginConfig == null)");
+                }
+            }
+            addValve(webMetaData);
+            KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
         }
-
-        log.debug("Setting up KEYCLOAK auth method for WAR: " + deploymentName);
-        loginConfig.setAuthMethod("KEYCLOAK");
-
-        if (service.isSecureDeployment(deploymentName)) {
-            addJSONData(service.getJSON(deploymentName), warMetaData);
-            loginConfig.setRealmName(service.getRealmName(deploymentName));
-        }
-        addValve(webMetaData);
-
-        KeycloakLogger.ROOT_LOGGER.deploymentSecured(deploymentName);
     }
 
     private void addValve(JBossWebMetaData webMetaData) {

From 35e63a9398f27a96146dba964b8ac9de9007bc5f Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Fri, 4 Sep 2015 15:19:32 +0200
Subject: [PATCH 03/35] KEYCLOAK-1801 Additional fix and cleanup

---
 .../theme/base/admin/resources/js/app.js      |  3 +
 .../admin/resources/js/controllers/clients.js | 69 ++++++++-----------
 .../theme/base/admin/resources/js/loaders.js  |  5 +-
 .../theme/base/admin/resources/js/services.js |  5 +-
 .../partials/client-credentials-generic.html  | 22 +++---
 .../ClientAuthenticatorFactory.java           |  7 --
 .../ClientIdAndSecretAuthenticator.java       |  5 --
 .../client/JWTClientAuthenticator.java        |  5 --
 .../AuthenticationManagementResource.java     | 34 +++++----
 .../forms/PassThroughClientAuthenticator.java |  5 --
 10 files changed, 65 insertions(+), 95 deletions(-)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
index 7819f8b2cf..903131d0d1 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/app.js
@@ -638,6 +638,9 @@ module.config([ '$routeProvider', function($routeProvider) {
                 },
                 clientAuthenticatorProviders : function(ClientAuthenticatorProvidersLoader) {
                     return ClientAuthenticatorProvidersLoader();
+                },
+                clientConfigProperties: function(PerClientAuthenticationConfigDescriptionLoader) {
+                    return PerClientAuthenticationConfigDescriptionLoader();
                 }
             },
             controller : 'ClientCredentialsCtrl'
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
index 46f6c9a494..ae334e73c6 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/clients.js
@@ -30,39 +30,12 @@ module.controller('ClientRoleListCtrl', function($scope, $location, realm, clien
     });
 });
 
-module.controller('ClientCredentialsCtrl', function($scope, $location, realm, client, clientAuthenticatorProviders, Client) {
+module.controller('ClientCredentialsCtrl', function($scope, $location, realm, client, clientAuthenticatorProviders, clientConfigProperties, Client) {
     $scope.realm = realm;
     $scope.client = angular.copy(client);
     $scope.clientAuthenticatorProviders = clientAuthenticatorProviders;
 
-    var updateConfigButtonVisibility = function() {
-        for (var i=0 ; i<clientAuthenticatorProviders.length ; i++) {
-            var authenticator = clientAuthenticatorProviders[i];
-            if ($scope.client.clientAuthenticatorType === authenticator.id) {
-                $scope.configButtonVisible = authenticator.configurablePerClient;
-            }
-        }
-    };
-    updateConfigButtonVisibility();
-
-    $scope.$watch('client', function() {
-        if (!angular.equals($scope.client, client)) {
-
-            console.log("Update client credentials!");
-
-            Client.update({
-                realm : realm.realm,
-                client : client.id
-            }, $scope.client, function() {
-                $scope.changed = false;
-                client = angular.copy($scope.client);
-                updateConfigButtonVisibility();
-            });
-
-        }
-    }, true);
-
-    $scope.$watch('client.clientAuthenticatorType', function(val) {
+    var updateCurrentPartial = function(val) {
         $scope.clientAuthenticatorConfigPartial;
         switch(val) {
             case 'client-secret':
@@ -72,14 +45,28 @@ module.controller('ClientCredentialsCtrl', function($scope, $location, realm, cl
                 $scope.clientAuthenticatorConfigPartial = 'client-credentials-jwt.html';
                 break;
             default:
+                $scope.currentAuthenticatorConfigProperties = clientConfigProperties[val];
                 $scope.clientAuthenticatorConfigPartial = 'client-credentials-generic.html';
                 break;
         }
-    });
+    };
 
-    $scope.configureAuthenticator = function() {
-        $location.url("/realms/" + realm.realm + "/clients/" + client.id + "/credentials/" + client.clientAuthenticatorType);
-    }
+    updateCurrentPartial(client.clientAuthenticatorType);
+
+    $scope.$watch('client.clientAuthenticatorType', function() {
+        if (!angular.equals($scope.client.clientAuthenticatorType, client.clientAuthenticatorType)) {
+
+            Client.update({
+                realm : realm.realm,
+                client : client.id
+            }, $scope.client, function() {
+                $scope.changed = false;
+                client = angular.copy($scope.client);
+                updateCurrentPartial(client.clientAuthenticatorType)
+            });
+
+        }
+    }, true);
 
 });
 
@@ -134,17 +121,15 @@ module.controller('ClientSignedJWTCtrl', function($scope, $location, ClientCerti
     };
 });
 
-module.controller('ClientGenericCredentialsCtrl', function($scope, $location, realm, client, clientConfigProperties, Client, Notifications) {
+module.controller('ClientGenericCredentialsCtrl', function($scope, $location, Client, Notifications) {
 
     console.log('ClientGenericCredentialsCtrl invoked');
 
-    $scope.realm = realm;
-    $scope.client = angular.copy(client);
-    $scope.clientConfigProperties = clientConfigProperties;
+    $scope.clientCopy = angular.copy($scope.client);
     $scope.changed = false;
 
     $scope.$watch('client', function() {
-        if (!angular.equals($scope.client, client)) {
+        if (!angular.equals($scope.client, $scope.clientCopy)) {
             $scope.changed = true;
         }
     }, true);
@@ -152,17 +137,17 @@ module.controller('ClientGenericCredentialsCtrl', function($scope, $location, re
     $scope.save = function() {
 
         Client.update({
-            realm : realm.realm,
-            client : client.id
+            realm : $scope.realm.realm,
+            client : $scope.client.id
         }, $scope.client, function() {
             $scope.changed = false;
-            client = angular.copy($scope.client);
+            $scope.clientCopy = angular.copy($scope.client);
             Notifications.success("Client authentication configuration has been saved to the client.");
         });
     };
 
     $scope.reset = function() {
-        $scope.client = angular.copy(client);
+        $scope.client = angular.copy($scope.clientCopy);
         $scope.changed = false;
     };
 });
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/loaders.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/loaders.js
index 3053df5895..6b09bc1999 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/loaders.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/loaders.js
@@ -419,10 +419,9 @@ module.factory('AuthenticationConfigDescriptionLoader', function(Loader, Authent
 });
 
 module.factory('PerClientAuthenticationConfigDescriptionLoader', function(Loader, PerClientAuthenticationConfigDescription, $route, $q) {
-    return Loader.query(PerClientAuthenticationConfigDescription, function () {
+    return Loader.get(PerClientAuthenticationConfigDescription, function () {
         return {
-            realm: $route.current.params.realm,
-            provider: $route.current.params.provider
+            realm: $route.current.params.realm
         }
     });
 });
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
index 5a08582c82..e8c93d6240 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
@@ -1258,9 +1258,8 @@ module.factory('AuthenticationConfigDescription', function($resource) {
     });
 });
 module.factory('PerClientAuthenticationConfigDescription', function($resource) {
-    return $resource(authUrl + '/admin/realms/:realm/authentication/per-client-config-description/:provider', {
-        realm : '@realm',
-        provider: '@provider'
+    return $resource(authUrl + '/admin/realms/:realm/authentication/per-client-config-description', {
+        realm : '@realm'
     });
 });
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-generic.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-generic.html
index c7595dd54b..e249914ce0 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-generic.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-generic.html
@@ -1,12 +1,14 @@
-<form class="form-horizontal" name="credentialForm" novalidate kc-read-only="!access.manageClients" data-ng-show="client.attributes.length > 0">
-    <fieldset>
-        <kc-provider-config realm="realm" config="client.attributes" properties="clientConfigProperties"></kc-provider-config>
-    </fieldset>
+<div>
+    <form class="form-horizontal" name="credentialForm" novalidate kc-read-only="!access.manageClients" data-ng-show="currentAuthenticatorConfigProperties.length > 0" data-ng-controller="ClientGenericCredentialsCtrl">
+        <fieldset>
+            <kc-provider-config realm="realm" config="client.attributes" properties="currentAuthenticatorConfigProperties"></kc-provider-config>
+        </fieldset>
 
-    <div class="form-group">
-        <div class="col-md-10 col-md-offset-2" data-ng-show="access.manageClients">
-            <button kc-save  data-ng-disabled="!changed">Save</button>
-            <button kc-reset data-ng-disabled="!changed">Cancel</button>
+        <div class="form-group">
+            <div class="col-md-10 col-md-offset-2" data-ng-show="access.manageClients">
+                <button kc-save  data-ng-disabled="!changed">Save</button>
+                <button kc-reset data-ng-disabled="!changed">Cancel</button>
+            </div>
         </div>
-    </div>
-</form>
\ No newline at end of file
+    </form>
+</div>
\ No newline at end of file
diff --git a/services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java b/services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java
index 338f9801b2..08321ea922 100644
--- a/services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java
+++ b/services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java
@@ -25,13 +25,6 @@ public interface ClientAuthenticatorFactory extends ProviderFactory<ClientAuthen
     @Override
     boolean isConfigurable();
 
-    /**
-     * Is this authenticator configurable per client? The configuration will be in "Clients" / "Credentials" tab in admin console
-     *
-     * @return
-     */
-    boolean isConfigurablePerClient();
-
     /**
      * List of config properties for this client implementation. Those will be shown in admin console in clients credentials tab and can be configured per client.
      * Applicable only if "isConfigurablePerClient" is true
diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
index b4917ece33..a30ecbd313 100644
--- a/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
@@ -127,11 +127,6 @@ public class ClientIdAndSecretAuthenticator extends AbstractClientAuthenticator
         return false;
     }
 
-    @Override
-    public boolean isConfigurablePerClient() {
-        return true;
-    }
-
     @Override
     public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
         return REQUIREMENT_CHOICES;
diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
index 48336a9ed2..4bb2f4f624 100644
--- a/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
@@ -144,11 +144,6 @@ public class JWTClientAuthenticator extends AbstractClientAuthenticator {
         return false;
     }
 
-    @Override
-    public boolean isConfigurablePerClient() {
-        return true;
-    }
-
     @Override
     public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
         return REQUIREMENT_CHOICES;
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
index 84ccb7deb7..0bb2e11866 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
@@ -211,11 +211,6 @@ public class AuthenticationManagementResource {
             data.put("description", configured.getHelpText());
             data.put("displayName", configured.getDisplayType());
 
-            if (configured instanceof ClientAuthenticatorFactory) {
-                ClientAuthenticatorFactory configuredClient = (ClientAuthenticatorFactory) configured;
-                data.put("configurablePerClient", configuredClient.isConfigurablePerClient());
-            }
-
             providers.add(data);
         }
         return providers;
@@ -894,21 +889,30 @@ public class AuthenticationManagementResource {
     }
 
 
-    @Path("per-client-config-description/{providerId}")
+    @Path("per-client-config-description")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
     @NoCache
-    public List<ConfigPropertyRepresentation> getPerClientConfigDescription(@PathParam("providerId") String providerId) {
+    public Map<String, List<ConfigPropertyRepresentation>> getPerClientConfigDescription() {
         this.auth.requireView();
-        ConfigurableAuthenticatorFactory factory = CredentialHelper.getConfigurableAuthenticatorFactory(session, providerId);
-        ClientAuthenticatorFactory clientAuthFactory = (ClientAuthenticatorFactory) factory;
-        List<ProviderConfigProperty> perClientConfigProps = clientAuthFactory.getConfigPropertiesPerClient();
-        List<ConfigPropertyRepresentation> result = new LinkedList<>();
-        for (ProviderConfigProperty prop : perClientConfigProps) {
-            ConfigPropertyRepresentation propRep = getConfigPropertyRep(prop);
-            result.add(propRep);
+        List<ProviderFactory> factories = session.getKeycloakSessionFactory().getProviderFactories(ClientAuthenticator.class);
+
+        Map<String, List<ConfigPropertyRepresentation>> toReturn = new HashMap<>();
+        for (ProviderFactory clientAuthenticatorFactory : factories) {
+            String providerId = clientAuthenticatorFactory.getId();
+            ConfigurableAuthenticatorFactory factory = CredentialHelper.getConfigurableAuthenticatorFactory(session, providerId);
+            ClientAuthenticatorFactory clientAuthFactory = (ClientAuthenticatorFactory) factory;
+            List<ProviderConfigProperty> perClientConfigProps = clientAuthFactory.getConfigPropertiesPerClient();
+            List<ConfigPropertyRepresentation> result = new LinkedList<>();
+            for (ProviderConfigProperty prop : perClientConfigProps) {
+                ConfigPropertyRepresentation propRep = getConfigPropertyRep(prop);
+                result.add(propRep);
+            }
+
+            toReturn.put(providerId, result);
         }
-        return result;
+
+        return toReturn;
     }
 
     @Path("config")
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java
index 0c35b7569c..f45792055e 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java
@@ -68,11 +68,6 @@ public class PassThroughClientAuthenticator extends AbstractClientAuthenticator
         return false;
     }
 
-    @Override
-    public boolean isConfigurablePerClient() {
-        return true;
-    }
-
     @Override
     public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
         return REQUIREMENT_CHOICES;

From f3675681c3d4422f2ad2c69d59695102eca1a7b8 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 4 Sep 2015 16:55:32 +0200
Subject: [PATCH 04/35] KEYCLOAK-1804 Replace -snapshot with startup time in
 resource urls

---
 core/src/main/java/org/keycloak/Version.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/core/src/main/java/org/keycloak/Version.java b/core/src/main/java/org/keycloak/Version.java
index 88168437ef..2ba5b9b458 100755
--- a/core/src/main/java/org/keycloak/Version.java
+++ b/core/src/main/java/org/keycloak/Version.java
@@ -1,6 +1,7 @@
 package org.keycloak;
 
 import org.codehaus.jackson.annotate.JsonProperty;
+import org.keycloak.util.Time;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -28,6 +29,9 @@ public class Version {
             VERSION = props.getProperty("version");
             BUILD_TIME = props.getProperty("build-time");
             RESOURCES_VERSION = VERSION.toLowerCase();
+            if (RESOURCES_VERSION.endsWith("-snapshot")) {
+                RESOURCES_VERSION = RESOURCES_VERSION.replace("-snapshot", "-" + Time.currentTime());
+            }
         } catch (IOException e) {
             VERSION=UNKNOWN;
             BUILD_TIME=UNKNOWN;

From 81f4c50574173ba5161e2b782dd9d24b73cb64a0 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Fri, 4 Sep 2015 22:22:56 +0200
Subject: [PATCH 05/35] KEYCLOAK-1799 Download adapter JSON config with proper
 adapter

---
 .../ClientAuthenticatorFactory.java             | 10 ++++++++++
 .../client/ClientIdAndSecretAuthenticator.java  | 10 ++++++++++
 .../client/JWTClientAuthenticator.java          | 17 +++++++++++++++++
 .../services/managers/ClientManager.java        | 16 +++++++++-------
 .../forms/PassThroughClientAuthenticator.java   | 13 +++++++++++++
 5 files changed, 59 insertions(+), 7 deletions(-)

diff --git a/services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java b/services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java
index 08321ea922..4b4c100f2e 100644
--- a/services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java
+++ b/services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java
@@ -1,7 +1,9 @@
 package org.keycloak.authentication;
 
 import java.util.List;
+import java.util.Map;
 
+import org.keycloak.models.ClientModel;
 import org.keycloak.provider.ProviderConfigProperty;
 import org.keycloak.provider.ProviderFactory;
 
@@ -33,4 +35,12 @@ public interface ClientAuthenticatorFactory extends ProviderFactory<ClientAuthen
      */
     List<ProviderConfigProperty> getConfigPropertiesPerClient();
 
+    /**
+     * Get configuration, which needs to be used for adapter ( keycloak.json ) of particular client. Some implementations
+     * may return just template and user needs to edit the values according to his environment (For example fill the location of keystore file)
+     *
+     * @return
+     */
+    Map<String, Object> getAdapterConfiguration(ClientModel client);
+
 }
diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
index a30ecbd313..e86e68e10e 100644
--- a/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
@@ -1,8 +1,10 @@
 package org.keycloak.authentication.authenticators.client;
 
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
@@ -20,6 +22,7 @@ import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.provider.ProviderConfigProperty;
+import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.util.BasicAuthHelper;
 
 /**
@@ -148,6 +151,13 @@ public class ClientIdAndSecretAuthenticator extends AbstractClientAuthenticator
         return Collections.emptyList();
     }
 
+    @Override
+    public Map<String, Object> getAdapterConfiguration(ClientModel client) {
+        Map<String, Object> result = new HashMap<>();
+        result.put(CredentialRepresentation.SECRET, client.getSecret());
+        return result;
+    }
+
     @Override
     public String getId() {
         return PROVIDER_ID;
diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
index 4bb2f4f624..bb87e34dc0 100644
--- a/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
@@ -3,8 +3,10 @@ package org.keycloak.authentication.authenticators.client;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
@@ -165,6 +167,21 @@ public class JWTClientAuthenticator extends AbstractClientAuthenticator {
         return Collections.emptyList();
     }
 
+    @Override
+    public Map<String, Object> getAdapterConfiguration(ClientModel client) {
+        Map<String, Object> props = new HashMap<>();
+        props.put("client-keystore-file", "REPLACE WITH THE LOCATION OF YOUR KEYSTORE FILE");
+        props.put("client-keystore-type", "jks");
+        props.put("client-keystore-password", "REPLACE WITH THE KEYSTORE PASSWORD");
+        props.put("client-key-password", "REPLACE WITH THE KEY PASSWORD IN KEYSTORE");
+        props.put("client-key-alias", client.getClientId());
+        props.put("token-timeout", 10);
+
+        Map<String, Object> config = new HashMap<>();
+        config.put("jwt", props);
+        return config;
+    }
+
     @Override
     public String getId() {
         return PROVIDER_ID;
diff --git a/services/src/main/java/org/keycloak/services/managers/ClientManager.java b/services/src/main/java/org/keycloak/services/managers/ClientManager.java
index 1b5a4e88b0..fbf530b36f 100755
--- a/services/src/main/java/org/keycloak/services/managers/ClientManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ClientManager.java
@@ -3,6 +3,8 @@ package org.keycloak.services.managers;
 import org.codehaus.jackson.annotate.JsonProperty;
 import org.codehaus.jackson.annotate.JsonPropertyOrder;
 import org.jboss.logging.Logger;
+import org.keycloak.authentication.ClientAuthenticator;
+import org.keycloak.authentication.ClientAuthenticatorFactory;
 import org.keycloak.constants.ServiceAccountConstants;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.ProtocolMapperModel;
@@ -156,7 +158,7 @@ public class ClientManager {
         @JsonProperty("public-client")
         protected Boolean publicClient;
         @JsonProperty("credentials")
-        protected Map<String, String> credentials;
+        protected Map<String, Object> credentials;
 
         public Boolean isUseResourceRoleMappings() {
             return useResourceRoleMappings;
@@ -174,11 +176,11 @@ public class ClientManager {
             this.resource = resource;
         }
 
-        public Map<String, String> getCredentials() {
+        public Map<String, Object> getCredentials() {
             return credentials;
         }
 
-        public void setCredentials(Map<String, String> credentials) {
+        public void setCredentials(Map<String, Object> credentials) {
             this.credentials = credentials;
         }
 
@@ -214,10 +216,10 @@ public class ClientManager {
         rep.setResource(clientModel.getClientId());
 
         if (!clientModel.isBearerOnly() && !clientModel.isPublicClient()) {
-            Map<String, String> creds = new HashMap<String, String>();
-            String cred = clientModel.getSecret();
-            creds.put(CredentialRepresentation.SECRET, cred);
-            rep.setCredentials(creds);
+            String clientAuthenticator = clientModel.getClientAuthenticatorType();
+            ClientAuthenticatorFactory authenticator = (ClientAuthenticatorFactory) realmManager.getSession().getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, clientAuthenticator);
+            Map<String, Object> adapterConfig = authenticator.getAdapterConfiguration(clientModel);
+            rep.setCredentials(adapterConfig);
         }
 
         return rep;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java
index f45792055e..1e2b50a451 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java
@@ -1,8 +1,10 @@
 package org.keycloak.testsuite.forms;
 
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 
 import org.keycloak.authentication.AuthenticationFlowError;
 import org.keycloak.authentication.ClientAuthenticationFlowContext;
@@ -88,6 +90,17 @@ public class PassThroughClientAuthenticator extends AbstractClientAuthenticator
         return clientConfigProperties;
     }
 
+    @Override
+    public Map<String, Object> getAdapterConfiguration(ClientModel client) {
+        Map<String, Object> props = new HashMap<>();
+        props.put("foo", "some foo value");
+        props.put("bar", true);
+
+        Map<String, Object> config = new HashMap<>();
+        config.put("dummy", props);
+        return config;
+    }
+
     @Override
     public String getId() {
         return PROVIDER_ID;

From f6ec9af61ef4b6384fea6aa02a5e19bea8c40a7b Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Mon, 7 Sep 2015 09:33:34 +0200
Subject: [PATCH 06/35] KEYCLOAK-1805 address theme causes exception for login
 theme

---
 .../main/resources/theme/address/login/login-update-profile.ftl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/themes/src/main/resources/theme/address/login/login-update-profile.ftl b/examples/themes/src/main/resources/theme/address/login/login-update-profile.ftl
index 8be620d18f..e02a340405 100755
--- a/examples/themes/src/main/resources/theme/address/login/login-update-profile.ftl
+++ b/examples/themes/src/main/resources/theme/address/login/login-update-profile.ftl
@@ -5,7 +5,7 @@
     <#elseif section = "header">
         ${msg("loginProfileTitle")}
     <#elseif section = "form">
-        <form id="kc-update-profile-form" class="${properties.kcFormClass!}" action="${url.loginUpdateProfileUrl}" method="post">
+        <form id="kc-update-profile-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
             <div class="${properties.kcFormGroupClass!} ${messagesPerField.printIfExists('email',properties.kcFormGroupErrorClass!)}">
                 <div class="${properties.kcLabelWrapperClass!}">
                     <label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>

From dca1751a63eb2b0b266b8c818771f17fc2bd96b5 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Mon, 7 Sep 2015 09:40:34 +0200
Subject: [PATCH 07/35] KEYCLOAK-1812 View user attributes in admin console
 doesn't work

---
 .../theme/base/admin/resources/partials/user-attributes.html    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-attributes.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-attributes.html
index 542431dcf6..9713a80639 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-attributes.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-attributes.html
@@ -16,7 +16,7 @@
             </tr>
             </thead>
             <tbody>
-            <tr ng-repeat="(key, value) in (user.attributes | filter:search)">
+            <tr ng-repeat="(key, value) in user.attributes">
                 <td>{{key}}</td>
                 <td><input ng-model="user.attributes[key]" class="form-control" type="text" name="{{key}}" id="attribute-{{key}}" /></td>
                 <td class="kc-action-cell">

From 5a3938d12f203ca11a8244db9514159c522d6a64 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Mon, 7 Sep 2015 09:59:32 +0200
Subject: [PATCH 08/35] KEYCLOAK-1806 oauth-client example fails if you say no
 to grant

---
 .../third-party/src/main/webapp/WEB-INF/web.xml             | 6 ++++++
 .../demo-template/third-party/src/main/webapp/error.jsp     | 1 +
 2 files changed, 7 insertions(+)
 create mode 100644 examples/demo-template/third-party/src/main/webapp/error.jsp

diff --git a/examples/demo-template/third-party/src/main/webapp/WEB-INF/web.xml b/examples/demo-template/third-party/src/main/webapp/WEB-INF/web.xml
index 958839db9f..9e72e01e90 100755
--- a/examples/demo-template/third-party/src/main/webapp/WEB-INF/web.xml
+++ b/examples/demo-template/third-party/src/main/webapp/WEB-INF/web.xml
@@ -9,6 +9,12 @@
     <listener>
         <listener-class>org.keycloak.example.oauth.Bootstrap</listener-class>
     </listener>
+
+    <error-page>
+        <exception-type>java.lang.RuntimeException</exception-type>
+        <location>/error.jsp</location>
+    </error-page>
+
     <!--
     <security-constraint>
         <web-resource-collection>
diff --git a/examples/demo-template/third-party/src/main/webapp/error.jsp b/examples/demo-template/third-party/src/main/webapp/error.jsp
new file mode 100644
index 0000000000..7c17686909
--- /dev/null
+++ b/examples/demo-template/third-party/src/main/webapp/error.jsp
@@ -0,0 +1 @@
+An error occurred. Click <a href="index.html"> to try again.
\ No newline at end of file

From 931102ff26ac76ffdd72ec303861fcf266f5c04d Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Mon, 7 Sep 2015 10:08:32 +0200
Subject: [PATCH 09/35] KEYCLOAK-1808 Revoke Grant button should disappear

---
 .../src/main/resources/theme/base/account/applications.ftl  | 2 +-
 .../java/org/keycloak/testsuite/oauth/OAuthGrantTest.java   | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/forms/common-themes/src/main/resources/theme/base/account/applications.ftl b/forms/common-themes/src/main/resources/theme/base/account/applications.ftl
index 27b916b363..4e01c02d64 100755
--- a/forms/common-themes/src/main/resources/theme/base/account/applications.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/account/applications.ftl
@@ -76,7 +76,7 @@
                     </td>
 
                     <td>
-                        <#if application.client.consentRequired>
+                        <#if application.client.consentRequired && application.claimsGranted?has_content>
                             <button type='submit' class='${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!}' id='revoke-${application.client.clientId}' name='clientId' value="${application.client.id}">${msg("revoke")}</button>
                         </#if>
                     </td>
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
index 5b71fd5bec..236330559e 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
@@ -49,6 +49,7 @@ import org.keycloak.testsuite.pages.OAuthGrantPage;
 import org.keycloak.testsuite.rule.KeycloakRule;
 import org.keycloak.testsuite.rule.WebResource;
 import org.keycloak.testsuite.rule.WebRule;
+import org.openqa.selenium.By;
 import org.openqa.selenium.WebDriver;
 
 import java.io.IOException;
@@ -130,10 +131,15 @@ public class OAuthGrantTest {
         events.expectCodeToToken(codeId, loginEvent.getSessionId()).client("third-party").assertEvent();
 
         accountAppsPage.open();
+
+        assertEquals(1, driver.findElements(By.id("revoke-third-party")).size());
+
         accountAppsPage.revokeGrant("third-party");
 
         events.expect(EventType.REVOKE_GRANT)
                 .client("account").detail(Details.REVOKED_CLIENT, "third-party").assertEvent();
+
+        assertEquals(0, driver.findElements(By.id("revoke-third-party")).size());
     }
 
     @Test

From 3d2acbe7808b9c25816a01645dee77b5c3592bd5 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Mon, 7 Sep 2015 13:02:52 +0200
Subject: [PATCH 10/35] KEYCLOAK-1816 LocaleHelper prints info 'Locale en is
 not supported'

---
 .../java/org/keycloak/freemarker/LocaleHelper.java | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/forms/common-freemarker/src/main/java/org/keycloak/freemarker/LocaleHelper.java b/forms/common-freemarker/src/main/java/org/keycloak/freemarker/LocaleHelper.java
index fc249d56bf..9f1aafe4e4 100644
--- a/forms/common-freemarker/src/main/java/org/keycloak/freemarker/LocaleHelper.java
+++ b/forms/common-freemarker/src/main/java/org/keycloak/freemarker/LocaleHelper.java
@@ -18,8 +18,6 @@ public class LocaleHelper {
     public static final String UI_LOCALES_PARAM = "ui_locales";
     public static final String KC_LOCALE_PARAM = "kc_locale";
 
-    private final static Logger LOGGER = Logger.getLogger(LocaleHelper.class);
-
     public static Locale getLocale(RealmModel realm, UserModel user) {
         return getLocale(realm, user, null, null);
     }
@@ -38,8 +36,6 @@ public class LocaleHelper {
                     user.setSingleAttribute(UserModel.LOCALE, locale.toLanguageTag());
                 }
                 return locale;
-            }else{
-                LOGGER.infof("Locale %s is not supported.", localeString);
             }
         }
          
@@ -52,8 +48,6 @@ public class LocaleHelper {
                     user.setSingleAttribute(UserModel.LOCALE, locale.toLanguageTag());
                 }
                 return locale;
-            }else{
-                LOGGER.infof("Locale %s is not supported.", localeString);
             }
         }
 
@@ -64,8 +58,6 @@ public class LocaleHelper {
             if(locale != null){
 
                 return locale;
-            }else{
-                LOGGER.infof("Locale %s is not supported.", localeString);
             }
         }
 
@@ -75,8 +67,6 @@ public class LocaleHelper {
             Locale locale =  findLocale(realm.getSupportedLocales(), localeString.split(" "));
             if(locale != null){
                 return locale;
-            }else{
-                LOGGER.infof("Locale %s is not supported.", localeString);
             }
         }
 
@@ -87,8 +77,6 @@ public class LocaleHelper {
                 Locale locale =  findLocale(realm.getSupportedLocales(), localeString);
                 if(locale != null){
                     return locale;
-                }else{
-                    LOGGER.infof("Locale %s is not supported.", localeString);
                 }
             }
         }
@@ -109,8 +97,6 @@ public class LocaleHelper {
         builder.cookie(new NewCookie(LocaleHelper.LOCALE_COOKIE, locale.toLanguageTag(), path, null, null, 31536000, secure));
     }
 
-
-
     public static Locale findLocale(Set<String> supportedLocales, String ... localeStrings) {
         for(String localeString : localeStrings){
             Locale result = null;

From 050c65a52003deb07216df539d9ca82b3917a963 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Mon, 7 Sep 2015 18:26:10 +0200
Subject: [PATCH 11/35] KEYCLOAK-1811 Pluggable client authentication config
 through adapter subsystem

---
 .../JWTClientCredentialsProvider.java         | 21 ++++-
 .../as7/KeycloakAdapterConfigService.java     | 14 +++-
 .../as7/KeycloakSubsystemParser.java          | 81 +++++++++++++++++--
 .../main/resources/schema/keycloak_1_1.xsd    | 13 ++-
 .../KeycloakAdapterConfigService.java         | 14 +++-
 .../extension/KeycloakSubsystemParser.java    | 81 +++++++++++++++++--
 .../resources/schema/wildfly-keycloak_1_1.xsd | 13 ++-
 .../extension/SubsystemParsingTestCase.java   | 38 ++++++++-
 .../subsystem/wf8/extension/keycloak-1.1.xml  |  4 +-
 .../KeycloakAdapterConfigService.java         | 14 +++-
 .../extension/KeycloakSubsystemParser.java    | 81 +++++++++++++++++--
 .../resources/schema/wildfly-keycloak_1_1.xsd | 11 ++-
 .../extension/SubsystemParsingTestCase.java   | 37 ++++++++-
 .../adapter/extension/keycloak-1.1.xml        |  4 +-
 .../services/managers/ClientManager.java      | 43 ++++++++--
 15 files changed, 418 insertions(+), 51 deletions(-)

diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/JWTClientCredentialsProvider.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/JWTClientCredentialsProvider.java
index 6503e678d9..d68c7cb8e7 100644
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/JWTClientCredentialsProvider.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/JWTClientCredentialsProvider.java
@@ -51,7 +51,7 @@ public class JWTClientCredentialsProvider implements ClientCredentialsProvider {
         }
 
         String clientKeystoreType = (String) cfg.get("client-keystore-type");
-        KeystoreUtil.KeystoreFormat clientKeystoreFormat = clientKeystoreType==null ? KeystoreUtil.KeystoreFormat.JKS : Enum.valueOf(KeystoreUtil.KeystoreFormat.class, clientKeystoreType);
+        KeystoreUtil.KeystoreFormat clientKeystoreFormat = clientKeystoreType==null ? KeystoreUtil.KeystoreFormat.JKS : Enum.valueOf(KeystoreUtil.KeystoreFormat.class, clientKeystoreType.toUpperCase());
 
         String clientKeystorePassword =  (String) cfg.get("client-keystore-password");
         if (clientKeystorePassword == null) {
@@ -69,8 +69,23 @@ public class JWTClientCredentialsProvider implements ClientCredentialsProvider {
         }
         this.privateKey = KeystoreUtil.loadPrivateKeyFromKeystore(clientKeystoreFile, clientKeystorePassword, clientKeyPassword, clientKeyAlias, clientKeystoreFormat);
 
-        Integer tokenExp = (Integer) cfg.get("token-timeout");
-        this.tokenTimeout = (tokenExp==null) ? 10 : tokenExp;
+        this.tokenTimeout = asInt(cfg, "token-timeout", 10);
+    }
+
+    // TODO: Generic method for this?
+    private Integer asInt(Map<String, Object> cfg, String cfgKey, int defaultValue) {
+        Object cfgObj = cfg.get(cfgKey);
+        if (cfgObj == null) {
+            return defaultValue;
+        }
+
+        if (cfgObj instanceof String) {
+            return Integer.parseInt(cfgObj.toString());
+        } else if (cfgObj instanceof Number) {
+            return ((Number) cfgObj).intValue();
+        } else {
+            throw new IllegalArgumentException("Can't parse " + cfgKey + " from the config. Value is " + cfgObj);
+        }
     }
 
     @Override
diff --git a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java
index af9e74fa88..845da8ed36 100755
--- a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java
+++ b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakAdapterConfigService.java
@@ -85,7 +85,19 @@ public final class KeycloakAdapterConfigService {
         }
 
         String credentialName = credentialNameFromOp(operation);
-        credentials.get(credentialName).set(model.get("value").asString());
+        if (!credentialName.contains(".")) {
+            credentials.get(credentialName).set(model.get("value").asString());
+        } else {
+            String[] parts = credentialName.split("\\.");
+            String provider = parts[0];
+            String property = parts[1];
+            ModelNode credential = credentials.get(provider);
+            if (!credential.isDefined()) {
+                credential = new ModelNode();
+            }
+            credential.get(property).set(model.get("value").asString());
+            credentials.set(provider, credential);
+        }
 
         ModelNode deployment = this.secureDeployments.get(deploymentNameFromOp(operation));
         deployment.get(CREDENTIALS_JSON_NAME).set(credentials);
diff --git a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java
index 5c61e55e58..42b3996063 100755
--- a/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java
+++ b/integration/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java
@@ -34,7 +34,10 @@ import javax.xml.stream.XMLStreamConstants;
 import javax.xml.stream.XMLStreamException;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map;
 
 /**
  * The subsystem parser, which uses stax to read and write to and from xml
@@ -125,12 +128,48 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
 
     public void readCredential(XMLExtendedStreamReader reader, PathAddress parent, List<ModelNode> credentialsToAdd) throws XMLStreamException {
         String name = readNameAttribute(reader);
+
+        Map<String, String> values = new HashMap<>();
+        String textValue = null;
+        while (reader.hasNext()) {
+            int next = reader.next();
+            if (next == CHARACTERS) {
+                // text value of credential element (like for "secret" )
+                String text = reader.getText();
+                if (text == null || text.trim().isEmpty()) {
+                    continue;
+                }
+                textValue = text;
+            } else if (next == START_ELEMENT) {
+                String key = reader.getLocalName();
+                reader.next();
+                String value = reader.getText();
+                reader.next();
+
+                values.put(key, value);
+            } else if (next == END_ELEMENT) {
+                break;
+            }
+        }
+
+        if (textValue != null) {
+            ModelNode addCredential = getCredentialToAdd(parent, name, textValue);
+            credentialsToAdd.add(addCredential);
+        } else {
+            for (Map.Entry<String, String> entry : values.entrySet()) {
+                ModelNode addCredential = getCredentialToAdd(parent, name + "." + entry.getKey(), entry.getValue());
+                credentialsToAdd.add(addCredential);
+            }
+        }
+    }
+
+    private ModelNode getCredentialToAdd(PathAddress parent, String name, String value) {
         ModelNode addCredential = new ModelNode();
         addCredential.get(ModelDescriptionConstants.OP).set(ModelDescriptionConstants.ADD);
         PathAddress addr = PathAddress.pathAddress(parent, PathElement.pathElement(CredentialDefinition.TAG_NAME, name));
         addCredential.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
-        addCredential.get(CredentialDefinition.VALUE.getName()).set(reader.getElementText());
-        credentialsToAdd.add(addCredential);
+        addCredential.get(CredentialDefinition.VALUE.getName()).set(value);
+        return addCredential;
     }
 
     // expects that the current tag will have one single attribute called "name"
@@ -199,11 +238,43 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
     }
 
     private void writeCredentials(XMLExtendedStreamWriter writer, ModelNode credentials) throws XMLStreamException {
+        Map<String, Object> parsed = new LinkedHashMap<>();
         for (Property credential : credentials.asPropertyList()) {
+            String credName = credential.getName();
+            String credValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
+
+            if (credName.contains(".")) {
+                String[] parts = credName.split("\\.");
+                String provider = parts[0];
+                String propKey = parts[1];
+
+                Map<String, String> currentProviderMap = (Map<String, String>) parsed.get(provider);
+                if (currentProviderMap == null) {
+                    currentProviderMap = new LinkedHashMap<>();
+                    parsed.put(provider, currentProviderMap);
+                }
+                currentProviderMap.put(propKey, credValue);
+            } else {
+                parsed.put(credName, credValue);
+            }
+        }
+
+        for (Map.Entry<String, Object> entry : parsed.entrySet()) {
             writer.writeStartElement(CredentialDefinition.TAG_NAME);
-            writer.writeAttribute("name", credential.getName());
-            String credentialValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
-            writeCharacters(writer, credentialValue);
+            writer.writeAttribute("name", entry.getKey());
+
+            Object value = entry.getValue();
+            if (value instanceof String) {
+                writeCharacters(writer, (String) value);
+            } else {
+                Map<String, String> credentialProps = (Map<String, String>) value;
+                for (Map.Entry<String, String> prop : credentialProps.entrySet()) {
+                    writer.writeStartElement(prop.getKey());
+                    writeCharacters(writer, prop.getValue());
+                    writer.writeEndElement();
+                }
+            }
+
             writer.writeEndElement();
         }
     }
diff --git a/integration/as7-eap6/as7-subsystem/src/main/resources/schema/keycloak_1_1.xsd b/integration/as7-eap6/as7-subsystem/src/main/resources/schema/keycloak_1_1.xsd
index 269b3232dd..75de38ad83 100755
--- a/integration/as7-eap6/as7-subsystem/src/main/resources/schema/keycloak_1_1.xsd
+++ b/integration/as7-eap6/as7-subsystem/src/main/resources/schema/keycloak_1_1.xsd
@@ -94,12 +94,11 @@
             </xs:annotation>
         </xs:attribute>
     </xs:complexType>
-    
-    <xs:complexType name="credential-type">
-        <xs:simpleContent>
-            <xs:extension base="xs:string">
-                <xs:attribute name="name" type="xs:string" />
-            </xs:extension>
-        </xs:simpleContent>
+
+    <xs:complexType name="credential-type" mixed="true">
+        <xs:sequence maxOccurs="unbounded" minOccurs="0">
+            <xs:any processContents="lax"></xs:any>
+        </xs:sequence>
+        <xs:attribute name="name" type="xs:string" use="required" />
     </xs:complexType>
 </xs:schema>
diff --git a/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java b/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java
index 4843534260..2a0b93c845 100755
--- a/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java
+++ b/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakAdapterConfigService.java
@@ -84,7 +84,19 @@ public final class KeycloakAdapterConfigService {
         }
 
         String credentialName = credentialNameFromOp(operation);
-        credentials.get(credentialName).set(model.get("value").asString());
+        if (!credentialName.contains(".")) {
+            credentials.get(credentialName).set(model.get("value").asString());
+        } else {
+            String[] parts = credentialName.split("\\.");
+            String provider = parts[0];
+            String property = parts[1];
+            ModelNode credential = credentials.get(provider);
+            if (!credential.isDefined()) {
+                credential = new ModelNode();
+            }
+            credential.get(property).set(model.get("value").asString());
+            credentials.set(provider, credential);
+        }
 
         ModelNode deployment = this.secureDeployments.get(deploymentNameFromOp(operation));
         deployment.get(CREDENTIALS_JSON_NAME).set(credentials);
diff --git a/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakSubsystemParser.java b/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakSubsystemParser.java
index efa260b46e..a261bc48c4 100755
--- a/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakSubsystemParser.java
+++ b/integration/wildfly/wf8-subsystem/src/main/java/org/keycloak/subsystem/wf8/extension/KeycloakSubsystemParser.java
@@ -35,7 +35,10 @@ import javax.xml.stream.XMLStreamConstants;
 import javax.xml.stream.XMLStreamException;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map;
 
 /**
  * The subsystem parser, which uses stax to read and write to and from xml
@@ -126,12 +129,48 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
 
     public void readCredential(XMLExtendedStreamReader reader, PathAddress parent, List<ModelNode> credentialsToAdd) throws XMLStreamException {
         String name = readNameAttribute(reader);
+
+        Map<String, String> values = new HashMap<>();
+        String textValue = null;
+        while (reader.hasNext()) {
+            int next = reader.next();
+            if (next == CHARACTERS) {
+                // text value of credential element (like for "secret" )
+                String text = reader.getText();
+                if (text == null || text.trim().isEmpty()) {
+                    continue;
+                }
+                textValue = text;
+            } else if (next == START_ELEMENT) {
+                String key = reader.getLocalName();
+                reader.next();
+                String value = reader.getText();
+                reader.next();
+
+                values.put(key, value);
+            } else if (next == END_ELEMENT) {
+                break;
+            }
+        }
+
+        if (textValue != null) {
+            ModelNode addCredential = getCredentialToAdd(parent, name, textValue);
+            credentialsToAdd.add(addCredential);
+        } else {
+            for (Map.Entry<String, String> entry : values.entrySet()) {
+                ModelNode addCredential = getCredentialToAdd(parent, name + "." + entry.getKey(), entry.getValue());
+                credentialsToAdd.add(addCredential);
+            }
+        }
+    }
+
+    private ModelNode getCredentialToAdd(PathAddress parent, String name, String value) {
         ModelNode addCredential = new ModelNode();
         addCredential.get(ModelDescriptionConstants.OP).set(ModelDescriptionConstants.ADD);
         PathAddress addr = PathAddress.pathAddress(parent, PathElement.pathElement(CredentialDefinition.TAG_NAME, name));
         addCredential.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
-        addCredential.get(CredentialDefinition.VALUE.getName()).set(reader.getElementText());
-        credentialsToAdd.add(addCredential);
+        addCredential.get(CredentialDefinition.VALUE.getName()).set(value);
+        return addCredential;
     }
 
     // expects that the current tag will have one single attribute called "name"
@@ -200,11 +239,43 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
     }
 
     private void writeCredentials(XMLExtendedStreamWriter writer, ModelNode credentials) throws XMLStreamException {
+        Map<String, Object> parsed = new LinkedHashMap<>();
         for (Property credential : credentials.asPropertyList()) {
+            String credName = credential.getName();
+            String credValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
+
+            if (credName.contains(".")) {
+                String[] parts = credName.split("\\.");
+                String provider = parts[0];
+                String propKey = parts[1];
+
+                Map<String, String> currentProviderMap = (Map<String, String>) parsed.get(provider);
+                if (currentProviderMap == null) {
+                    currentProviderMap = new LinkedHashMap<>();
+                    parsed.put(provider, currentProviderMap);
+                }
+                currentProviderMap.put(propKey, credValue);
+            } else {
+                parsed.put(credName, credValue);
+            }
+        }
+
+        for (Map.Entry<String, Object> entry : parsed.entrySet()) {
             writer.writeStartElement(CredentialDefinition.TAG_NAME);
-            writer.writeAttribute("name", credential.getName());
-            String credentialValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
-            writeCharacters(writer, credentialValue);
+            writer.writeAttribute("name", entry.getKey());
+
+            Object value = entry.getValue();
+            if (value instanceof String) {
+                writeCharacters(writer, (String) value);
+            } else {
+                Map<String, String> credentialProps = (Map<String, String>) value;
+                for (Map.Entry<String, String> prop : credentialProps.entrySet()) {
+                    writer.writeStartElement(prop.getKey());
+                    writeCharacters(writer, prop.getValue());
+                    writer.writeEndElement();
+                }
+            }
+
             writer.writeEndElement();
         }
     }
diff --git a/integration/wildfly/wf8-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd b/integration/wildfly/wf8-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd
index 269b3232dd..75de38ad83 100755
--- a/integration/wildfly/wf8-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd
+++ b/integration/wildfly/wf8-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd
@@ -94,12 +94,11 @@
             </xs:annotation>
         </xs:attribute>
     </xs:complexType>
-    
-    <xs:complexType name="credential-type">
-        <xs:simpleContent>
-            <xs:extension base="xs:string">
-                <xs:attribute name="name" type="xs:string" />
-            </xs:extension>
-        </xs:simpleContent>
+
+    <xs:complexType name="credential-type" mixed="true">
+        <xs:sequence maxOccurs="unbounded" minOccurs="0">
+            <xs:any processContents="lax"></xs:any>
+        </xs:sequence>
+        <xs:attribute name="name" type="xs:string" use="required" />
     </xs:complexType>
 </xs:schema>
diff --git a/integration/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java b/integration/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java
index 93e9a59fcb..6089293736 100755
--- a/integration/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java
+++ b/integration/wildfly/wf8-subsystem/src/test/java/org/keycloak/subsystem/wf8/extension/SubsystemParsingTestCase.java
@@ -16,6 +16,9 @@
  */
 package org.keycloak.subsystem.wf8.extension;
 
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
 import org.jboss.as.subsystem.test.AbstractSubsystemBaseTest;
 import org.jboss.dmr.ModelNode;
 import org.junit.Test;
@@ -49,13 +52,46 @@ public class SubsystemParsingTestCase extends AbstractSubsystemBaseTest {
         node.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/access/codes");
         node.get("ssl-required").set("external");
         node.get("expose-token").set(true);
+
+        ModelNode jwtCredential = new ModelNode();
+        jwtCredential.get("client-keystore-file").set("/tmp/keystore.jks");
+        jwtCredential.get("client-keystore-password").set("changeit");
         ModelNode credential = new ModelNode();
-        credential.get("password").set("password");
+        credential.get("jwt").set(jwtCredential);
         node.get("credentials").set(credential);
 
         System.out.println("json=" + node.toJSONString(false));
     }
 
+    @Test
+    public void testJsonFromSignedJWTCredentials() {
+        KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
+
+        PathAddress addr = PathAddress.pathAddress(PathElement.pathElement("subsystem", "keycloak"), PathElement.pathElement("secure-deployment", "foo"));
+        ModelNode deploymentOp = new ModelNode();
+        deploymentOp.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
+        ModelNode deployment = new ModelNode();
+        deployment.get("realm").set("demo");
+        deployment.get("resource").set("customer-portal");
+        service.addSecureDeployment(deploymentOp, deployment);
+
+        addCredential(addr, service, "secret", "secret1");
+        addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks");
+        addCredential(addr, service, "jwt.token-timeout", "10");
+
+        System.out.println("Deployment: " + service.getJSON("foo"));
+    }
+
+    private void addCredential(PathAddress parent, KeycloakAdapterConfigService service, String key, String value) {
+        PathAddress credAddr = PathAddress.pathAddress(parent, PathElement.pathElement("credential", key));
+        ModelNode credOp = new ModelNode();
+        credOp.get(ModelDescriptionConstants.OP_ADDR).set(credAddr.toModelNode());
+        ModelNode credential = new ModelNode();
+        credential.get("value").set(value);
+        service.addCredential(credOp, credential);
+    }
+
+
     @Override
     protected String getSubsystemXml() throws IOException {
         return readResource("keycloak-1.1.xml");
diff --git a/integration/wildfly/wf8-subsystem/src/test/resources/org/keycloak/subsystem/wf8/extension/keycloak-1.1.xml b/integration/wildfly/wf8-subsystem/src/test/resources/org/keycloak/subsystem/wf8/extension/keycloak-1.1.xml
index 2d12d88576..e512f0e85a 100644
--- a/integration/wildfly/wf8-subsystem/src/test/resources/org/keycloak/subsystem/wf8/extension/keycloak-1.1.xml
+++ b/integration/wildfly/wf8-subsystem/src/test/resources/org/keycloak/subsystem/wf8/extension/keycloak-1.1.xml
@@ -19,6 +19,8 @@
         </realm-public-key>
         <auth-server-url>http://localhost:8080/auth</auth-server-url>
         <ssl-required>EXTERNAL</ssl-required>
-        <credential name="secret">2769a4a2-5be0-454f-838f-f33b7755b667</credential>
+        <credential name="jwt">
+            <client-keystore-file>/tmp/keystore.jks</client-keystore-file>
+        </credential>
     </secure-deployment>
 </subsystem>
\ No newline at end of file
diff --git a/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java b/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
index c6f616adce..8eb4b9efbd 100755
--- a/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
+++ b/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakAdapterConfigService.java
@@ -84,7 +84,19 @@ public final class KeycloakAdapterConfigService {
         }
 
         String credentialName = credentialNameFromOp(operation);
-        credentials.get(credentialName).set(model.get("value").asString());
+        if (!credentialName.contains(".")) {
+            credentials.get(credentialName).set(model.get("value").asString());
+        } else {
+            String[] parts = credentialName.split("\\.");
+            String provider = parts[0];
+            String property = parts[1];
+            ModelNode credential = credentials.get(provider);
+            if (!credential.isDefined()) {
+                credential = new ModelNode();
+            }
+            credential.get(property).set(model.get("value").asString());
+            credentials.set(provider, credential);
+        }
 
         ModelNode deployment = this.secureDeployments.get(deploymentNameFromOp(operation));
         deployment.get(CREDENTIALS_JSON_NAME).set(credentials);
diff --git a/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java b/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java
index 3c63f7e832..9a9e667762 100755
--- a/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java
+++ b/integration/wildfly/wf9-subsystem/src/main/java/org/keycloak/subsystem/adapter/extension/KeycloakSubsystemParser.java
@@ -35,7 +35,10 @@ import javax.xml.stream.XMLStreamConstants;
 import javax.xml.stream.XMLStreamException;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map;
 
 /**
  * The subsystem parser, which uses stax to read and write to and from xml
@@ -126,12 +129,48 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
 
     public void readCredential(XMLExtendedStreamReader reader, PathAddress parent, List<ModelNode> credentialsToAdd) throws XMLStreamException {
         String name = readNameAttribute(reader);
+
+        Map<String, String> values = new HashMap<>();
+        String textValue = null;
+        while (reader.hasNext()) {
+            int next = reader.next();
+            if (next == CHARACTERS) {
+                // text value of credential element (like for "secret" )
+                String text = reader.getText();
+                if (text == null || text.trim().isEmpty()) {
+                    continue;
+                }
+                textValue = text;
+            } else if (next == START_ELEMENT) {
+                String key = reader.getLocalName();
+                reader.next();
+                String value = reader.getText();
+                reader.next();
+
+                values.put(key, value);
+            } else if (next == END_ELEMENT) {
+                break;
+            }
+        }
+
+        if (textValue != null) {
+            ModelNode addCredential = getCredentialToAdd(parent, name, textValue);
+            credentialsToAdd.add(addCredential);
+        } else {
+            for (Map.Entry<String, String> entry : values.entrySet()) {
+                ModelNode addCredential = getCredentialToAdd(parent, name + "." + entry.getKey(), entry.getValue());
+                credentialsToAdd.add(addCredential);
+            }
+        }
+    }
+
+    private ModelNode getCredentialToAdd(PathAddress parent, String name, String value) {
         ModelNode addCredential = new ModelNode();
         addCredential.get(ModelDescriptionConstants.OP).set(ModelDescriptionConstants.ADD);
         PathAddress addr = PathAddress.pathAddress(parent, PathElement.pathElement(CredentialDefinition.TAG_NAME, name));
         addCredential.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
-        addCredential.get(CredentialDefinition.VALUE.getName()).set(reader.getElementText());
-        credentialsToAdd.add(addCredential);
+        addCredential.get(CredentialDefinition.VALUE.getName()).set(value);
+        return addCredential;
     }
 
     // expects that the current tag will have one single attribute called "name"
@@ -200,11 +239,43 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
     }
 
     private void writeCredentials(XMLExtendedStreamWriter writer, ModelNode credentials) throws XMLStreamException {
+        Map<String, Object> parsed = new LinkedHashMap<>();
         for (Property credential : credentials.asPropertyList()) {
+            String credName = credential.getName();
+            String credValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
+
+            if (credName.contains(".")) {
+                String[] parts = credName.split("\\.");
+                String provider = parts[0];
+                String propKey = parts[1];
+
+                Map<String, String> currentProviderMap = (Map<String, String>) parsed.get(provider);
+                if (currentProviderMap == null) {
+                    currentProviderMap = new LinkedHashMap<>();
+                    parsed.put(provider, currentProviderMap);
+                }
+                currentProviderMap.put(propKey, credValue);
+            } else {
+                parsed.put(credName, credValue);
+            }
+        }
+
+        for (Map.Entry<String, Object> entry : parsed.entrySet()) {
             writer.writeStartElement(CredentialDefinition.TAG_NAME);
-            writer.writeAttribute("name", credential.getName());
-            String credentialValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
-            writeCharacters(writer, credentialValue);
+            writer.writeAttribute("name", entry.getKey());
+
+            Object value = entry.getValue();
+            if (value instanceof String) {
+                writeCharacters(writer, (String) value);
+            } else {
+                Map<String, String> credentialProps = (Map<String, String>) value;
+                for (Map.Entry<String, String> prop : credentialProps.entrySet()) {
+                    writer.writeStartElement(prop.getKey());
+                    writeCharacters(writer, prop.getValue());
+                    writer.writeEndElement();
+                }
+            }
+
             writer.writeEndElement();
         }
     }
diff --git a/integration/wildfly/wf9-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd b/integration/wildfly/wf9-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd
index 269b3232dd..0abaac18d8 100755
--- a/integration/wildfly/wf9-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd
+++ b/integration/wildfly/wf9-subsystem/src/main/resources/schema/wildfly-keycloak_1_1.xsd
@@ -95,11 +95,10 @@
         </xs:attribute>
     </xs:complexType>
     
-    <xs:complexType name="credential-type">
-        <xs:simpleContent>
-            <xs:extension base="xs:string">
-                <xs:attribute name="name" type="xs:string" />
-            </xs:extension>
-        </xs:simpleContent>
+    <xs:complexType name="credential-type" mixed="true">
+        <xs:sequence maxOccurs="unbounded" minOccurs="0">
+            <xs:any processContents="lax"></xs:any>
+        </xs:sequence>
+        <xs:attribute name="name" type="xs:string" use="required" />
     </xs:complexType>
 </xs:schema>
diff --git a/integration/wildfly/wf9-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java b/integration/wildfly/wf9-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java
index baa131b09d..dc1e98132c 100755
--- a/integration/wildfly/wf9-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java
+++ b/integration/wildfly/wf9-subsystem/src/test/java/org/keycloak/subsystem/adapter/extension/SubsystemParsingTestCase.java
@@ -16,6 +16,9 @@
  */
 package org.keycloak.subsystem.adapter.extension;
 
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
 import org.jboss.as.subsystem.test.AbstractSubsystemBaseTest;
 import org.jboss.dmr.ModelNode;
 import org.junit.Test;
@@ -49,13 +52,45 @@ public class SubsystemParsingTestCase extends AbstractSubsystemBaseTest {
         node.get("code-url").set("http://localhost:8080/auth-server/rest/realms/demo/protocol/openid-connect/access/codes");
         node.get("ssl-required").set("external");
         node.get("expose-token").set(true);
+
+        ModelNode jwtCredential = new ModelNode();
+        jwtCredential.get("client-keystore-file").set("/tmp/keystore.jks");
+        jwtCredential.get("client-keystore-password").set("changeit");
         ModelNode credential = new ModelNode();
-        credential.get("password").set("password");
+        credential.get("jwt").set(jwtCredential);
         node.get("credentials").set(credential);
 
         System.out.println("json=" + node.toJSONString(false));
     }
 
+    @Test
+    public void testJsonFromSignedJWTCredentials() {
+        KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
+
+        PathAddress addr = PathAddress.pathAddress(PathElement.pathElement("subsystem", "keycloak"), PathElement.pathElement("secure-deployment", "foo"));
+        ModelNode deploymentOp = new ModelNode();
+        deploymentOp.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
+        ModelNode deployment = new ModelNode();
+        deployment.get("realm").set("demo");
+        deployment.get("resource").set("customer-portal");
+        service.addSecureDeployment(deploymentOp, deployment);
+
+        addCredential(addr, service, "secret", "secret1");
+        addCredential(addr, service, "jwt.client-keystore-file", "/tmp/foo.jks");
+        addCredential(addr, service, "jwt.token-timeout", "10");
+
+        System.out.println("Deployment: " + service.getJSON("foo"));
+    }
+
+    private void addCredential(PathAddress parent, KeycloakAdapterConfigService service, String key, String value) {
+        PathAddress credAddr = PathAddress.pathAddress(parent, PathElement.pathElement("credential", key));
+        ModelNode credOp = new ModelNode();
+        credOp.get(ModelDescriptionConstants.OP_ADDR).set(credAddr.toModelNode());
+        ModelNode credential = new ModelNode();
+        credential.get("value").set(value);
+        service.addCredential(credOp, credential);
+    }
+
     @Override
     protected String getSubsystemXml() throws IOException {
         return readResource("keycloak-1.1.xml");
diff --git a/integration/wildfly/wf9-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml b/integration/wildfly/wf9-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml
index 2d12d88576..e512f0e85a 100644
--- a/integration/wildfly/wf9-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml
+++ b/integration/wildfly/wf9-subsystem/src/test/resources/org/keycloak/subsystem/adapter/extension/keycloak-1.1.xml
@@ -19,6 +19,8 @@
         </realm-public-key>
         <auth-server-url>http://localhost:8080/auth</auth-server-url>
         <ssl-required>EXTERNAL</ssl-required>
-        <credential name="secret">2769a4a2-5be0-454f-838f-f33b7755b667</credential>
+        <credential name="jwt">
+            <client-keystore-file>/tmp/keystore.jks</client-keystore-file>
+        </credential>
     </secure-deployment>
 </subsystem>
\ No newline at end of file
diff --git a/services/src/main/java/org/keycloak/services/managers/ClientManager.java b/services/src/main/java/org/keycloak/services/managers/ClientManager.java
index fbf530b36f..fa715576c4 100755
--- a/services/src/main/java/org/keycloak/services/managers/ClientManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ClientManager.java
@@ -215,10 +215,8 @@ public class ClientManager {
 
         rep.setResource(clientModel.getClientId());
 
-        if (!clientModel.isBearerOnly() && !clientModel.isPublicClient()) {
-            String clientAuthenticator = clientModel.getClientAuthenticatorType();
-            ClientAuthenticatorFactory authenticator = (ClientAuthenticatorFactory) realmManager.getSession().getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, clientAuthenticator);
-            Map<String, Object> adapterConfig = authenticator.getAdapterConfiguration(clientModel);
+        if (showClientCredentialsAdapterConfig(clientModel)) {
+            Map<String, Object> adapterConfig = getClientCredentialsAdapterConfig(clientModel);
             rep.setCredentials(adapterConfig);
         }
 
@@ -240,8 +238,23 @@ public class ClientManager {
         buffer.append("    <ssl-required>").append(realmModel.getSslRequired().name()).append("</ssl-required>\n");
         buffer.append("    <resource>").append(clientModel.getClientId()).append("</resource>\n");
         String cred = clientModel.getSecret();
-        if (!clientModel.isBearerOnly() && !clientModel.isPublicClient()) {
-            buffer.append("    <credential name=\"secret\">").append(cred).append("</credential>\n");
+        if (showClientCredentialsAdapterConfig(clientModel)) {
+            Map<String, Object> adapterConfig = getClientCredentialsAdapterConfig(clientModel);
+            for (Map.Entry<String, Object> entry : adapterConfig.entrySet()) {
+                buffer.append("    <credential name=\"" + entry.getKey() + "\">");
+
+                Object value = entry.getValue();
+                if (value instanceof Map) {
+                    buffer.append("\n");
+                    Map<String, Object> asMap = (Map<String, Object>) value;
+                    for (Map.Entry<String, Object> credEntry : asMap.entrySet()) {
+                        buffer.append("        <" + credEntry.getKey() + ">" + credEntry.getValue().toString() + "</" + credEntry.getKey() + ">\n");
+                    }
+                    buffer.append("    </credential>\n");
+                } else {
+                    buffer.append(value.toString()).append("</credential>\n");
+                }
+            }
         }
         if (clientModel.getRoles().size() > 0) {
             buffer.append("    <use-resource-role-mappings>true</use-resource-role-mappings>\n");
@@ -250,4 +263,22 @@ public class ClientManager {
         return buffer.toString();
     }
 
+    private boolean showClientCredentialsAdapterConfig(ClientModel client) {
+        if (client.isPublicClient()) {
+            return false;
+        }
+
+        if (client.isBearerOnly() && client.getNodeReRegistrationTimeout() <= 0) {
+            return false;
+        }
+
+        return true;
+    }
+
+    private Map<String, Object> getClientCredentialsAdapterConfig(ClientModel client) {
+        String clientAuthenticator = client.getClientAuthenticatorType();
+        ClientAuthenticatorFactory authenticator = (ClientAuthenticatorFactory) realmManager.getSession().getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, clientAuthenticator);
+        return authenticator.getAdapterConfiguration(client);
+    }
+
 }

From 298b9e01d84dc7507b87b4eb29142acd261dd9c9 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Tue, 8 Sep 2015 09:55:45 +0200
Subject: [PATCH 12/35] KEYCLOAK-1818 Authenticator example doesn't work when
 deployed as a module

---
 examples/providers/authenticator/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/providers/authenticator/README.md b/examples/providers/authenticator/README.md
index 5a8c50a833..f9eafccdfb 100755
--- a/examples/providers/authenticator/README.md
+++ b/examples/providers/authenticator/README.md
@@ -4,7 +4,7 @@ Example User Federation Provider
 This is an example of defining a custom Authenticator and Required action.  This example is explained in the user documentation
 of Keycloak.   To deploy, build this directory then take the jar and copy it to standalone/configuration/providers. Alternatively you can deploy as a module by running:
 
-    KEYCLOAK_HOME/bin/jboss-cli.sh --command="module add --name=org.keycloak.examples.secret-question --resources=target/authenticator-required-action-example.jar --dependencies=org.keycloak.keycloak-core,org.keycloak.keycloak-model-api,org.keycloak.keycloak-services"
+    KEYCLOAK_HOME/bin/jboss-cli.sh --command="module add --name=org.keycloak.examples.secret-question --resources=target/authenticator-required-action-example.jar --dependencies=org.keycloak.keycloak-core,org.keycloak.keycloak-model-api,org.keycloak.keycloak-login-api,org.keycloak.keycloak-services,org.jboss.resteasy.resteasy-jaxrs,javax.ws.rs.api"
 
 Then registering the provider by editing keycloak-server.json and adding the module to the providers field:
 

From d818ebdd9ea8bf4258cf50d60c506a2106e65ab5 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Tue, 8 Sep 2015 16:41:17 +0200
Subject: [PATCH 13/35] Fix service-account demo app on EAP 6.4

---
 .../org/keycloak/example/ProductSAClientSecretServlet.java  | 2 +-
 .../keycloak/example/ProductSAClientSignedJWTServlet.java   | 2 +-
 .../org/keycloak/example/ProductServiceAccountServlet.java  | 6 ++++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSecretServlet.java b/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSecretServlet.java
index 43c70f8127..4892bad0aa 100644
--- a/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSecretServlet.java
+++ b/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSecretServlet.java
@@ -9,7 +9,7 @@ public class ProductSAClientSecretServlet extends ProductServiceAccountServlet {
 
     @Override
     protected String getAdapterConfigLocation() {
-        return "WEB-INF/keycloak-client-secret.json";
+        return "/WEB-INF/keycloak-client-secret.json";
     }
 
     @Override
diff --git a/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSignedJWTServlet.java b/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSignedJWTServlet.java
index 2a6fe337b9..58c5f9bdc4 100644
--- a/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSignedJWTServlet.java
+++ b/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductSAClientSignedJWTServlet.java
@@ -7,7 +7,7 @@ public class ProductSAClientSignedJWTServlet extends ProductServiceAccountServle
 
     @Override
     protected String getAdapterConfigLocation() {
-        return "WEB-INF/keycloak-client-signed-jwt.json";
+        return "/WEB-INF/keycloak-client-signed-jwt.json";
     }
 
     @Override
diff --git a/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductServiceAccountServlet.java b/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductServiceAccountServlet.java
index 91f4a07543..13ab6468b4 100644
--- a/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductServiceAccountServlet.java
+++ b/examples/demo-template/service-account/src/main/java/org/keycloak/example/ProductServiceAccountServlet.java
@@ -32,6 +32,7 @@ import org.keycloak.adapters.authentication.ClientCredentialsProviderUtils;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.AccessTokenResponse;
 import org.keycloak.util.JsonSerialization;
+import org.keycloak.util.UriUtils;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -155,7 +156,8 @@ public abstract class ProductServiceAccountServlet extends HttpServlet {
         HttpClient client = getHttpClient();
         String token = (String) req.getSession().getAttribute(TOKEN);
 
-        HttpGet get = new HttpGet("http://localhost:8080/database/products");
+        String requestOrigin = UriUtils.getOrigin(req.getRequestURL().toString());
+        HttpGet get = new HttpGet(requestOrigin + "/database/products");
         if (token != null) {
             get.addHeader("Authorization", "Bearer " + token);
         }
@@ -165,7 +167,7 @@ public abstract class ProductServiceAccountServlet extends HttpServlet {
             int status = response.getStatusLine().getStatusCode();
             if (status != 200) {
                 String json = getContent(entity);
-                String error = "Failed retrieve products. Status: " + status + ", Response: " + json;
+                String error = "Failed retrieve products. Status: " + status;
                 req.setAttribute(ERROR, error);
             } else if (entity == null) {
                 req.setAttribute(ERROR, "No entity");

From 86f0092622f62aee328376309a76329421b0b604 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Tue, 8 Sep 2015 19:53:35 +0200
Subject: [PATCH 14/35] KEYCLOAK-1821 KEYCLOAK-1825 Migration and export/import
 of clientAuthFlow + resetCredentialsFlow

---
 .../idm/RealmRepresentation.java              |  9 ++++++++
 .../migration/migrators/MigrateTo1_5_0.java   | 10 +++++++--
 .../models/utils/ModelToRepresentation.java   |  1 +
 .../models/utils/RepresentationToModel.java   | 22 ++++++++++++++++++-
 .../keycloak/testsuite/model/ImportTest.java  | 14 ++++++++++++
 5 files changed, 53 insertions(+), 3 deletions(-)

diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index 5b59c23ee5..c1c53b32f0 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -90,6 +90,7 @@ public class RealmRepresentation {
     protected String browserFlow;
     protected String registrationFlow;
     protected String directGrantFlow;
+    protected String resetCredentialsFlow;
     protected String clientAuthenticationFlow;
 
     @Deprecated
@@ -737,6 +738,14 @@ public class RealmRepresentation {
         this.directGrantFlow = directGrantFlow;
     }
 
+    public String getResetCredentialsFlow() {
+        return resetCredentialsFlow;
+    }
+
+    public void setResetCredentialsFlow(String resetCredentialsFlow) {
+        this.resetCredentialsFlow = resetCredentialsFlow;
+    }
+
     public String getClientAuthenticationFlow() {
         return clientAuthenticationFlow;
     }
diff --git a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_5_0.java b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_5_0.java
index 95a5224880..cbe0eb7e40 100755
--- a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_5_0.java
+++ b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_5_0.java
@@ -31,13 +31,19 @@ public class MigrateTo1_5_0 {
             realm.setBrowserFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW));
             realm.setRegistrationFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW));
             realm.setDirectGrantFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW));
-            realm.setResetCredentialsFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW));
+
+            AuthenticationFlowModel resetFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
+            if (resetFlow == null) {
+                DefaultAuthenticationFlows.resetCredentialsFlow(realm);
+            } else {
+                realm.setResetCredentialsFlow(resetFlow);
+            }
 
             AuthenticationFlowModel clientAuthFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
             if (clientAuthFlow == null) {
                 DefaultAuthenticationFlows.clientAuthFlow(realm);
             } else {
-                realm.setClientAuthenticationFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW));
+                realm.setClientAuthenticationFlow(clientAuthFlow);
             }
 
             for (ClientModel client : realm.getClients()) {
diff --git a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
index f2d4f1ebe1..bf2360e6a2 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
@@ -163,6 +163,7 @@ public class ModelToRepresentation {
         if (realm.getBrowserFlow() != null) rep.setBrowserFlow(realm.getBrowserFlow().getAlias());
         if (realm.getRegistrationFlow() != null) rep.setRegistrationFlow(realm.getRegistrationFlow().getAlias());
         if (realm.getDirectGrantFlow() != null) rep.setDirectGrantFlow(realm.getDirectGrantFlow().getAlias());
+        if (realm.getResetCredentialsFlow() != null) rep.setResetCredentialsFlow(realm.getResetCredentialsFlow().getAlias());
         if (realm.getClientAuthenticationFlow() != null) rep.setClientAuthenticationFlow(realm.getClientAuthenticationFlow().getAlias());
 
         List<String> defaultRoles = realm.getDefaultRoles();
diff --git a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
index 4faff0194e..811655b4b6 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@@ -359,8 +359,25 @@ public class RepresentationToModel {
         } else {
             newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(rep.getDirectGrantFlow()));
         }
+
+        // reset credentials + client flow needs to be more defensive as they were added later (in 1.5 )
+        if (rep.getResetCredentialsFlow() == null) {
+            AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
+            if (resetFlow == null) {
+                DefaultAuthenticationFlows.resetCredentialsFlow(newRealm);
+            } else {
+                newRealm.setResetCredentialsFlow(resetFlow);
+            }
+        } else {
+            newRealm.setResetCredentialsFlow(newRealm.getFlowByAlias(rep.getResetCredentialsFlow()));
+        }
         if (rep.getClientAuthenticationFlow() == null) {
-            newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW));
+            AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
+            if (clientFlow == null) {
+                DefaultAuthenticationFlows.clientAuthFlow(newRealm);
+            } else {
+                newRealm.setClientAuthenticationFlow(clientFlow);
+            }
         } else {
             newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(rep.getClientAuthenticationFlow()));
         }
@@ -571,6 +588,9 @@ public class RepresentationToModel {
         if (rep.getDirectGrantFlow() != null) {
             realm.setDirectGrantFlow(realm.getFlowByAlias(rep.getDirectGrantFlow()));
         }
+        if (rep.getResetCredentialsFlow() != null) {
+            realm.setResetCredentialsFlow(realm.getFlowByAlias(rep.getResetCredentialsFlow()));
+        }
         if (rep.getClientAuthenticationFlow() != null) {
             realm.setClientAuthenticationFlow(realm.getFlowByAlias(rep.getClientAuthenticationFlow()));
         }
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java
index 558ff39a8b..2f33e4397d 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/ImportTest.java
@@ -7,6 +7,8 @@ import org.junit.runners.MethodSorters;
 import org.keycloak.constants.KerberosConstants;
 import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapper;
 import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapperFactory;
+import org.keycloak.models.AuthenticationExecutionModel;
+import org.keycloak.models.AuthenticationFlowModel;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.Constants;
 import org.keycloak.models.FederatedIdentityModel;
@@ -23,6 +25,7 @@ import org.keycloak.models.UserFederationProvider;
 import org.keycloak.models.UserFederationProviderFactory;
 import org.keycloak.models.UserFederationProviderModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.DefaultAuthenticationFlows;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
 import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
 import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
@@ -275,6 +278,17 @@ public class ImportTest extends AbstractModelTest {
         UserFederationProviderFactory factory = (UserFederationProviderFactory)session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, "dummy");
         Assert.assertNull(factory.getInstance(session, null).getUserByUsername(realm, "wburke"));
 
+        // Test builtin authentication flows
+        AuthenticationFlowModel clientFlow = realm.getClientAuthenticationFlow();
+        Assert.assertEquals(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW, clientFlow.getAlias());
+        Assert.assertNotNull(realm.getAuthenticationFlowById(clientFlow.getId()));
+        Assert.assertTrue(realm.getAuthenticationExecutions(clientFlow.getId()).size() > 0);
+
+        AuthenticationFlowModel resetFlow = realm.getResetCredentialsFlow();
+        Assert.assertEquals(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW, resetFlow.getAlias());
+        Assert.assertNotNull(realm.getAuthenticationFlowById(resetFlow.getId()));
+        Assert.assertTrue(realm.getAuthenticationExecutions(resetFlow.getId()).size() > 0);
+
         // Test protocol mappers. Default application has all the builtin protocol mappers. OtherApp just gss credential
         Assert.assertNotNull(application.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "username"));
         Assert.assertNotNull(application.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "email"));

From 6225ccfc06b5108490893307e9e1213f319a5d39 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Tue, 8 Sep 2015 21:00:42 +0200
Subject: [PATCH 15/35] KEYCLOAK-1826

---
 .../federation/ldap/idm/store/ldap/LDAPOperationManager.java     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
index 215034afa9..8a5b299437 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
@@ -333,6 +333,7 @@ public class LDAPOperationManager {
 
             Hashtable<String, Object> env = new Hashtable<String, Object>(this.connectionProperties);
 
+            env.put(Context.SECURITY_AUTHENTICATION, LDAPConstants.AUTH_TYPE_SIMPLE);
             env.put(Context.SECURITY_PRINCIPAL, dn);
             env.put(Context.SECURITY_CREDENTIALS, password);
 

From 149ef706dd6fedbe544593c4841d4ebfeed275c2 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Tue, 8 Sep 2015 22:55:43 +0200
Subject: [PATCH 16/35] KEYCLOAK-1824 ClientIdAndSecretCredentialsProvider not
 found when deploying Fuse examples

---
 .../ClientCredentialsProviderUtils.java           | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/ClientCredentialsProviderUtils.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/ClientCredentialsProviderUtils.java
index be3eb41e55..3a7b1c3826 100644
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/ClientCredentialsProviderUtils.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/authentication/ClientCredentialsProviderUtils.java
@@ -1,8 +1,10 @@
 package org.keycloak.adapters.authentication;
 
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.ServiceConfigurationError;
 import java.util.ServiceLoader;
 
 import org.apache.http.NameValuePair;
@@ -55,8 +57,17 @@ public class ClientCredentialsProviderUtils {
     }
 
     private static void loadAuthenticators(Map<String, ClientCredentialsProvider> authenticators, ClassLoader classLoader) {
-        for (ClientCredentialsProvider authenticator : ServiceLoader.load(ClientCredentialsProvider.class, classLoader)) {
-            authenticators.put(authenticator.getId(), authenticator);
+        Iterator<ClientCredentialsProvider> iterator = ServiceLoader.load(ClientCredentialsProvider.class, classLoader).iterator();
+        while (iterator.hasNext()) {
+            try {
+                ClientCredentialsProvider authenticator = iterator.next();
+                logger.debugf("Loaded clientCredentialsProvider %s", authenticator.getId());
+                authenticators.put(authenticator.getId(), authenticator);
+            } catch (ServiceConfigurationError e) {
+                if (logger.isDebugEnabled()) {
+                    logger.debug("Failed to load clientCredentialsProvider with classloader: " + classLoader, e);
+                }
+            }
         }
     }
 

From 3fd4d23bed2e057a2713377c5a3fde0bfd029b48 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Wed, 9 Sep 2015 11:27:21 +0200
Subject: [PATCH 17/35] Version bump

---
 broker/core/pom.xml                                             | 2 +-
 broker/oidc/pom.xml                                             | 2 +-
 broker/pom.xml                                                  | 2 +-
 broker/saml/pom.xml                                             | 2 +-
 connections/file/pom.xml                                        | 2 +-
 connections/http-client/pom.xml                                 | 2 +-
 connections/infinispan/pom.xml                                  | 2 +-
 connections/jpa-liquibase/pom.xml                               | 2 +-
 connections/jpa/pom.xml                                         | 2 +-
 connections/mongo-update/pom.xml                                | 2 +-
 connections/mongo/pom.xml                                       | 2 +-
 connections/pom.xml                                             | 2 +-
 core-jaxrs/pom.xml                                              | 2 +-
 core/pom.xml                                                    | 2 +-
 dependencies/pom.xml                                            | 2 +-
 dependencies/server-all/pom.xml                                 | 2 +-
 dependencies/server-min/pom.xml                                 | 2 +-
 distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml  | 2 +-
 distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml      | 2 +-
 distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml | 2 +-
 distribution/adapters/as7-eap6-adapter/pom.xml                  | 2 +-
 distribution/adapters/jetty81-adapter-zip/pom.xml               | 2 +-
 distribution/adapters/jetty91-adapter-zip/pom.xml               | 2 +-
 distribution/adapters/jetty92-adapter-zip/pom.xml               | 2 +-
 distribution/adapters/js-adapter-zip/pom.xml                    | 2 +-
 distribution/adapters/osgi/features/pom.xml                     | 2 +-
 distribution/adapters/osgi/jaas/pom.xml                         | 2 +-
 distribution/adapters/osgi/pom.xml                              | 2 +-
 distribution/adapters/osgi/thirdparty/pom.xml                   | 2 +-
 distribution/adapters/pom.xml                                   | 2 +-
 distribution/adapters/tomcat6-adapter-zip/pom.xml               | 2 +-
 distribution/adapters/tomcat7-adapter-zip/pom.xml               | 2 +-
 distribution/adapters/tomcat8-adapter-zip/pom.xml               | 2 +-
 distribution/adapters/wf8-adapter/pom.xml                       | 2 +-
 distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml       | 2 +-
 distribution/adapters/wf8-adapter/wf8-modules/pom.xml           | 2 +-
 distribution/adapters/wf9-adapter/pom.xml                       | 2 +-
 distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml       | 2 +-
 distribution/adapters/wf9-adapter/wf9-modules/pom.xml           | 2 +-
 distribution/demo-dist/pom.xml                                  | 2 +-
 distribution/docs-dist/pom.xml                                  | 2 +-
 distribution/downloads/pom.xml                                  | 2 +-
 distribution/examples-dist/pom.xml                              | 2 +-
 distribution/feature-packs/adapter-feature-pack/pom.xml         | 2 +-
 distribution/feature-packs/pom.xml                              | 2 +-
 distribution/feature-packs/server-feature-pack/pom.xml          | 2 +-
 distribution/pom.xml                                            | 2 +-
 distribution/proxy-dist/pom.xml                                 | 2 +-
 distribution/server-dist/pom.xml                                | 2 +-
 distribution/server-overlay/eap6/eap6-server-modules/pom.xml    | 2 +-
 distribution/server-overlay/eap6/eap6-server-overlay/pom.xml    | 2 +-
 distribution/server-overlay/eap6/pom.xml                        | 2 +-
 distribution/server-overlay/pom.xml                             | 2 +-
 distribution/server-overlay/wf9-server-overlay/pom.xml          | 2 +-
 distribution/src-dist/pom.xml                                   | 2 +-
 docbook/pom.xml                                                 | 2 +-
 events/api/pom.xml                                              | 2 +-
 events/email/pom.xml                                            | 2 +-
 events/jboss-logging/pom.xml                                    | 2 +-
 events/jpa/pom.xml                                              | 2 +-
 events/mongo/pom.xml                                            | 2 +-
 events/pom.xml                                                  | 2 +-
 events/syslog/pom.xml                                           | 2 +-
 examples/admin-client/pom.xml                                   | 2 +-
 examples/basic-auth/pom.xml                                     | 2 +-
 examples/broker/facebook-authentication/pom.xml                 | 2 +-
 examples/broker/google-authentication/pom.xml                   | 2 +-
 examples/broker/pom.xml                                         | 2 +-
 examples/broker/saml-broker-authentication/pom.xml              | 2 +-
 examples/broker/twitter-authentication/pom.xml                  | 2 +-
 examples/cors/angular-product-app/pom.xml                       | 2 +-
 examples/cors/database-service/pom.xml                          | 2 +-
 examples/cors/pom.xml                                           | 2 +-
 examples/demo-template/admin-access-app/pom.xml                 | 2 +-
 examples/demo-template/angular-product-app/pom.xml              | 2 +-
 examples/demo-template/customer-app-cli/pom.xml                 | 2 +-
 examples/demo-template/customer-app-js/pom.xml                  | 2 +-
 examples/demo-template/customer-app/pom.xml                     | 2 +-
 examples/demo-template/database-service/pom.xml                 | 2 +-
 examples/demo-template/example-ear/pom.xml                      | 2 +-
 examples/demo-template/pom.xml                                  | 2 +-
 examples/demo-template/product-app/pom.xml                      | 2 +-
 examples/demo-template/service-account/pom.xml                  | 2 +-
 examples/demo-template/third-party-cdi/pom.xml                  | 2 +-
 examples/demo-template/third-party/pom.xml                      | 2 +-
 examples/fuse/camel/pom.xml                                     | 2 +-
 examples/fuse/customer-app-fuse/pom.xml                         | 2 +-
 examples/fuse/cxf-jaxrs/pom.xml                                 | 2 +-
 examples/fuse/cxf-jaxws/pom.xml                                 | 2 +-
 examples/fuse/features/pom.xml                                  | 2 +-
 examples/fuse/pom.xml                                           | 2 +-
 examples/fuse/product-app-fuse/pom.xml                          | 2 +-
 examples/js-console/pom.xml                                     | 2 +-
 examples/kerberos/pom.xml                                       | 2 +-
 examples/ldap/pom.xml                                           | 2 +-
 examples/multi-tenant/pom.xml                                   | 2 +-
 examples/pom.xml                                                | 2 +-
 examples/providers/authenticator/pom.xml                        | 2 +-
 examples/providers/event-listener-sysout/pom.xml                | 2 +-
 examples/providers/event-store-mem/pom.xml                      | 2 +-
 examples/providers/federation-provider/pom.xml                  | 2 +-
 examples/providers/pom.xml                                      | 2 +-
 examples/saml/pom.xml                                           | 2 +-
 examples/themes/pom.xml                                         | 2 +-
 export-import/export-import-api/pom.xml                         | 2 +-
 export-import/export-import-dir/pom.xml                         | 2 +-
 export-import/export-import-single-file/pom.xml                 | 2 +-
 export-import/export-import-zip/pom.xml                         | 2 +-
 export-import/pom.xml                                           | 2 +-
 federation/kerberos/pom.xml                                     | 2 +-
 federation/ldap/pom.xml                                         | 2 +-
 federation/pom.xml                                              | 2 +-
 forms/account-api/pom.xml                                       | 2 +-
 forms/account-freemarker/pom.xml                                | 2 +-
 forms/common-freemarker/pom.xml                                 | 2 +-
 forms/common-themes/pom.xml                                     | 2 +-
 forms/email-api/pom.xml                                         | 2 +-
 forms/email-freemarker/pom.xml                                  | 2 +-
 forms/login-api/pom.xml                                         | 2 +-
 forms/login-freemarker/pom.xml                                  | 2 +-
 forms/pom.xml                                                   | 2 +-
 integration/adapter-core/pom.xml                                | 2 +-
 integration/admin-client/pom.xml                                | 2 +-
 integration/as7-eap6/as7-adapter/pom.xml                        | 2 +-
 integration/as7-eap6/as7-server-subsystem/pom.xml               | 2 +-
 integration/as7-eap6/as7-subsystem/pom.xml                      | 2 +-
 integration/as7-eap6/pom.xml                                    | 2 +-
 integration/installed/pom.xml                                   | 2 +-
 integration/jaxrs-oauth-client/pom.xml                          | 2 +-
 integration/jboss-adapter-core/pom.xml                          | 2 +-
 integration/jetty/jetty-core/pom.xml                            | 2 +-
 integration/jetty/jetty8.1/pom.xml                              | 2 +-
 integration/jetty/jetty9.1/pom.xml                              | 2 +-
 integration/jetty/jetty9.2/pom.xml                              | 2 +-
 integration/jetty/pom.xml                                       | 2 +-
 integration/js/pom.xml                                          | 2 +-
 integration/osgi-adapter/pom.xml                                | 2 +-
 integration/pom.xml                                             | 2 +-
 integration/servlet-oauth-client/pom.xml                        | 2 +-
 integration/spring-boot/pom.xml                                 | 2 +-
 integration/spring-security/pom.xml                             | 2 +-
 integration/tomcat/pom.xml                                      | 2 +-
 integration/tomcat/tomcat-core/pom.xml                          | 2 +-
 integration/tomcat/tomcat6/pom.xml                              | 2 +-
 integration/tomcat/tomcat7/pom.xml                              | 2 +-
 integration/tomcat/tomcat8/pom.xml                              | 2 +-
 integration/undertow/pom.xml                                    | 2 +-
 integration/wildfly/pom.xml                                     | 2 +-
 integration/wildfly/wf8-subsystem/pom.xml                       | 2 +-
 integration/wildfly/wf9-server-subsystem/pom.xml                | 2 +-
 integration/wildfly/wf9-subsystem/pom.xml                       | 2 +-
 integration/wildfly/wildfly-adapter/pom.xml                     | 2 +-
 integration/wildfly/wildfly-extensions/pom.xml                  | 2 +-
 model/api/pom.xml                                               | 2 +-
 model/file/pom.xml                                              | 2 +-
 model/invalidation-cache/infinispan/pom.xml                     | 2 +-
 model/invalidation-cache/model-adapters/pom.xml                 | 2 +-
 model/invalidation-cache/pom.xml                                | 2 +-
 model/jpa/pom.xml                                               | 2 +-
 model/mongo/pom.xml                                             | 2 +-
 model/pom.xml                                                   | 2 +-
 model/sessions-infinispan/pom.xml                               | 2 +-
 pom.xml                                                         | 2 +-
 proxy/launcher/pom.xml                                          | 2 +-
 proxy/pom.xml                                                   | 2 +-
 proxy/proxy-server/pom.xml                                      | 2 +-
 saml/pom.xml                                                    | 2 +-
 saml/saml-core/pom.xml                                          | 2 +-
 saml/saml-protocol/pom.xml                                      | 2 +-
 services/pom.xml                                                | 2 +-
 social/core/pom.xml                                             | 2 +-
 social/facebook/pom.xml                                         | 2 +-
 social/github/pom.xml                                           | 2 +-
 social/google/pom.xml                                           | 2 +-
 social/linkedin/pom.xml                                         | 2 +-
 social/pom.xml                                                  | 2 +-
 social/stackoverflow/pom.xml                                    | 2 +-
 social/twitter/pom.xml                                          | 2 +-
 testsuite/docker-cluster/pom.xml                                | 2 +-
 testsuite/integration-arquillian/pom.xml                        | 2 +-
 testsuite/integration/pom.xml                                   | 2 +-
 testsuite/jetty/jetty81/pom.xml                                 | 2 +-
 testsuite/jetty/jetty91/pom.xml                                 | 2 +-
 testsuite/jetty/jetty92/pom.xml                                 | 2 +-
 testsuite/performance/pom.xml                                   | 2 +-
 testsuite/pom.xml                                               | 2 +-
 testsuite/proxy/pom.xml                                         | 2 +-
 testsuite/tomcat6/pom.xml                                       | 2 +-
 testsuite/tomcat7/pom.xml                                       | 2 +-
 testsuite/tomcat8/pom.xml                                       | 2 +-
 timer/api/pom.xml                                               | 2 +-
 timer/basic/pom.xml                                             | 2 +-
 timer/pom.xml                                                   | 2 +-
 util/embedded-ldap/pom.xml                                      | 2 +-
 util/pom.xml                                                    | 2 +-
 195 files changed, 195 insertions(+), 195 deletions(-)

diff --git a/broker/core/pom.xml b/broker/core/pom.xml
index 2799c7d0be..db8d9013c9 100755
--- a/broker/core/pom.xml
+++ b/broker/core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/broker/oidc/pom.xml b/broker/oidc/pom.xml
index 747d1fab6d..997fcc757d 100755
--- a/broker/oidc/pom.xml
+++ b/broker/oidc/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/broker/pom.xml b/broker/pom.xml
index b4f38d57e9..8437a9e33f 100755
--- a/broker/pom.xml
+++ b/broker/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/broker/saml/pom.xml b/broker/saml/pom.xml
index b787105689..7238405443 100755
--- a/broker/saml/pom.xml
+++ b/broker/saml/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/file/pom.xml b/connections/file/pom.xml
index c88a196a55..c547b604c4 100755
--- a/connections/file/pom.xml
+++ b/connections/file/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/http-client/pom.xml b/connections/http-client/pom.xml
index b7e99530fc..66c1d4cdbe 100755
--- a/connections/http-client/pom.xml
+++ b/connections/http-client/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/infinispan/pom.xml b/connections/infinispan/pom.xml
index f7c457df2a..711de79ad6 100755
--- a/connections/infinispan/pom.xml
+++ b/connections/infinispan/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/jpa-liquibase/pom.xml b/connections/jpa-liquibase/pom.xml
index 6f6e913cf2..609d4b28c8 100755
--- a/connections/jpa-liquibase/pom.xml
+++ b/connections/jpa-liquibase/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/jpa/pom.xml b/connections/jpa/pom.xml
index e5c07a92b5..b36b85015c 100755
--- a/connections/jpa/pom.xml
+++ b/connections/jpa/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/mongo-update/pom.xml b/connections/mongo-update/pom.xml
index 20f62981df..c932903efd 100755
--- a/connections/mongo-update/pom.xml
+++ b/connections/mongo-update/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/mongo/pom.xml b/connections/mongo/pom.xml
index f35cc3b32c..ca25511daa 100755
--- a/connections/mongo/pom.xml
+++ b/connections/mongo/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/pom.xml b/connections/pom.xml
index abbe3c4d2d..e4db58ef32 100755
--- a/connections/pom.xml
+++ b/connections/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
     <name>Connections Parent</name>
     <description/>
diff --git a/core-jaxrs/pom.xml b/core-jaxrs/pom.xml
index b1996085c2..6822b3a6c5 100755
--- a/core-jaxrs/pom.xml
+++ b/core-jaxrs/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/core/pom.xml b/core/pom.xml
index e9725c35b9..e4707551e9 100755
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/dependencies/pom.xml b/dependencies/pom.xml
index b54ad58aea..d9a86f1eb6 100755
--- a/dependencies/pom.xml
+++ b/dependencies/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/dependencies/server-all/pom.xml b/dependencies/server-all/pom.xml
index c193c0077c..3776340d34 100755
--- a/dependencies/server-all/pom.xml
+++ b/dependencies/server-all/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/dependencies/server-min/pom.xml b/dependencies/server-min/pom.xml
index 06b14917b5..b89c6a64b1 100755
--- a/dependencies/server-min/pom.xml
+++ b/dependencies/server-min/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml b/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
index 3edb3439c8..d905027b6e 100755
--- a/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml b/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
index d191be5acd..04724d4659 100755
--- a/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml b/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
index cdd180d55b..7085d9dfc5 100755
--- a/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/as7-eap6-adapter/pom.xml b/distribution/adapters/as7-eap6-adapter/pom.xml
index 353599d72b..884f31bdf1 100644
--- a/distribution/adapters/as7-eap6-adapter/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak AS7 / JBoss EAP 6 Adapter Distros</name>
diff --git a/distribution/adapters/jetty81-adapter-zip/pom.xml b/distribution/adapters/jetty81-adapter-zip/pom.xml
index ae591ee70c..fe02923c20 100755
--- a/distribution/adapters/jetty81-adapter-zip/pom.xml
+++ b/distribution/adapters/jetty81-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/jetty91-adapter-zip/pom.xml b/distribution/adapters/jetty91-adapter-zip/pom.xml
index 62db9ff671..0de6688e8c 100755
--- a/distribution/adapters/jetty91-adapter-zip/pom.xml
+++ b/distribution/adapters/jetty91-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/jetty92-adapter-zip/pom.xml b/distribution/adapters/jetty92-adapter-zip/pom.xml
index 16dd82b935..d3233ecbe7 100755
--- a/distribution/adapters/jetty92-adapter-zip/pom.xml
+++ b/distribution/adapters/jetty92-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/js-adapter-zip/pom.xml b/distribution/adapters/js-adapter-zip/pom.xml
index a72c62ff11..0a1c19cad6 100755
--- a/distribution/adapters/js-adapter-zip/pom.xml
+++ b/distribution/adapters/js-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/osgi/features/pom.xml b/distribution/adapters/osgi/features/pom.xml
index 71e7f5cc8b..5009f4bfb6 100755
--- a/distribution/adapters/osgi/features/pom.xml
+++ b/distribution/adapters/osgi/features/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak OSGI Features</name>
diff --git a/distribution/adapters/osgi/jaas/pom.xml b/distribution/adapters/osgi/jaas/pom.xml
index a9ce470d86..17b8dbf542 100755
--- a/distribution/adapters/osgi/jaas/pom.xml
+++ b/distribution/adapters/osgi/jaas/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak OSGI JAAS Realm Configuration</name>
diff --git a/distribution/adapters/osgi/pom.xml b/distribution/adapters/osgi/pom.xml
index ff0263f82a..98fea47550 100755
--- a/distribution/adapters/osgi/pom.xml
+++ b/distribution/adapters/osgi/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak OSGI Integration</name>
diff --git a/distribution/adapters/osgi/thirdparty/pom.xml b/distribution/adapters/osgi/thirdparty/pom.xml
index 22ebe93104..c4ddc7a97d 100755
--- a/distribution/adapters/osgi/thirdparty/pom.xml
+++ b/distribution/adapters/osgi/thirdparty/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/pom.xml b/distribution/adapters/pom.xml
index 27830d884c..5aacc0fae0 100755
--- a/distribution/adapters/pom.xml
+++ b/distribution/adapters/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/tomcat6-adapter-zip/pom.xml b/distribution/adapters/tomcat6-adapter-zip/pom.xml
index 4e952bffa8..d08356b663 100755
--- a/distribution/adapters/tomcat6-adapter-zip/pom.xml
+++ b/distribution/adapters/tomcat6-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/tomcat7-adapter-zip/pom.xml b/distribution/adapters/tomcat7-adapter-zip/pom.xml
index 625a273545..1f394a7b15 100755
--- a/distribution/adapters/tomcat7-adapter-zip/pom.xml
+++ b/distribution/adapters/tomcat7-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/tomcat8-adapter-zip/pom.xml b/distribution/adapters/tomcat8-adapter-zip/pom.xml
index 8fcee0583a..e759ffb73e 100755
--- a/distribution/adapters/tomcat8-adapter-zip/pom.xml
+++ b/distribution/adapters/tomcat8-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/wf8-adapter/pom.xml b/distribution/adapters/wf8-adapter/pom.xml
index 897559e4c0..85a3f5d459 100644
--- a/distribution/adapters/wf8-adapter/pom.xml
+++ b/distribution/adapters/wf8-adapter/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Wildfly 8 Adapter</name>
diff --git a/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml b/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml
index c1fa52cabe..6f5dcf6644 100755
--- a/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml
+++ b/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/wf8-adapter/wf8-modules/pom.xml b/distribution/adapters/wf8-adapter/wf8-modules/pom.xml
index f3e419018e..e98c41c9ef 100755
--- a/distribution/adapters/wf8-adapter/wf8-modules/pom.xml
+++ b/distribution/adapters/wf8-adapter/wf8-modules/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/wf9-adapter/pom.xml b/distribution/adapters/wf9-adapter/pom.xml
index 67a703981f..4b37d722f9 100644
--- a/distribution/adapters/wf9-adapter/pom.xml
+++ b/distribution/adapters/wf9-adapter/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Wildfly 9 Adapter</name>
diff --git a/distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml b/distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml
index f925f2b830..3fd7c5af6e 100755
--- a/distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml
+++ b/distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/wf9-adapter/wf9-modules/pom.xml b/distribution/adapters/wf9-adapter/wf9-modules/pom.xml
index ed0f8094d3..9277184c62 100755
--- a/distribution/adapters/wf9-adapter/wf9-modules/pom.xml
+++ b/distribution/adapters/wf9-adapter/wf9-modules/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/demo-dist/pom.xml b/distribution/demo-dist/pom.xml
index 01624dfa28..7903eb86fb 100755
--- a/distribution/demo-dist/pom.xml
+++ b/distribution/demo-dist/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/docs-dist/pom.xml b/distribution/docs-dist/pom.xml
index 3abc176d16..1f1ce1db02 100755
--- a/distribution/docs-dist/pom.xml
+++ b/distribution/docs-dist/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/downloads/pom.xml b/distribution/downloads/pom.xml
index 5062af97fe..f15b757736 100755
--- a/distribution/downloads/pom.xml
+++ b/distribution/downloads/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>distribution-pom</artifactId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <artifactId>keycloak-dist-downloads</artifactId>
diff --git a/distribution/examples-dist/pom.xml b/distribution/examples-dist/pom.xml
index c371b4facb..8f3dc2c50f 100755
--- a/distribution/examples-dist/pom.xml
+++ b/distribution/examples-dist/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/feature-packs/adapter-feature-pack/pom.xml b/distribution/feature-packs/adapter-feature-pack/pom.xml
index 60705fa68c..180d47b89b 100644
--- a/distribution/feature-packs/adapter-feature-pack/pom.xml
+++ b/distribution/feature-packs/adapter-feature-pack/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>feature-packs-parent</artifactId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/distribution/feature-packs/pom.xml b/distribution/feature-packs/pom.xml
index 596935b1b9..7530b6d64a 100644
--- a/distribution/feature-packs/pom.xml
+++ b/distribution/feature-packs/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>distribution-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <name>Feature Pack Builds</name>
diff --git a/distribution/feature-packs/server-feature-pack/pom.xml b/distribution/feature-packs/server-feature-pack/pom.xml
index 263c2000e8..ba360d9f86 100644
--- a/distribution/feature-packs/server-feature-pack/pom.xml
+++ b/distribution/feature-packs/server-feature-pack/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>feature-packs-parent</artifactId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/distribution/pom.xml b/distribution/pom.xml
index 95c0531ee8..ca479390d3 100755
--- a/distribution/pom.xml
+++ b/distribution/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/proxy-dist/pom.xml b/distribution/proxy-dist/pom.xml
index 030137f0cb..f2b480d031 100755
--- a/distribution/proxy-dist/pom.xml
+++ b/distribution/proxy-dist/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/server-dist/pom.xml b/distribution/server-dist/pom.xml
index 3c90b355d0..b6217fa25e 100755
--- a/distribution/server-dist/pom.xml
+++ b/distribution/server-dist/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/server-overlay/eap6/eap6-server-modules/pom.xml b/distribution/server-overlay/eap6/eap6-server-modules/pom.xml
index 1041b69735..59b572cf78 100755
--- a/distribution/server-overlay/eap6/eap6-server-modules/pom.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml b/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
index 8b0a69adaf..9d15cbf74b 100755
--- a/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/server-overlay/eap6/pom.xml b/distribution/server-overlay/eap6/pom.xml
index 9361c3ba5a..fa9142ff01 100755
--- a/distribution/server-overlay/eap6/pom.xml
+++ b/distribution/server-overlay/eap6/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/server-overlay/pom.xml b/distribution/server-overlay/pom.xml
index 159a18ac19..6569c5d4f0 100755
--- a/distribution/server-overlay/pom.xml
+++ b/distribution/server-overlay/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/server-overlay/wf9-server-overlay/pom.xml b/distribution/server-overlay/wf9-server-overlay/pom.xml
index fda3fc0e6d..c7e74e4f60 100755
--- a/distribution/server-overlay/wf9-server-overlay/pom.xml
+++ b/distribution/server-overlay/wf9-server-overlay/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/src-dist/pom.xml b/distribution/src-dist/pom.xml
index 4c0290e8f2..5a22a280b8 100755
--- a/distribution/src-dist/pom.xml
+++ b/distribution/src-dist/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/docbook/pom.xml b/docbook/pom.xml
index 7cef3f7785..da51831113 100755
--- a/docbook/pom.xml
+++ b/docbook/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/events/api/pom.xml b/events/api/pom.xml
index 5f7eff84f9..4d4ab5b5bc 100755
--- a/events/api/pom.xml
+++ b/events/api/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-events-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/events/email/pom.xml b/events/email/pom.xml
index dad42de54c..f400e52af0 100755
--- a/events/email/pom.xml
+++ b/events/email/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-events-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/events/jboss-logging/pom.xml b/events/jboss-logging/pom.xml
index 1bb089dbff..217e1305bc 100755
--- a/events/jboss-logging/pom.xml
+++ b/events/jboss-logging/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-events-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/events/jpa/pom.xml b/events/jpa/pom.xml
index ca70472fff..d6e7e9e98c 100755
--- a/events/jpa/pom.xml
+++ b/events/jpa/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-events-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/events/mongo/pom.xml b/events/mongo/pom.xml
index 43d58d68ec..0900274780 100755
--- a/events/mongo/pom.xml
+++ b/events/mongo/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-events-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/events/pom.xml b/events/pom.xml
index 7189b1383f..68ad78e740 100755
--- a/events/pom.xml
+++ b/events/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/events/syslog/pom.xml b/events/syslog/pom.xml
index 8514521c66..4b6338ab65 100755
--- a/events/syslog/pom.xml
+++ b/events/syslog/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-events-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/admin-client/pom.xml b/examples/admin-client/pom.xml
index edbab74c1c..27aec4ef78 100755
--- a/examples/admin-client/pom.xml
+++ b/examples/admin-client/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Examples - Admin Client</name>
diff --git a/examples/basic-auth/pom.xml b/examples/basic-auth/pom.xml
index 0e1575ed01..a8c3400035 100755
--- a/examples/basic-auth/pom.xml
+++ b/examples/basic-auth/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Examples - Basic Auth</name>
diff --git a/examples/broker/facebook-authentication/pom.xml b/examples/broker/facebook-authentication/pom.xml
index 0dd194fea1..92f8f4dd77 100755
--- a/examples/broker/facebook-authentication/pom.xml
+++ b/examples/broker/facebook-authentication/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>keycloak-examples-broker-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Broker Examples - Facebook Authentication</name>
diff --git a/examples/broker/google-authentication/pom.xml b/examples/broker/google-authentication/pom.xml
index 2d94033026..609a7a9557 100755
--- a/examples/broker/google-authentication/pom.xml
+++ b/examples/broker/google-authentication/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>keycloak-examples-broker-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Broker Examples - Google Authentication</name>
diff --git a/examples/broker/pom.xml b/examples/broker/pom.xml
index 0d5488d98d..20165030f9 100755
--- a/examples/broker/pom.xml
+++ b/examples/broker/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Broker Examples</name>
diff --git a/examples/broker/saml-broker-authentication/pom.xml b/examples/broker/saml-broker-authentication/pom.xml
index 77f513a241..7f4073b50f 100755
--- a/examples/broker/saml-broker-authentication/pom.xml
+++ b/examples/broker/saml-broker-authentication/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>keycloak-examples-broker-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Broker Examples - SAML Identity Provider Brokering</name>
diff --git a/examples/broker/twitter-authentication/pom.xml b/examples/broker/twitter-authentication/pom.xml
index 2799dbd530..244383687f 100755
--- a/examples/broker/twitter-authentication/pom.xml
+++ b/examples/broker/twitter-authentication/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>keycloak-examples-broker-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Broker Examples - Twitter Authentication</name>
diff --git a/examples/cors/angular-product-app/pom.xml b/examples/cors/angular-product-app/pom.xml
index 8ad9d4fbeb..353d8f1fc7 100755
--- a/examples/cors/angular-product-app/pom.xml
+++ b/examples/cors/angular-product-app/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-cors-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/cors/database-service/pom.xml b/examples/cors/database-service/pom.xml
index 416b7d0023..257113ec5b 100755
--- a/examples/cors/database-service/pom.xml
+++ b/examples/cors/database-service/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-cors-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/cors/pom.xml b/examples/cors/pom.xml
index 00c6f94211..54046f9761 100755
--- a/examples/cors/pom.xml
+++ b/examples/cors/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Examples - CORS</name>
diff --git a/examples/demo-template/admin-access-app/pom.xml b/examples/demo-template/admin-access-app/pom.xml
index 6f4e8b0874..6eaa3fc111 100755
--- a/examples/demo-template/admin-access-app/pom.xml
+++ b/examples/demo-template/admin-access-app/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/angular-product-app/pom.xml b/examples/demo-template/angular-product-app/pom.xml
index 3220c30f58..c92fc17e19 100755
--- a/examples/demo-template/angular-product-app/pom.xml
+++ b/examples/demo-template/angular-product-app/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/customer-app-cli/pom.xml b/examples/demo-template/customer-app-cli/pom.xml
index 0a3984080d..eba8148695 100755
--- a/examples/demo-template/customer-app-cli/pom.xml
+++ b/examples/demo-template/customer-app-cli/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/customer-app-js/pom.xml b/examples/demo-template/customer-app-js/pom.xml
index 1a864b7334..875f605501 100755
--- a/examples/demo-template/customer-app-js/pom.xml
+++ b/examples/demo-template/customer-app-js/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/customer-app/pom.xml b/examples/demo-template/customer-app/pom.xml
index 8f58a54a6b..6992c5ec0f 100755
--- a/examples/demo-template/customer-app/pom.xml
+++ b/examples/demo-template/customer-app/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/database-service/pom.xml b/examples/demo-template/database-service/pom.xml
index 1001ebf6ca..53a8e4b6f7 100755
--- a/examples/demo-template/database-service/pom.xml
+++ b/examples/demo-template/database-service/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/example-ear/pom.xml b/examples/demo-template/example-ear/pom.xml
index 95fc04b492..8614c5744b 100755
--- a/examples/demo-template/example-ear/pom.xml
+++ b/examples/demo-template/example-ear/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/pom.xml b/examples/demo-template/pom.xml
index 11e54f4527..347a483667 100755
--- a/examples/demo-template/pom.xml
+++ b/examples/demo-template/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Examples</name>
diff --git a/examples/demo-template/product-app/pom.xml b/examples/demo-template/product-app/pom.xml
index db4cba394e..c4a42714d9 100755
--- a/examples/demo-template/product-app/pom.xml
+++ b/examples/demo-template/product-app/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/service-account/pom.xml b/examples/demo-template/service-account/pom.xml
index 4a5372f68a..5a417cd913 100644
--- a/examples/demo-template/service-account/pom.xml
+++ b/examples/demo-template/service-account/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/third-party-cdi/pom.xml b/examples/demo-template/third-party-cdi/pom.xml
index 591c99da0b..4f2ecfa988 100755
--- a/examples/demo-template/third-party-cdi/pom.xml
+++ b/examples/demo-template/third-party-cdi/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/third-party/pom.xml b/examples/demo-template/third-party/pom.xml
index 193129a328..360a941863 100755
--- a/examples/demo-template/third-party/pom.xml
+++ b/examples/demo-template/third-party/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/camel/pom.xml b/examples/fuse/camel/pom.xml
index abefa60912..9744daefa6 100755
--- a/examples/fuse/camel/pom.xml
+++ b/examples/fuse/camel/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-fuse-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/customer-app-fuse/pom.xml b/examples/fuse/customer-app-fuse/pom.xml
index ef42b17172..7ebf3d49b8 100755
--- a/examples/fuse/customer-app-fuse/pom.xml
+++ b/examples/fuse/customer-app-fuse/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-fuse-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/cxf-jaxrs/pom.xml b/examples/fuse/cxf-jaxrs/pom.xml
index c496919266..82678c0837 100755
--- a/examples/fuse/cxf-jaxrs/pom.xml
+++ b/examples/fuse/cxf-jaxrs/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-fuse-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/cxf-jaxws/pom.xml b/examples/fuse/cxf-jaxws/pom.xml
index 24b0c0c317..e3940d8a0f 100755
--- a/examples/fuse/cxf-jaxws/pom.xml
+++ b/examples/fuse/cxf-jaxws/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-fuse-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/features/pom.xml b/examples/fuse/features/pom.xml
index a374a37fe2..e49ce6640d 100755
--- a/examples/fuse/features/pom.xml
+++ b/examples/fuse/features/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-fuse-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/pom.xml b/examples/fuse/pom.xml
index fd9356336c..66796796b6 100755
--- a/examples/fuse/pom.xml
+++ b/examples/fuse/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Fuse examples</name>
diff --git a/examples/fuse/product-app-fuse/pom.xml b/examples/fuse/product-app-fuse/pom.xml
index cd809eb76b..a3ab15b041 100755
--- a/examples/fuse/product-app-fuse/pom.xml
+++ b/examples/fuse/product-app-fuse/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-fuse-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/js-console/pom.xml b/examples/js-console/pom.xml
index b7e910fee8..a88257fd05 100755
--- a/examples/js-console/pom.xml
+++ b/examples/js-console/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/kerberos/pom.xml b/examples/kerberos/pom.xml
index bbdafde277..02955dc79b 100755
--- a/examples/kerberos/pom.xml
+++ b/examples/kerberos/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Examples - Kerberos Credential Delegation</name>
diff --git a/examples/ldap/pom.xml b/examples/ldap/pom.xml
index 704ff25c7a..b74c82b623 100644
--- a/examples/ldap/pom.xml
+++ b/examples/ldap/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/multi-tenant/pom.xml b/examples/multi-tenant/pom.xml
index c09f7922f3..b75c76db75 100755
--- a/examples/multi-tenant/pom.xml
+++ b/examples/multi-tenant/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Examples - Multi Tenant</name>
diff --git a/examples/pom.xml b/examples/pom.xml
index 7ee1f17794..65a428ee01 100755
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Examples</name>
diff --git a/examples/providers/authenticator/pom.xml b/examples/providers/authenticator/pom.xml
index abfdfdaf7f..9a88f17e3e 100755
--- a/examples/providers/authenticator/pom.xml
+++ b/examples/providers/authenticator/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-providers-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Authenticator Example</name>
diff --git a/examples/providers/event-listener-sysout/pom.xml b/examples/providers/event-listener-sysout/pom.xml
index aba24f9de9..6b650784fd 100755
--- a/examples/providers/event-listener-sysout/pom.xml
+++ b/examples/providers/event-listener-sysout/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-providers-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Event Listener System.out Example</name>
diff --git a/examples/providers/event-store-mem/pom.xml b/examples/providers/event-store-mem/pom.xml
index a9d541fccd..1560b2893e 100755
--- a/examples/providers/event-store-mem/pom.xml
+++ b/examples/providers/event-store-mem/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-providers-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Event Store In-Mem Example</name>
diff --git a/examples/providers/federation-provider/pom.xml b/examples/providers/federation-provider/pom.xml
index 4e03e1f648..ab45194727 100755
--- a/examples/providers/federation-provider/pom.xml
+++ b/examples/providers/federation-provider/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-providers-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Properties Authentication Provider Example</name>
diff --git a/examples/providers/pom.xml b/examples/providers/pom.xml
index 731151492b..1bb90d0c77 100755
--- a/examples/providers/pom.xml
+++ b/examples/providers/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Provider Examples</name>
diff --git a/examples/saml/pom.xml b/examples/saml/pom.xml
index 5eeb7e6001..f324686870 100755
--- a/examples/saml/pom.xml
+++ b/examples/saml/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Provider Examples</name>
diff --git a/examples/themes/pom.xml b/examples/themes/pom.xml
index 3d11e4732e..8bb9d7c958 100755
--- a/examples/themes/pom.xml
+++ b/examples/themes/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Themes Examples</name>
diff --git a/export-import/export-import-api/pom.xml b/export-import/export-import-api/pom.xml
index fc3bca3797..734c793c0a 100755
--- a/export-import/export-import-api/pom.xml
+++ b/export-import/export-import-api/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-export-import-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/export-import/export-import-dir/pom.xml b/export-import/export-import-dir/pom.xml
index bef097bf1d..bf2e345b41 100755
--- a/export-import/export-import-dir/pom.xml
+++ b/export-import/export-import-dir/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-export-import-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/export-import/export-import-single-file/pom.xml b/export-import/export-import-single-file/pom.xml
index 9a0e9697c1..a6cd0bd557 100755
--- a/export-import/export-import-single-file/pom.xml
+++ b/export-import/export-import-single-file/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-export-import-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/export-import/export-import-zip/pom.xml b/export-import/export-import-zip/pom.xml
index 0dc100f501..b396fa6011 100755
--- a/export-import/export-import-zip/pom.xml
+++ b/export-import/export-import-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-export-import-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/export-import/pom.xml b/export-import/pom.xml
index 711b2a3fd7..35a6f0bb14 100755
--- a/export-import/pom.xml
+++ b/export-import/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/federation/kerberos/pom.xml b/federation/kerberos/pom.xml
index be0b951a22..ce6c8fa747 100755
--- a/federation/kerberos/pom.xml
+++ b/federation/kerberos/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/federation/ldap/pom.xml b/federation/ldap/pom.xml
index 0043d9aefe..afab21c029 100755
--- a/federation/ldap/pom.xml
+++ b/federation/ldap/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/federation/pom.xml b/federation/pom.xml
index 51bbe5597e..0a920dc8c0 100755
--- a/federation/pom.xml
+++ b/federation/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/forms/account-api/pom.xml b/forms/account-api/pom.xml
index 498ff80a1c..c5ab8df3ef 100755
--- a/forms/account-api/pom.xml
+++ b/forms/account-api/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/account-freemarker/pom.xml b/forms/account-freemarker/pom.xml
index ee10fdd86c..702d68b558 100755
--- a/forms/account-freemarker/pom.xml
+++ b/forms/account-freemarker/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/common-freemarker/pom.xml b/forms/common-freemarker/pom.xml
index 852bec41c4..c6c1e138c2 100755
--- a/forms/common-freemarker/pom.xml
+++ b/forms/common-freemarker/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/common-themes/pom.xml b/forms/common-themes/pom.xml
index 17c59dfc4a..957e0470af 100755
--- a/forms/common-themes/pom.xml
+++ b/forms/common-themes/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/email-api/pom.xml b/forms/email-api/pom.xml
index 3dd229bb4f..17c5a0d91e 100755
--- a/forms/email-api/pom.xml
+++ b/forms/email-api/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/email-freemarker/pom.xml b/forms/email-freemarker/pom.xml
index 026431a077..e1eff9db3d 100755
--- a/forms/email-freemarker/pom.xml
+++ b/forms/email-freemarker/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-forms-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/forms/login-api/pom.xml b/forms/login-api/pom.xml
index abf4c2893b..5d7725d0b8 100755
--- a/forms/login-api/pom.xml
+++ b/forms/login-api/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/login-freemarker/pom.xml b/forms/login-freemarker/pom.xml
index 5d136988b0..4bfd3d024c 100755
--- a/forms/login-freemarker/pom.xml
+++ b/forms/login-freemarker/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/pom.xml b/forms/pom.xml
index c3b3ef3cc8..3e403a05fa 100755
--- a/forms/pom.xml
+++ b/forms/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/adapter-core/pom.xml b/integration/adapter-core/pom.xml
index 6a8e14b250..973003eddd 100755
--- a/integration/adapter-core/pom.xml
+++ b/integration/adapter-core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/admin-client/pom.xml b/integration/admin-client/pom.xml
index f4501c22fe..69f91151d9 100755
--- a/integration/admin-client/pom.xml
+++ b/integration/admin-client/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/as7-eap6/as7-adapter/pom.xml b/integration/as7-eap6/as7-adapter/pom.xml
index f7a66c03f9..e13542b9d2 100755
--- a/integration/as7-eap6/as7-adapter/pom.xml
+++ b/integration/as7-eap6/as7-adapter/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/as7-eap6/as7-server-subsystem/pom.xml b/integration/as7-eap6/as7-server-subsystem/pom.xml
index e1b03914e8..4316de0324 100755
--- a/integration/as7-eap6/as7-server-subsystem/pom.xml
+++ b/integration/as7-eap6/as7-server-subsystem/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>keycloak-parent</artifactId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/integration/as7-eap6/as7-subsystem/pom.xml b/integration/as7-eap6/as7-subsystem/pom.xml
index 5b78129eda..4ab8ca9735 100755
--- a/integration/as7-eap6/as7-subsystem/pom.xml
+++ b/integration/as7-eap6/as7-subsystem/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>keycloak-parent</artifactId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/integration/as7-eap6/pom.xml b/integration/as7-eap6/pom.xml
index 12b276ff1b..0080f469a1 100644
--- a/integration/as7-eap6/pom.xml
+++ b/integration/as7-eap6/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <name>Keycloak AS7 / JBoss EAP 6 Integration</name>
diff --git a/integration/installed/pom.xml b/integration/installed/pom.xml
index f9e07b4f60..379f7b6dd9 100755
--- a/integration/installed/pom.xml
+++ b/integration/installed/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/jaxrs-oauth-client/pom.xml b/integration/jaxrs-oauth-client/pom.xml
index a9769f59ac..33630c8b22 100755
--- a/integration/jaxrs-oauth-client/pom.xml
+++ b/integration/jaxrs-oauth-client/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/jboss-adapter-core/pom.xml b/integration/jboss-adapter-core/pom.xml
index 0789bc0986..161a8af1e5 100755
--- a/integration/jboss-adapter-core/pom.xml
+++ b/integration/jboss-adapter-core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/jetty/jetty-core/pom.xml b/integration/jetty/jetty-core/pom.xml
index 9caa98899e..aa02a1c627 100755
--- a/integration/jetty/jetty-core/pom.xml
+++ b/integration/jetty/jetty-core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/jetty/jetty8.1/pom.xml b/integration/jetty/jetty8.1/pom.xml
index 6bb71151ee..7c03844e11 100755
--- a/integration/jetty/jetty8.1/pom.xml
+++ b/integration/jetty/jetty8.1/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/jetty/jetty9.1/pom.xml b/integration/jetty/jetty9.1/pom.xml
index 12f4542250..85d61d84c2 100755
--- a/integration/jetty/jetty9.1/pom.xml
+++ b/integration/jetty/jetty9.1/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/jetty/jetty9.2/pom.xml b/integration/jetty/jetty9.2/pom.xml
index efba0cd581..ab79f28983 100755
--- a/integration/jetty/jetty9.2/pom.xml
+++ b/integration/jetty/jetty9.2/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/jetty/pom.xml b/integration/jetty/pom.xml
index 2cb71df316..8388996af9 100755
--- a/integration/jetty/pom.xml
+++ b/integration/jetty/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Jetty Integration</name>
diff --git a/integration/js/pom.xml b/integration/js/pom.xml
index d8384ac482..060d66691f 100755
--- a/integration/js/pom.xml
+++ b/integration/js/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/osgi-adapter/pom.xml b/integration/osgi-adapter/pom.xml
index c31a4ed0fd..43be02d480 100755
--- a/integration/osgi-adapter/pom.xml
+++ b/integration/osgi-adapter/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/pom.xml b/integration/pom.xml
index 413dfedee8..3327b6dd71 100755
--- a/integration/pom.xml
+++ b/integration/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <name>Keycloak Integration</name>
diff --git a/integration/servlet-oauth-client/pom.xml b/integration/servlet-oauth-client/pom.xml
index b5c869ffbe..b5f5d47c92 100755
--- a/integration/servlet-oauth-client/pom.xml
+++ b/integration/servlet-oauth-client/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/spring-boot/pom.xml b/integration/spring-boot/pom.xml
index a8e4d74ce1..c75a6d8c3a 100755
--- a/integration/spring-boot/pom.xml
+++ b/integration/spring-boot/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <artifactId>keycloak-parent</artifactId>
     <groupId>org.keycloak</groupId>
-    <version>1.5.0.Final-SNAPSHOT</version>
+    <version>1.6.0.Final-SNAPSHOT</version>
     <relativePath>../../pom.xml</relativePath>
   </parent>
   <modelVersion>4.0.0</modelVersion>
diff --git a/integration/spring-security/pom.xml b/integration/spring-security/pom.xml
index c5055e55ea..718f342be4 100755
--- a/integration/spring-security/pom.xml
+++ b/integration/spring-security/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/tomcat/pom.xml b/integration/tomcat/pom.xml
index 1ec282f5ae..c5808bfff3 100755
--- a/integration/tomcat/pom.xml
+++ b/integration/tomcat/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Tomcat Integration</name>
diff --git a/integration/tomcat/tomcat-core/pom.xml b/integration/tomcat/tomcat-core/pom.xml
index d57cec9c66..4271b7f34c 100755
--- a/integration/tomcat/tomcat-core/pom.xml
+++ b/integration/tomcat/tomcat-core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/tomcat/tomcat6/pom.xml b/integration/tomcat/tomcat6/pom.xml
index 2accbc00d6..f2313e9663 100755
--- a/integration/tomcat/tomcat6/pom.xml
+++ b/integration/tomcat/tomcat6/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/tomcat/tomcat7/pom.xml b/integration/tomcat/tomcat7/pom.xml
index 8ed96fdbcb..04aabd83f0 100755
--- a/integration/tomcat/tomcat7/pom.xml
+++ b/integration/tomcat/tomcat7/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/tomcat/tomcat8/pom.xml b/integration/tomcat/tomcat8/pom.xml
index 2a9424ae4a..1b595145a6 100755
--- a/integration/tomcat/tomcat8/pom.xml
+++ b/integration/tomcat/tomcat8/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/undertow/pom.xml b/integration/undertow/pom.xml
index d25d7ed3b4..7a1d7b9f98 100755
--- a/integration/undertow/pom.xml
+++ b/integration/undertow/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/wildfly/pom.xml b/integration/wildfly/pom.xml
index f1f6ccd453..72f87c60ca 100644
--- a/integration/wildfly/pom.xml
+++ b/integration/wildfly/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <name>Keycloak WildFly Integration</name>
diff --git a/integration/wildfly/wf8-subsystem/pom.xml b/integration/wildfly/wf8-subsystem/pom.xml
index aaa53e0772..66b1abeeaf 100755
--- a/integration/wildfly/wf8-subsystem/pom.xml
+++ b/integration/wildfly/wf8-subsystem/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>keycloak-parent</artifactId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/integration/wildfly/wf9-server-subsystem/pom.xml b/integration/wildfly/wf9-server-subsystem/pom.xml
index a7a1872d1b..634fa47616 100755
--- a/integration/wildfly/wf9-server-subsystem/pom.xml
+++ b/integration/wildfly/wf9-server-subsystem/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>keycloak-parent</artifactId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/integration/wildfly/wf9-subsystem/pom.xml b/integration/wildfly/wf9-subsystem/pom.xml
index 92e510e961..1991265d57 100755
--- a/integration/wildfly/wf9-subsystem/pom.xml
+++ b/integration/wildfly/wf9-subsystem/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>keycloak-parent</artifactId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/integration/wildfly/wildfly-adapter/pom.xml b/integration/wildfly/wildfly-adapter/pom.xml
index 6517e857cc..3685b1b100 100755
--- a/integration/wildfly/wildfly-adapter/pom.xml
+++ b/integration/wildfly/wildfly-adapter/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/wildfly/wildfly-extensions/pom.xml b/integration/wildfly/wildfly-extensions/pom.xml
index 15b4918190..f59f190e68 100755
--- a/integration/wildfly/wildfly-extensions/pom.xml
+++ b/integration/wildfly/wildfly-extensions/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>keycloak-parent</artifactId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/model/api/pom.xml b/model/api/pom.xml
index 1c4fb9d03a..58ca5e2d80 100755
--- a/model/api/pom.xml
+++ b/model/api/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/file/pom.xml b/model/file/pom.xml
index 9d41184c33..a8ccef3be2 100755
--- a/model/file/pom.xml
+++ b/model/file/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/invalidation-cache/infinispan/pom.xml b/model/invalidation-cache/infinispan/pom.xml
index 4d818c82a4..5bedd767fa 100755
--- a/model/invalidation-cache/infinispan/pom.xml
+++ b/model/invalidation-cache/infinispan/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/invalidation-cache/model-adapters/pom.xml b/model/invalidation-cache/model-adapters/pom.xml
index 4719a0604b..0f45b87f74 100755
--- a/model/invalidation-cache/model-adapters/pom.xml
+++ b/model/invalidation-cache/model-adapters/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/invalidation-cache/pom.xml b/model/invalidation-cache/pom.xml
index cdff0b8dd2..2eb605d6bc 100755
--- a/model/invalidation-cache/pom.xml
+++ b/model/invalidation-cache/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Model Invalidation Cache Parent</name>
diff --git a/model/jpa/pom.xml b/model/jpa/pom.xml
index 8c21ceeafa..f4f9eec7e1 100755
--- a/model/jpa/pom.xml
+++ b/model/jpa/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/mongo/pom.xml b/model/mongo/pom.xml
index 5387ffcf28..0c53237210 100755
--- a/model/mongo/pom.xml
+++ b/model/mongo/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/pom.xml b/model/pom.xml
index de7e486c9d..7cd37b8601 100755
--- a/model/pom.xml
+++ b/model/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <name>Keycloak Model Parent</name>
diff --git a/model/sessions-infinispan/pom.xml b/model/sessions-infinispan/pom.xml
index 7aa04c8eaa..3d8c256277 100755
--- a/model/sessions-infinispan/pom.xml
+++ b/model/sessions-infinispan/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/pom.xml b/pom.xml
index c9e3f76ff8..0c835d9c69 100755
--- a/pom.xml
+++ b/pom.xml
@@ -14,7 +14,7 @@
     </description>
     <groupId>org.keycloak</groupId>
     <artifactId>keycloak-parent</artifactId>
-    <version>1.5.0.Final-SNAPSHOT</version>
+    <version>1.6.0.Final-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <properties>
diff --git a/proxy/launcher/pom.xml b/proxy/launcher/pom.xml
index 34d82b59cb..89e594c54e 100755
--- a/proxy/launcher/pom.xml
+++ b/proxy/launcher/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/proxy/pom.xml b/proxy/pom.xml
index 1fef24fbf0..5a9f526b66 100755
--- a/proxy/pom.xml
+++ b/proxy/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <name>Model Parent</name>
diff --git a/proxy/proxy-server/pom.xml b/proxy/proxy-server/pom.xml
index 008bd014d1..eb077cef71 100755
--- a/proxy/proxy-server/pom.xml
+++ b/proxy/proxy-server/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/saml/pom.xml b/saml/pom.xml
index c836f847ee..85d0080aca 100755
--- a/saml/pom.xml
+++ b/saml/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <name>Keycloak SAML Integration</name>
diff --git a/saml/saml-core/pom.xml b/saml/saml-core/pom.xml
index 454c4129c4..7d08b3b470 100755
--- a/saml/saml-core/pom.xml
+++ b/saml/saml-core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/saml/saml-protocol/pom.xml b/saml/saml-protocol/pom.xml
index d749a051fd..7da77bb324 100755
--- a/saml/saml-protocol/pom.xml
+++ b/saml/saml-protocol/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/services/pom.xml b/services/pom.xml
index 3f861fb24d..41d80e752f 100755
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/core/pom.xml b/social/core/pom.xml
index 0e3b26c469..a46754399d 100755
--- a/social/core/pom.xml
+++ b/social/core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/facebook/pom.xml b/social/facebook/pom.xml
index 2b8634c0c1..64817057bc 100755
--- a/social/facebook/pom.xml
+++ b/social/facebook/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/github/pom.xml b/social/github/pom.xml
index 1284595a3d..50f8f98aa4 100755
--- a/social/github/pom.xml
+++ b/social/github/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/google/pom.xml b/social/google/pom.xml
index f3680a7399..1bc444ead4 100755
--- a/social/google/pom.xml
+++ b/social/google/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/linkedin/pom.xml b/social/linkedin/pom.xml
index f7b04c7816..cb6617ee41 100755
--- a/social/linkedin/pom.xml
+++ b/social/linkedin/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/pom.xml b/social/pom.xml
index 597a99a4f6..bf61f80f83 100755
--- a/social/pom.xml
+++ b/social/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/stackoverflow/pom.xml b/social/stackoverflow/pom.xml
index b0b4c56ad9..25beb15864 100755
--- a/social/stackoverflow/pom.xml
+++ b/social/stackoverflow/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/twitter/pom.xml b/social/twitter/pom.xml
index 0cfb3e0ef8..7e8053399e 100755
--- a/social/twitter/pom.xml
+++ b/social/twitter/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/docker-cluster/pom.xml b/testsuite/docker-cluster/pom.xml
index 00abb8bac9..89b0496522 100755
--- a/testsuite/docker-cluster/pom.xml
+++ b/testsuite/docker-cluster/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/testsuite/integration-arquillian/pom.xml b/testsuite/integration-arquillian/pom.xml
index 6106fd435f..2ef2ac3f70 100644
--- a/testsuite/integration-arquillian/pom.xml
+++ b/testsuite/integration-arquillian/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml
index 3653fd97b4..7948e97729 100755
--- a/testsuite/integration/pom.xml
+++ b/testsuite/integration/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/jetty/jetty81/pom.xml b/testsuite/jetty/jetty81/pom.xml
index 840282ef6b..595fdf27c1 100755
--- a/testsuite/jetty/jetty81/pom.xml
+++ b/testsuite/jetty/jetty81/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/jetty/jetty91/pom.xml b/testsuite/jetty/jetty91/pom.xml
index fea7a82610..7815e73a35 100755
--- a/testsuite/jetty/jetty91/pom.xml
+++ b/testsuite/jetty/jetty91/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/jetty/jetty92/pom.xml b/testsuite/jetty/jetty92/pom.xml
index 0afd207506..09eaec7933 100755
--- a/testsuite/jetty/jetty92/pom.xml
+++ b/testsuite/jetty/jetty92/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/performance/pom.xml b/testsuite/performance/pom.xml
index d853d38bda..f553ab794b 100755
--- a/testsuite/performance/pom.xml
+++ b/testsuite/performance/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/pom.xml b/testsuite/pom.xml
index c25fd4f989..beae79ed8b 100755
--- a/testsuite/pom.xml
+++ b/testsuite/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.5.0.Final-SNAPSHOT</version>
+		<version>1.6.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/proxy/pom.xml b/testsuite/proxy/pom.xml
index d195398f21..28c418a7e2 100755
--- a/testsuite/proxy/pom.xml
+++ b/testsuite/proxy/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/tomcat6/pom.xml b/testsuite/tomcat6/pom.xml
index 92a4953178..0597e7d988 100755
--- a/testsuite/tomcat6/pom.xml
+++ b/testsuite/tomcat6/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/tomcat7/pom.xml b/testsuite/tomcat7/pom.xml
index f9dc4f3032..b8a44e3c96 100755
--- a/testsuite/tomcat7/pom.xml
+++ b/testsuite/tomcat7/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/tomcat8/pom.xml b/testsuite/tomcat8/pom.xml
index 30cbf0d3c7..4862aebd9a 100755
--- a/testsuite/tomcat8/pom.xml
+++ b/testsuite/tomcat8/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/timer/api/pom.xml b/timer/api/pom.xml
index 333aa8bc9f..97eda6737c 100755
--- a/timer/api/pom.xml
+++ b/timer/api/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-timer-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/timer/basic/pom.xml b/timer/basic/pom.xml
index 31fa87082a..77b8d8f363 100755
--- a/timer/basic/pom.xml
+++ b/timer/basic/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-timer-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/timer/pom.xml b/timer/pom.xml
index 435869b104..002bb05bac 100755
--- a/timer/pom.xml
+++ b/timer/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/util/embedded-ldap/pom.xml b/util/embedded-ldap/pom.xml
index f93a8c897e..d4cd597f33 100644
--- a/util/embedded-ldap/pom.xml
+++ b/util/embedded-ldap/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/util/pom.xml b/util/pom.xml
index d25bd9d3ef..a514c72582 100644
--- a/util/pom.xml
+++ b/util/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.5.0.Final-SNAPSHOT</version>
+        <version>1.6.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

From e0eac89e5a0f5d4634bf304b87b93ca21514f7fe Mon Sep 17 00:00:00 2001
From: Thomas Raehalme <thomas.raehalme@aitiofinland.com>
Date: Thu, 10 Sep 2015 12:30:07 +0300
Subject: [PATCH 18/35] Added check for null authentication on the logout
 method.

---
 .../authentication/KeycloakLogoutHandler.java              | 7 +++++--
 .../authentication/KeycloakLogoutHandlerTest.java          | 6 ++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java
index d843aa7d41..27178ca2ad 100644
--- a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java
+++ b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java
@@ -32,8 +32,11 @@ public class KeycloakLogoutHandler implements LogoutHandler {
 
     @Override
     public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-
-        if (!KeycloakAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
+        if (authentication == null) {
+            log.warn("Cannot log out without authentication");
+            return;
+        }
+        else if (!KeycloakAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
             log.warn("Cannot log out a non-Keycloak authentication: {}", authentication);
             return;
         }
diff --git a/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java b/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java
index 2ee32af85e..6a035b5c78 100644
--- a/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java
+++ b/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java
@@ -88,6 +88,12 @@ public class KeycloakLogoutHandlerTest {
         verifyZeroInteractions(session);
     }
 
+    @Test
+    public void testLogoutNullAuthentication() throws Exception {
+        keycloakLogoutHandler.logout(request, response, null);
+        verifyZeroInteractions(session);
+    }
+
     @Test
     public void testHandleSingleSignOut() throws Exception {
         keycloakLogoutHandler.handleSingleSignOut(request, response, keycloakAuthenticationToken);

From fb4645a3dc9f0c03c7a3a7eb209322063ea76857 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Thu, 10 Sep 2015 20:41:51 +0200
Subject: [PATCH 19/35] KEYCLOAK-1833 Fix error messages for identity brokering

---
 .../login/messages/messages_de.properties     | 22 +++++++++----------
 .../login/messages/messages_en.properties     | 22 +++++++++----------
 .../login/messages/messages_it.properties     | 22 +++++++++----------
 .../login/messages/messages_pt_BR.properties  | 22 +++++++++----------
 .../broker/IdentityProviderHintTest.java      |  2 +-
 5 files changed, 45 insertions(+), 45 deletions(-)
 mode change 100755 => 100644 forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties
 mode change 100755 => 100644 forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties
 mode change 100755 => 100644 forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties
 mode change 100755 => 100644 forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties

diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties
old mode 100755
new mode 100644
index 3050953770..4cbbf0f44e
--- a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties
+++ b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_de.properties
@@ -168,24 +168,24 @@ registrationNotAllowedMessage=Registrierung nicht erlaubt.
 resetCredentialNotAllowedMessage=Reset Credential not allowed
 
 permissionNotApprovedMessage=Berechtigung nicht best\u00E4tigt.
-noRelayStateInResponseMessage=Kein relay state in der Antwort von dem Identity Provider [{0}].
-identityProviderAlreadyLinkedMessage=Die Identit\u00E4t welche von dem Identity Provider [{0}] zur\u00FCckgegeben wurde, ist bereits mit einem anderen Benutzer verkn\u00FCpft.
+noRelayStateInResponseMessage=Kein relay state in der Antwort von dem Identity Provider.
+identityProviderAlreadyLinkedMessage=Die Identit\u00E4t welche von dem Identity Provider zur\u00FCckgegeben wurde, ist bereits mit einem anderen Benutzer verkn\u00FCpft.
 insufficientPermissionMessage=Nicht gen\u00FCgend Rechte um die Identit\u00E4t zu verkn\u00FCpfen.
 couldNotProceedWithAuthenticationRequestMessage=Konnte den Authentifizierungs Request nicht weiter verarbeiten.
-couldNotObtainTokenMessage=Konnte kein token vom Identity Provider [{0}] entnehmen.
-unexpectedErrorRetrievingTokenMessage=Unerwarteter Fehler w\u00E4hrend dem Empfang des Token von dem Identity Provider [{0}].
-unexpectedErrorHandlingResponseMessage=Unerwarteter Fehler w\u00E4hrend der Bearbeitung des Respons vom Identity Provider [{0}].
-identityProviderAuthenticationFailedMessage=Authentifizierung Fehlgeschlagen. Konnte sich mit dem Identity Provider [{0}] nicht authentifizieren.
-couldNotSendAuthenticationRequestMessage=Konnte Authentifizierungs Request nicht an den Identity Provider [{0}] schicken.
-unexpectedErrorHandlingRequestMessage=Unerwarteter Fehler w\u00E4hrend der Bearbeitung des Requests zum Identity Provider [{0}].
+couldNotObtainTokenMessage=Konnte kein token vom Identity Provider entnehmen.
+unexpectedErrorRetrievingTokenMessage=Unerwarteter Fehler w\u00E4hrend dem Empfang des Token von dem Identity Provider.
+unexpectedErrorHandlingResponseMessage=Unerwarteter Fehler w\u00E4hrend der Bearbeitung des Respons vom Identity Provider.
+identityProviderAuthenticationFailedMessage=Authentifizierung Fehlgeschlagen. Konnte sich mit dem Identity Provider nicht authentifizieren.
+couldNotSendAuthenticationRequestMessage=Konnte Authentifizierungs Request nicht an den Identity Provider schicken.
+unexpectedErrorHandlingRequestMessage=Unerwarteter Fehler w\u00E4hrend der Bearbeitung des Requests zum Identity Provider.
 invalidAccessCodeMessage=Ung\u00FCltiger Access-Code.
 sessionNotActiveMessage=Session nicht aktiv.
 unknownCodeMessage=Unbekannter Code, bitte melden Sie sich erneut \u00FCber die Applikation an.
 invalidCodeMessage=Ung\u00FCltiger Code, bitte melden Sie sich erneut \u00FCber die Applikation an.
 identityProviderUnexpectedErrorMessage=Unerwarteter Fehler w\u00E4hrend der Authentifizierung mit dem Identity Provider.
-identityProviderNotFoundMessage=Konnte kein Identity Provider mit der Identit\u00E4t [{0}] finden.
-realmSupportsNoCredentialsMessage=Realm [{0}] unterst\u00FCtzt keine Credential Typen.
-identityProviderNotUniqueMessage=Realm [{0}] unterst\u00FCtz mehrere Identity Providers.
+identityProviderNotFoundMessage=Konnte kein Identity Provider mit der Identit\u00E4t finden.
+realmSupportsNoCredentialsMessage=Realm unterst\u00FCtzt keine Credential Typen.
+identityProviderNotUniqueMessage=Realm unterst\u00FCtz mehrere Identity Providers.
 
 invalidParameterMessage=Invalid parameter\: {0}
 missingParameterMessage=Missing parameter\: {0}
diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties
old mode 100755
new mode 100644
index bc10220b0d..3dfb8eab9a
--- a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties
+++ b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_en.properties
@@ -171,23 +171,23 @@ registrationNotAllowedMessage=Registration not allowed
 resetCredentialNotAllowedMessage=Reset Credential not allowed
 
 permissionNotApprovedMessage=Permission not approved.
-noRelayStateInResponseMessage=No relay state in response from identity provider [{0}].
-identityProviderAlreadyLinkedMessage=The identity returned by the identity provider [{0}] is already linked to another user.
+noRelayStateInResponseMessage=No relay state in response from identity provider.
+identityProviderAlreadyLinkedMessage=The identity returned by the identity provider is already linked to another user.
 insufficientPermissionMessage=Insufficient permissions to link identities.
 couldNotProceedWithAuthenticationRequestMessage=Could not proceed with authentication request to identity provider.
-couldNotObtainTokenMessage=Could not obtain token from identity provider [{0}].
-unexpectedErrorRetrievingTokenMessage=Unexpected error when retrieving token from identity provider [{0}].
-unexpectedErrorHandlingResponseMessage=Unexpected error when handling response from identity provider [{0}].
-identityProviderAuthenticationFailedMessage=Authentication failed. Could not authenticate with identity provider [{0}].
-couldNotSendAuthenticationRequestMessage=Could not send authentication request to identity provider [{0}].
-unexpectedErrorHandlingRequestMessage=Unexpected error when handling authentication request to identity provider [{0}].
+couldNotObtainTokenMessage=Could not obtain token from identity provider.
+unexpectedErrorRetrievingTokenMessage=Unexpected error when retrieving token from identity provider.
+unexpectedErrorHandlingResponseMessage=Unexpected error when handling response from identity provider.
+identityProviderAuthenticationFailedMessage=Authentication failed. Could not authenticate with identity provider.
+couldNotSendAuthenticationRequestMessage=Could not send authentication request to identity provider.
+unexpectedErrorHandlingRequestMessage=Unexpected error when handling authentication request to identity provider.
 invalidAccessCodeMessage=Invalid access code.
 sessionNotActiveMessage=Session not active.
 invalidCodeMessage=An error occurred, please login again through your application.
 identityProviderUnexpectedErrorMessage=Unexpected error when authenticating with identity provider
-identityProviderNotFoundMessage=Could not find an identity provider with the identifier [{0}].
-realmSupportsNoCredentialsMessage=Realm [{0}] does not support any credential type.
-identityProviderNotUniqueMessage=Realm [{0}] supports multiple identity providers. Could not determine which identity provider should be used to authenticate with.
+identityProviderNotFoundMessage=Could not find an identity provider with the identifier.
+realmSupportsNoCredentialsMessage=Realm does not support any credential type.
+identityProviderNotUniqueMessage=Realm supports multiple identity providers. Could not determine which identity provider should be used to authenticate with.
 emailVerifiedMessage=Your email address has been verified.
 
 locale_de=German
diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties
old mode 100755
new mode 100644
index e57afcdd16..4833b9be18
--- a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties
+++ b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_it.properties
@@ -166,23 +166,23 @@ resetCredentialNotAllowedMessage=Reset Credential not allowed
 
 
 permissionNotApprovedMessage=Permesso non approvato.
-noRelayStateInResponseMessage=Nessun relay state in risposta dall''identity provider [{0}].
-identityProviderAlreadyLinkedMessage=L''identita'' restituita dall''identity provider [{0}] e'' gia'' associata ad un altro utente.
+noRelayStateInResponseMessage=Nessun relay state in risposta dall''identity provider.
+identityProviderAlreadyLinkedMessage=L''identita'' restituita dall''identity provider e'' gia'' associata ad un altro utente.
 insufficientPermissionMessage=Permessi insufficienti per associare le identita''.
 couldNotProceedWithAuthenticationRequestMessage=Non posso procedere con la richiesta di autenticazione all''identity provider.
-couldNotObtainTokenMessage=Non posso ottenere un token  dall''identity provider [{0}].
-unexpectedErrorRetrievingTokenMessage=Errore inaspettato nella gestione del token dall''identity provider [{0}].
-unexpectedErrorHandlingResponseMessage=Errore inaspettato nella gestione della risposta dall''identity provider [{0}].
-identityProviderAuthenticationFailedMessage=Autenticazione fallita. Non posso effettuare l''autenticazione con l''identity provider [{0}].
-couldNotSendAuthenticationRequestMessage=Non posso inviare la richiesta di autenticazione all''identity provider [{0}].
-unexpectedErrorHandlingRequestMessage=Errore imprevisto durante l''autenticazione con identity provider [{0}].
+couldNotObtainTokenMessage=Non posso ottenere un token  dall''identity provider.
+unexpectedErrorRetrievingTokenMessage=Errore inaspettato nella gestione del token dall''identity provider.
+unexpectedErrorHandlingResponseMessage=Errore inaspettato nella gestione della risposta dall''identity provider.
+identityProviderAuthenticationFailedMessage=Autenticazione fallita. Non posso effettuare l''autenticazione con l''identity provider.
+couldNotSendAuthenticationRequestMessage=Non posso inviare la richiesta di autenticazione all''identity provider.
+unexpectedErrorHandlingRequestMessage=Errore imprevisto durante l''autenticazione con identity provider.
 invalidAccessCodeMessage=Codice di accesso non valido.
 sessionNotActiveMessage=Sessione non attiva.
 invalidCodeMessage=Si e'' verificato un errore, per piacere effettua di nuovo il login nella tua applicazione.
 identityProviderUnexpectedErrorMessage=Errore imprevisto durante l''autenticazione con identity provider
-identityProviderNotFoundMessage=Non posso trovare un identity provider con l''identificativo [{0}].
-realmSupportsNoCredentialsMessage=Il Realm [{0}] non supporta nessun tipo di credenziali.
-identityProviderNotUniqueMessage=Il Realm [{0}] supporta piu'' di un identity provider. Non posso determinare quale identity provider con il quale autenticarti.
+identityProviderNotFoundMessage=Non posso trovare un identity provider con l''identificativo.
+realmSupportsNoCredentialsMessage=Il Realm non supporta nessun tipo di credenziali.
+identityProviderNotUniqueMessage=Il Realm supporta piu'' di un identity provider. Non posso determinare quale identity provider con il quale autenticarti.
 emailVerifiedMessage=Il tuo indirizzo email e'' stato verificato.
 
 locale_de=German
diff --git a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties
old mode 100755
new mode 100644
index 89c8808665..d2b1b65204
--- a/forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties
+++ b/forms/common-themes/src/main/resources/theme/base/login/messages/messages_pt_BR.properties
@@ -171,23 +171,23 @@ registrationNotAllowedMessage=Registro n\u00E3o permitido.
 resetCredentialNotAllowedMessage=Reset Credential not allowed
 
 permissionNotApprovedMessage=Permiss\u00E3o n\u00E3o aprovada.
-noRelayStateInResponseMessage=Sem estado de retransmiss\u00E3o na resposta do provedor de identidade [{0}].
-identityProviderAlreadyLinkedMessage=A identidade retornado pelo provedor de identidade [{0}] j\u00E1 est\u00E1 vinculado a outro usu\u00E1rio.
+noRelayStateInResponseMessage=Sem estado de retransmiss\u00E3o na resposta do provedor de identidade.
+identityProviderAlreadyLinkedMessage=A identidade retornado pelo provedor de identidade j\u00E1 est\u00E1 vinculado a outro usu\u00E1rio.
 insufficientPermissionMessage=Permiss\u00F5es insuficientes para vincular identidades.
 couldNotProceedWithAuthenticationRequestMessage=N\u00E3o foi poss\u00EDvel proceder \u00E0 solicita\u00E7\u00E3o de autentica\u00E7\u00E3o para provedor de identidade.
-couldNotObtainTokenMessage=N\u00E3o foi poss\u00EDvel obter token do provedor de identidade [{0}].
-unexpectedErrorRetrievingTokenMessage=Erro inesperado ao recuperar token do provedor de identidade [{0}].
-unexpectedErrorHandlingResponseMessage=Erro inesperado ao manusear resposta do provedor de identidade [{0}].
-identityProviderAuthenticationFailedMessage=Falha na autentica\u00E7\u00E3o. N\u00E3o foi poss\u00EDvel autenticar com o provedor de identidade [{0}].
-couldNotSendAuthenticationRequestMessage=N\u00E3o foi poss\u00EDvel enviar solicita\u00E7\u00E3o de autentica\u00E7\u00E3o para o provedor de identidade [{0}].
-unexpectedErrorHandlingRequestMessage=Erro inesperado ao manusear pedido de autentica\u00E7\u00E3o para provedor de identidade [{0}].
+couldNotObtainTokenMessage=N\u00E3o foi poss\u00EDvel obter token do provedor de identidade.
+unexpectedErrorRetrievingTokenMessage=Erro inesperado ao recuperar token do provedor de identidade.
+unexpectedErrorHandlingResponseMessage=Erro inesperado ao manusear resposta do provedor de identidade.
+identityProviderAuthenticationFailedMessage=Falha na autentica\u00E7\u00E3o. N\u00E3o foi poss\u00EDvel autenticar com o provedor de identidade.
+couldNotSendAuthenticationRequestMessage=N\u00E3o foi poss\u00EDvel enviar solicita\u00E7\u00E3o de autentica\u00E7\u00E3o para o provedor de identidade.
+unexpectedErrorHandlingRequestMessage=Erro inesperado ao manusear pedido de autentica\u00E7\u00E3o para provedor de identidade.
 invalidAccessCodeMessage=C\u00F3digo de acesso inv\u00E1lido.
 sessionNotActiveMessage=Sess\u00E3o inativa.
 invalidCodeMessage=C\u00F3digo inv\u00E1lido, por favor fa\u00E7a login novamente atrav\u00E9s de sua aplica\u00E7\u00E3o.
 identityProviderUnexpectedErrorMessage=Erro inesperado durante a autentica\u00E7\u00E3o com o provedor de identidade
-identityProviderNotFoundMessage=N\u00E3o foi poss\u00EDvel encontrar um provedor de identidade com o identificador [{0}].
-realmSupportsNoCredentialsMessage=O realm [{0}] n\u00E3o suporta qualquer tipo de credencial.
-identityProviderNotUniqueMessage=O realm [{0}] suporta m\u00FAltiplos provedores de identidade. N\u00E3o foi poss\u00EDvel determinar qual o provedor de identidade deve ser usado para se autenticar.
+identityProviderNotFoundMessage=N\u00E3o foi poss\u00EDvel encontrar um provedor de identidade com o identificador.
+realmSupportsNoCredentialsMessage=O realm n\u00E3o suporta qualquer tipo de credencial.
+identityProviderNotUniqueMessage=O realm suporta m\u00FAltiplos provedores de identidade. N\u00E3o foi poss\u00EDvel determinar qual o provedor de identidade deve ser usado para se autenticar.
 emailVerifiedMessage=O seu endere\u00E7o de e-mail foi confirmado.
 
 locale_de=Deutsch
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java
index 8b751e0afe..66d3556d98 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/IdentityProviderHintTest.java
@@ -77,6 +77,6 @@ public class IdentityProviderHintTest {
 
         assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
 
-        assertEquals("Could not find an identity provider with the identifier [invalid-idp-id].", this.driver.findElement(By.className("instruction")).getText());
+        assertEquals("Could not find an identity provider with the identifier.", this.driver.findElement(By.className("instruction")).getText());
     }
 }

From 3e04d045ee63dfaa8cea59bba99cceb269ec63df Mon Sep 17 00:00:00 2001
From: Cory Snyder <csnyder@iland.com>
Date: Fri, 4 Sep 2015 16:37:32 -0400
Subject: [PATCH 20/35] KEYCLOAK-1807 Fix bug with commas in regex password
 policies by using alternate way to declare multiple regex patterns

---
 .../modules/security-vulnerabilities.xml      |   4 +-
 .../admin/resources/js/controllers/realm.js   |   8 ++
 .../theme/base/admin/resources/js/services.js |  25 ++++-
 .../resources/partials/password-policy.html   |   6 +-
 .../org/keycloak/models/PasswordPolicy.java   | 100 ++++++++----------
 .../keycloak/models/PasswordPolicyTest.java   |  18 ++--
 6 files changed, 91 insertions(+), 70 deletions(-)

diff --git a/docbook/reference/en/en-US/modules/security-vulnerabilities.xml b/docbook/reference/en/en-US/modules/security-vulnerabilities.xml
index d7fadb008d..b2a3882144 100755
--- a/docbook/reference/en/en-US/modules/security-vulnerabilities.xml
+++ b/docbook/reference/en/en-US/modules/security-vulnerabilities.xml
@@ -130,8 +130,8 @@
             A password has to match all policies. The password policies that can be configured are hash iterations, length, digits,
             lowercase, uppercase, special characters, not username, regex patterns, password history and force expired password update. 
             Force expired password update policy forces or requires password updates after specified span of time. Password history policy 
-            restricts a user from resetting his password to N old expired passwords. Multiple regex patterns, separated by comma, 
-            can be specified in regex pattern policy. If there's more than one regex added, password has to match all fully.
+            restricts a user from resetting his password to N old expired passwords. Multiple regex patterns can be specified.
+            If there's more than one regex added, password has to match all fully.
             Increasing number of Hash Iterations (n) does not worsen anything (and certainly not the cipher) and it greatly increases the 
             resistance to dictionary attacks. However the drawback to increasing n is that it has some cost (CPU usage, energy, delay) for 
             the legitimate parties. Increasing n also slightly increases the odds that a random password gives the same result as the right 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
index 95d80a344f..4027a85b73 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
@@ -414,6 +414,14 @@ module.controller('RealmPasswordPolicyCtrl', function($scope, Realm, realm, $htt
         if (!$scope.policy) {
             $scope.policy = [];
         }
+        if (policy.name === 'regexPattern') {
+            for (var i in $scope.allPolicies) {
+                var p = $scope.allPolicies[i];
+                if (p.name === 'regexPattern') {
+                    $scope.allPolicies[i] = { name: 'regexPattern', value: '' };
+                }
+            }
+        }
         $scope.policy.push(policy);
     }
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
index e8c93d6240..d1abe26cd6 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js
@@ -1063,7 +1063,7 @@ module.factory('PasswordPolicy', function() {
         upperCase:      	"Minimal number (integer type) of uppercase characters in password. Default value is 1.",
         specialChars:   	"Minimal number (integer type) of special characters in password. Default value is 1.",
         notUsername:    	"Block passwords that are equal to the username",
-        regexPatterns:  	"Block passwords that do not match all of the regex patterns (string type).",
+        regexPattern:  	    "Block passwords that do not match the regex pattern (string type).",
         passwordHistory:  	"Block passwords that are equal to previous passwords. Default value is 3.",
         forceExpiredPasswordChange:  	"Force password change when password credential is expired. Default value is 365 days."
     }
@@ -1076,7 +1076,7 @@ module.factory('PasswordPolicy', function() {
         { name: 'upperCase', value: 1 },
         { name: 'specialChars', value: 1 },
         { name: 'notUsername', value: 1 },
-        { name: 'regexPatterns', value: ''},
+        { name: 'regexPattern', value: ''},
         { name: 'passwordHistory', value: 3 },
         { name: 'forceExpiredPasswordChange', value: 365 }
     ];
@@ -1094,7 +1094,7 @@ module.factory('PasswordPolicy', function() {
         for (var i = 0; i < policyArray.length; i ++){
             var policyToken = policyArray[i];
             
-            if(policyToken.indexOf('regexPatterns') === 0) {
+            if(policyToken.indexOf('regexPattern') === 0) {
             	re = /(\w+)\((.*)\)/;
             	policyEntry = re.exec(policyToken);
                 if (null !== policyEntry) {
@@ -1134,6 +1134,25 @@ module.factory('PasswordPolicy', function() {
     return p;
 });
 
+module.filter('removeSelectedPolicies', function() {
+    return function(policies, selectedPolicies) {
+        var result = [];
+        for(var i in policies) {
+            var policy = policies[i];
+            var policyAvailable = true;
+            for(var j in selectedPolicies) {
+                if(policy.name === selectedPolicies[j].name && policy.name !== 'regexPattern') {
+                    policyAvailable = false;
+                }
+            }
+            if(policyAvailable) {
+                result.push(policy);
+            }
+        }
+        return result;
+    }
+});
+
 module.factory('IdentityProvider', function($resource) {
     return $resource(authUrl + '/admin/realms/:realm/identity-provider/instances/:alias', {
         realm : '@realm',
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html
index ff4e0f7f15..2da9b0d0c4 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/password-policy.html
@@ -7,12 +7,12 @@
         <table class="table table-striped table-bordered">
             <caption class="hidden">Table of Password Policies</caption>
             <thead>
-            <tr ng-show="(allPolicies|remove:policy:'name').length > 0">
+            <tr ng-show="(allPolicies|removeSelectedPolicies:policy).length > 0">
                 <th colspan="5" class="kc-table-actions">
                     <div class="pull-right">
                         <div>
                             <select class="form-control" ng-model="selectedPolicy"
-                                    ng-options="(p.name|capitalize) for p in (allPolicies|remove:policy:'name')"
+                                    ng-options="(p.name|capitalize) for p in (allPolicies|removeSelectedPolicies:policy)"
                                     data-ng-change="addPolicy(selectedPolicy); selectedPolicy = null">
                                 <option value="" disabled selected>Add policy...</option>
                             </select>
@@ -51,4 +51,4 @@
 </div>
 
 
-<kc-menu></kc-menu>
\ No newline at end of file
+<kc-menu></kc-menu>
diff --git a/model/api/src/main/java/org/keycloak/models/PasswordPolicy.java b/model/api/src/main/java/org/keycloak/models/PasswordPolicy.java
index b7f2267a1e..5bdae2c3bb 100755
--- a/model/api/src/main/java/org/keycloak/models/PasswordPolicy.java
+++ b/model/api/src/main/java/org/keycloak/models/PasswordPolicy.java
@@ -46,42 +46,37 @@ public class PasswordPolicy implements Serializable {
             policy = policy.trim();
 
             String name;
-            String[] args = null;
+            String arg = null;
 
             int i = policy.indexOf('(');
             if (i == -1) {
                 name = policy.trim();
             } else {
                 name = policy.substring(0, i).trim();
-                args = policy.substring(i + 1, policy.length() - 1).split(",");
-                for (int j = 0; j < args.length; j++) {
-                    args[j] = args[j].trim();
-                }
+                arg = policy.substring(i + 1, policy.length() - 1);
             }
 
             if (name.equals(Length.NAME)) {
-                list.add(new Length(args));
+                list.add(new Length(arg));
             } else if (name.equals(Digits.NAME)) {
-                list.add(new Digits(args));
+                list.add(new Digits(arg));
             } else if (name.equals(LowerCase.NAME)) {
-                list.add(new LowerCase(args));
+                list.add(new LowerCase(arg));
             } else if (name.equals(UpperCase.NAME)) {
-                list.add(new UpperCase(args));
+                list.add(new UpperCase(arg));
             } else if (name.equals(SpecialChars.NAME)) {
-                list.add(new SpecialChars(args));
+                list.add(new SpecialChars(arg));
             } else if (name.equals(NotUsername.NAME)) {
-                list.add(new NotUsername(args));
+                list.add(new NotUsername(arg));
             } else if (name.equals(HashIterations.NAME)) {
-                list.add(new HashIterations(args));
+                list.add(new HashIterations(arg));
             } else if (name.equals(RegexPatterns.NAME)) {
-                for (String regexPattern : args) {
-                    Pattern.compile(regexPattern);
-                }
-                list.add(new RegexPatterns(args));
+                Pattern.compile(arg);
+                list.add(new RegexPatterns(arg));
             } else if (name.equals(PasswordHistory.NAME)) {
-                list.add(new PasswordHistory(args));
+                list.add(new PasswordHistory(arg));
             } else if (name.equals(ForceExpiredPasswordChange.NAME)) {
-                list.add(new ForceExpiredPasswordChange(args));
+                list.add(new ForceExpiredPasswordChange(arg));
             }
         }
         return list;
@@ -182,11 +177,10 @@ public class PasswordPolicy implements Serializable {
         private static final String NAME = "hashIterations";
         private int iterations;
 
-        public HashIterations(String[] args) {
-            iterations = intArg(NAME, 1, args);
+        public HashIterations(String arg) {
+            iterations = intArg(NAME, 1, arg);
         }
         
-
         @Override
         public Error validate(String user, String password) {
             return null;
@@ -201,7 +195,7 @@ public class PasswordPolicy implements Serializable {
     private static class NotUsername implements Policy {
         private static final String NAME = "notUsername";
 
-        public NotUsername(String[] args) {
+        public NotUsername(String arg) {
         }
 
         @Override
@@ -219,8 +213,9 @@ public class PasswordPolicy implements Serializable {
         private static final String NAME = "length";
         private int min;
 
-        public Length(String[] args) {
-            min = intArg(NAME, 8, args);
+        public Length(String arg)
+        {
+            min = intArg(NAME, 8, arg);
         }
         
 
@@ -239,8 +234,9 @@ public class PasswordPolicy implements Serializable {
         private static final String NAME = "digits";
         private int min;
 
-        public Digits(String[] args) {
-            min = intArg(NAME, 1, args);
+        public Digits(String arg)
+        {
+            min = intArg(NAME, 1, arg);
         }
         
 
@@ -265,8 +261,9 @@ public class PasswordPolicy implements Serializable {
         private static final String NAME = "lowerCase";
         private int min;
 
-        public LowerCase(String[] args) {
-            min = intArg(NAME, 1, args);
+        public LowerCase(String arg)
+        {
+            min = intArg(NAME, 1, arg);
         }
         
         @Override
@@ -290,8 +287,8 @@ public class PasswordPolicy implements Serializable {
         private static final String NAME = "upperCase";
         private int min;
 
-        public UpperCase(String[] args) {
-            min = intArg(NAME, 1, args);
+        public UpperCase(String arg) {
+            min = intArg(NAME, 1, arg);
         }
 
         @Override
@@ -315,8 +312,9 @@ public class PasswordPolicy implements Serializable {
         private static final String NAME = "specialChars";
         private int min;
 
-        public SpecialChars(String[] args) {
-            min = intArg(NAME, 1, args);
+        public SpecialChars(String arg)
+        {
+            min = intArg(NAME, 1, arg);
         }
         
         @Override
@@ -337,23 +335,20 @@ public class PasswordPolicy implements Serializable {
     }
 
     private static class RegexPatterns implements Policy {
-        private static final String NAME = "regexPatterns";
-        private String regexPatterns[];
+        private static final String NAME = "regexPattern";
+        private String regexPattern;
 
-        public RegexPatterns(String[] args) {
-            regexPatterns = args;
+        public RegexPatterns(String arg)
+        {
+            regexPattern = arg;
         }
 
         @Override
         public Error validate(String username, String password) {
-            Pattern pattern = null;
-            Matcher matcher = null;
-            for (String regexPattern : regexPatterns) {
-                pattern = Pattern.compile(regexPattern);
-                matcher = pattern.matcher(password);
-                if (!matcher.matches()) {
-                    return new Error(INVALID_PASSWORD_REGEX_PATTERN, (Object) regexPatterns);
-                }
+            Pattern pattern = Pattern.compile(regexPattern);
+            Matcher matcher = pattern.matcher(password);
+            if (!matcher.matches()) {
+                return new Error(INVALID_PASSWORD_REGEX_PATTERN, (Object) regexPattern);
             }
             return null;
         }
@@ -368,8 +363,9 @@ public class PasswordPolicy implements Serializable {
         private static final String NAME = "passwordHistory";
         private int passwordHistoryPolicyValue;
 
-        public PasswordHistory(String[] args) {
-            passwordHistoryPolicyValue = intArg(NAME, 3, args);
+        public PasswordHistory(String arg)
+        {
+            passwordHistoryPolicyValue = intArg(NAME, 3, arg);
         }
         
         @Override
@@ -442,8 +438,8 @@ public class PasswordPolicy implements Serializable {
         private static final String NAME = "forceExpiredPasswordChange";
         private int daysToExpirePassword;
 
-        public ForceExpiredPasswordChange(String[] args) {
-            daysToExpirePassword = intArg(NAME, 365, args);
+        public ForceExpiredPasswordChange(String arg) {
+            daysToExpirePassword = intArg(NAME, 365, arg);
         }
 
         @Override
@@ -457,13 +453,11 @@ public class PasswordPolicy implements Serializable {
         }
     }
     
-    private static int intArg(String policy, int defaultValue, String... args) {
-        if (args == null || args.length == 0) {
+    private static int intArg(String policy, int defaultValue, String arg) {
+        if (arg == null) {
             return defaultValue;
-        } else if (args.length == 1) {
-            return Integer.parseInt(args[0]);
         } else {
-            throw new IllegalArgumentException("Invalid arguments to " + policy + ", expect no argument or single integer");
+            return Integer.parseInt(arg);
         }
     }
 
diff --git a/model/api/src/test/java/org/keycloak/models/PasswordPolicyTest.java b/model/api/src/test/java/org/keycloak/models/PasswordPolicyTest.java
index d091dca6a2..df76588a3d 100755
--- a/model/api/src/test/java/org/keycloak/models/PasswordPolicyTest.java
+++ b/model/api/src/test/java/org/keycloak/models/PasswordPolicyTest.java
@@ -88,41 +88,41 @@ public class PasswordPolicyTest {
     public void testRegexPatterns() {
         PasswordPolicy policy = null;
         try {
-            policy = new PasswordPolicy("regexPatterns");
-            fail("Expected NullPointerEXception: Regex Pattern cannot be null.");
+            policy = new PasswordPolicy("regexPattern");
+            fail("Expected NullPointerException: Regex Pattern cannot be null.");
         } catch (NullPointerException e) {
             // Expected NPE as regex pattern is null.
         }
         
         try {
-            policy = new PasswordPolicy("regexPatterns(*)");
+            policy = new PasswordPolicy("regexPattern(*)");
             fail("Expected PatternSyntaxException: Regex Pattern cannot be null.");
         } catch (PatternSyntaxException e) {
             // Expected PSE as regex pattern(or any of its token) is not quantifiable.
         }
         
         try {
-            policy = new PasswordPolicy("regexPatterns(*,**)");
+            policy = new PasswordPolicy("regexPattern(*,**)");
             fail("Expected PatternSyntaxException: Regex Pattern cannot be null.");
         } catch (PatternSyntaxException e) {
             // Expected PSE as regex pattern(or any of its token) is not quantifiable.
         }
         
         //Fails to match one of the regex pattern
-        policy = new PasswordPolicy("regexPatterns(jdoe,j*d)");
+        policy = new PasswordPolicy("regexPattern(jdoe) and regexPattern(j*d)");
         Assert.assertEquals("invalidPasswordRegexPatternMessage", policy.validate("jdoe", "jdoe").getMessage());
         
         ////Fails to match all of the regex patterns
-        policy = new PasswordPolicy("regexPatterns(j*p,j*d,adoe)");
+        policy = new PasswordPolicy("regexPattern(j*p) and regexPattern(j*d) and regexPattern(adoe)");
         Assert.assertEquals("invalidPasswordRegexPatternMessage", policy.validate("jdoe", "jdoe").getMessage());
         
-        policy = new PasswordPolicy("regexPatterns([a-z][a-z][a-z][a-z][0-9])");
+        policy = new PasswordPolicy("regexPattern([a-z][a-z][a-z][a-z][0-9])");
         Assert.assertEquals("invalidPasswordRegexPatternMessage", policy.validate("jdoe", "jdoe").getMessage());
         
-        policy = new PasswordPolicy("regexPatterns(jdoe)");
+        policy = new PasswordPolicy("regexPattern(jdoe)");
         Assert.assertNull(policy.validate("jdoe", "jdoe"));
         
-        policy = new PasswordPolicy("regexPatterns([a-z][a-z][a-z][a-z][0-9])");
+        policy = new PasswordPolicy("regexPattern([a-z][a-z][a-z][a-z][0-9])");
         Assert.assertNull(policy.validate("jdoe", "jdoe0"));
     }
 

From a32fefb5973b8b3745353f5ab89b5dce8d0fa9fa Mon Sep 17 00:00:00 2001
From: Stan Silvert <ssilvert@redhat.com>
Date: Mon, 14 Sep 2015 14:28:32 -0400
Subject: [PATCH 21/35] Fix breadcrumbs.

---
 .../resources/partials/client-credentials-jwt-key-export.html   | 2 +-
 .../resources/partials/client-credentials-jwt-key-import.html   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html
index fc8236f4e2..ad21e93e7d 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html
@@ -3,7 +3,7 @@
     <ol class="breadcrumb">
         <li><a href="#/realms/{{realm.realm}}/clients">Clients</a></li>
         <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
-        <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/credentials/client-jwt">Signed JWT config</a></li>
+        <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/credentials">credentials</a></li>
         <li class="active">Generate Client Private Key</li>
     </ol>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html
index 654d1d6bec..41c1be5a2a 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html
@@ -3,7 +3,7 @@
     <ol class="breadcrumb">
         <li><a href="#/realms/{{realm.realm}}/clients">Clients</a></li>
         <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
-        <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/credentials/client-jwt">Signed JWT config</a></li>
+        <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/credentials">credentials</a></li>
         <li class="active">Client Certificate Import</li>
     </ol>
 

From 6291e90f9c0e0c1b350943d99d1728975c775392 Mon Sep 17 00:00:00 2001
From: Dane Barentine <dane.barentine@software.dell.com>
Date: Mon, 14 Sep 2015 13:44:15 -0700
Subject: [PATCH 22/35] KEYCLOAK-1844 Login endpoint needs to handle POST as
 well for SAML clients using HTTP-POST binding

---
 .../services/resources/IdentityBrokerService.java    | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
index f95d7d80da..9bbfcf5208 100755
--- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
+++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
@@ -64,11 +64,7 @@ import org.keycloak.services.validation.Validation;
 import org.keycloak.social.SocialIdentityProvider;
 import org.keycloak.util.ObjectUtil;
 
-import javax.ws.rs.GET;
-import javax.ws.rs.OPTIONS;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.QueryParam;
+import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
@@ -130,6 +126,12 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
         this.event = new EventBuilder(realmModel, session, clientConnection).event(EventType.IDENTITY_PROVIDER_LOGIN);
     }
 
+    @POST
+    @Path("/{provider_id}/login")
+    public Response performPostLogin(@PathParam("provider_id") String providerId, @QueryParam("code") String code) {
+        return performLogin(providerId, code);
+    }
+
     @GET
     @Path("/{provider_id}/login")
     public Response performLogin(@PathParam("provider_id") String providerId, @QueryParam("code") String code) {

From fe79c9b01e386c363ea321dc920f57b4fb6fafb4 Mon Sep 17 00:00:00 2001
From: Dane Barentine <dane.barentine@software.dell.com>
Date: Mon, 14 Sep 2015 13:55:07 -0700
Subject: [PATCH 23/35] KEYCLOAK-1845 Fixed relative path error which was
 omitting the themes on the EAP overlay

---
 .../server-overlay/eap6/eap6-server-overlay/assembly.xml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml b/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml
index 9a9e49069f..83ee9e315a 100755
--- a/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml
@@ -14,7 +14,7 @@
             <outputDirectory>modules/system/layers/base</outputDirectory>
         </fileSet>
         <fileSet>
-            <directory>../../../forms/common-themes/src/main/resources/theme</directory>
+            <directory>../../../../forms/common-themes/src/main/resources/theme</directory>
             <outputDirectory>standalone/configuration/themes</outputDirectory>
             <includes>
                 <include>**/**</include>

From f55ab0d689bd4dc7180db68fe015b6db92edc01d Mon Sep 17 00:00:00 2001
From: Dane Barentine <dane.barentine@software.dell.com>
Date: Mon, 14 Sep 2015 14:00:05 -0700
Subject: [PATCH 24/35] KEYCLOAK-1846 Per SAML spec 6.2 Encrypting assertions
 must happen after the assertions are signed

---
 .../org/keycloak/protocol/saml/SAML2BindingBuilder2.java    | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder2.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder2.java
index c377206f50..0b81eb60dd 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder2.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder2.java
@@ -120,11 +120,12 @@ public class SAML2BindingBuilder2<T extends SAML2BindingBuilder2> {
         protected Document document;
 
         public PostBindingBuilder(Document document) throws ProcessingException {
-            if (encrypt) encryptDocument(document);
             this.document = document;
             if (signAssertions) {
                 signAssertion(document);
             }
+            //Per SAML spec 6.2 Encrypting assertions must happen after the assertions are signed
+            if (encrypt) encryptDocument(document);
             if (sign) {
                 signDocument(document);
             }
@@ -151,11 +152,12 @@ public class SAML2BindingBuilder2<T extends SAML2BindingBuilder2> {
         protected Document document;
 
         public RedirectBindingBuilder(Document document) throws ProcessingException {
-            if (encrypt) encryptDocument(document);
             this.document = document;
             if (signAssertions) {
                 signAssertion(document);
             }
+            //Per SAML spec 6.2 Encrypting assertions must happen after the assertions are signed
+            if (encrypt) encryptDocument(document);
         }
 
         public Document getDocument() {

From 55dc42e1473e9cd174dab37d6485adaec1163ab8 Mon Sep 17 00:00:00 2001
From: Dane Barentine <dane.barentine@software.dell.com>
Date: Mon, 14 Sep 2015 14:02:10 -0700
Subject: [PATCH 25/35] KEYCLOAK-1491 AttributeStatement must contain one or
 more attribute or encryptedattribute statements

---
 .../main/java/org/keycloak/protocol/saml/SamlProtocol.java  | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
index e4e8f6ecc7..54dff3a5df 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
@@ -448,8 +448,12 @@ public class SamlProtocol implements LoginProtocol {
         if (roleListMapper == null) return;
         AssertionType assertion = response.getAssertions().get(0).getAssertion();
         AttributeStatementType attributeStatement = new AttributeStatementType();
-        assertion.addStatement(attributeStatement);
         roleListMapper.mapper.mapRoles(attributeStatement, roleListMapper.model, session, userSession, clientSession);
+
+        //SAML Spec 2.7.3 AttributeStatement must contain one or more Attribute or EncryptedAttribute
+        if(attributeStatement.getAttributes().size() > 0) {
+            assertion.addStatement(attributeStatement);
+        }
     }
 
 

From 6478e8f5c76d6763ea0e8ab1e585e99e7a0855f7 Mon Sep 17 00:00:00 2001
From: Dane Barentine <dane.barentine@software.dell.com>
Date: Mon, 14 Sep 2015 14:04:23 -0700
Subject: [PATCH 26/35] KEYCLOAK-1847 Per SAML Spec 3.4.4.1 SigAlg in redirect
 binding should be URI not Java signature algorithm

---
 .../java/org/keycloak/protocol/saml/SAML2BindingBuilder.java    | 2 +-
 .../java/org/keycloak/protocol/saml/SAML2BindingBuilder2.java   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder.java
index d2f354592d..c1a1a68fff 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder.java
@@ -367,7 +367,7 @@ public class SAML2BindingBuilder<T extends SAML2BindingBuilder> {
         }
 
         if (sign) {
-            builder.queryParam(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, signatureAlgorithm.getJavaSignatureAlgorithm());
+            builder.queryParam(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, signatureAlgorithm.getXmlSignatureMethod());
             URI uri = builder.build();
             String rawQuery = uri.getRawQuery();
             Signature signature = signatureAlgorithm.createSignature();
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder2.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder2.java
index 0b81eb60dd..b86452d28b 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder2.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SAML2BindingBuilder2.java
@@ -342,7 +342,7 @@ public class SAML2BindingBuilder2<T extends SAML2BindingBuilder2> {
         }
 
         if (sign) {
-            builder.queryParam(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, signatureAlgorithm.getJavaSignatureAlgorithm());
+            builder.queryParam(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, signatureAlgorithm.getXmlSignatureMethod());
             URI uri = builder.build();
             String rawQuery = uri.getRawQuery();
             Signature signature = signatureAlgorithm.createSignature();

From 80f91b5fa55b6c17cc918595d13d185b70e5e3c8 Mon Sep 17 00:00:00 2001
From: Dane Barentine <dane.barentine@software.dell.com>
Date: Mon, 14 Sep 2015 14:09:57 -0700
Subject: [PATCH 27/35] KEYCLOAK-1848 Fix consuming of metadata when
 EntityDescriptor includes multiple Descriptors

---
 .../saml/SAMLIdentityProviderFactory.java     | 134 +++++++++---------
 1 file changed, 69 insertions(+), 65 deletions(-)

diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java
index 1cd28fd6af..4adeddfd29 100755
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java
@@ -73,75 +73,79 @@ public class SAMLIdentityProviderFactory extends AbstractIdentityProviderFactory
             List<EntityDescriptorType.EDTChoiceType> choiceType = entityType.getChoiceType();
 
             if (!choiceType.isEmpty()) {
-                EntityDescriptorType.EDTChoiceType edtChoiceType = choiceType.get(0);
-                List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = edtChoiceType.getDescriptors();
+                IDPSSODescriptorType idpDescriptor = null;
 
-                if (!descriptors.isEmpty()) {
-                    EntityDescriptorType.EDTDescriptorChoiceType edtDescriptorChoiceType = descriptors.get(0);
-                    IDPSSODescriptorType idpDescriptor = edtDescriptorChoiceType.getIdpDescriptor();
+                //Metadata documents can contain multiple Descriptors (See ADFS metadata documents) such as RoleDescriptor, SPSSODescriptor, IDPSSODescriptor.
+                //So we need to loop through to find the IDPSSODescriptor.
+                for(EntityDescriptorType.EDTChoiceType edtChoiceType : entityType.getChoiceType()) {
+                    List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = edtChoiceType.getDescriptors();
 
-                    if (idpDescriptor != null) {
-                        SAMLIdentityProviderConfig samlIdentityProviderConfig = new SAMLIdentityProviderConfig();
-                        String singleSignOnServiceUrl = null;
-                        boolean postBinding = false;
-                        for (EndpointType endpoint : idpDescriptor.getSingleSignOnService()) {
-                            if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
-                                singleSignOnServiceUrl = endpoint.getLocation().toString();
-                                postBinding = true;
-                                break;
-                            } else if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())){
-                                singleSignOnServiceUrl = endpoint.getLocation().toString();
-                            }
-                        }
-                        String singleLogoutServiceUrl = null;
-                        for (EndpointType endpoint : idpDescriptor.getSingleLogoutService()) {
-                            if (postBinding && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
-                                singleLogoutServiceUrl = endpoint.getLocation().toString();
-                                break;
-                            } else if (!postBinding && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())){
-                                singleLogoutServiceUrl = endpoint.getLocation().toString();
-                                break;
-                            }
-
-                        }
-                        samlIdentityProviderConfig.setSingleLogoutServiceUrl(singleLogoutServiceUrl);
-                        samlIdentityProviderConfig.setSingleSignOnServiceUrl(singleSignOnServiceUrl);
-                        samlIdentityProviderConfig.setWantAuthnRequestsSigned(idpDescriptor.isWantAuthnRequestsSigned());
-                        samlIdentityProviderConfig.setValidateSignature(idpDescriptor.isWantAuthnRequestsSigned());
-                        samlIdentityProviderConfig.setPostBindingResponse(postBinding);
-                        samlIdentityProviderConfig.setPostBindingAuthnRequest(postBinding);
-
-                        List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor();
-                        String defaultCertificate = null;
-
-                        if (keyDescriptor != null) {
-                            for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
-                                Element keyInfo = keyDescriptorType.getKeyInfo();
-                                Element x509KeyInfo = DocumentUtil.getChildElement(keyInfo, new QName("dsig", "X509Certificate"));
-
-                                if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
-                                    samlIdentityProviderConfig.setSigningCertificate(x509KeyInfo.getTextContent());
-                                } else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) {
-                                    samlIdentityProviderConfig.setEncryptionPublicKey(x509KeyInfo.getTextContent());
-                                } else if (keyDescriptorType.getUse() ==  null) {
-                                    defaultCertificate = x509KeyInfo.getTextContent();
-                                }
-                            }
-                        }
-
-                        if (defaultCertificate != null) {
-                            if (samlIdentityProviderConfig.getSigningCertificate() == null) {
-                                samlIdentityProviderConfig.setSigningCertificate(defaultCertificate);
-                            }
-
-                            if (samlIdentityProviderConfig.getEncryptionPublicKey() == null) {
-                                samlIdentityProviderConfig.setEncryptionPublicKey(defaultCertificate);
-                            }
-                        }
-
-                        return samlIdentityProviderConfig.getConfig();
+                    if(!descriptors.isEmpty() && descriptors.get(0).getIdpDescriptor() != null) {
+                        idpDescriptor = descriptors.get(0).getIdpDescriptor();
                     }
                 }
+
+                if (idpDescriptor != null) {
+                    SAMLIdentityProviderConfig samlIdentityProviderConfig = new SAMLIdentityProviderConfig();
+                    String singleSignOnServiceUrl = null;
+                    boolean postBinding = false;
+                    for (EndpointType endpoint : idpDescriptor.getSingleSignOnService()) {
+                        if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
+                            singleSignOnServiceUrl = endpoint.getLocation().toString();
+                            postBinding = true;
+                            break;
+                        } else if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())){
+                            singleSignOnServiceUrl = endpoint.getLocation().toString();
+                        }
+                    }
+                    String singleLogoutServiceUrl = null;
+                    for (EndpointType endpoint : idpDescriptor.getSingleLogoutService()) {
+                        if (postBinding && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
+                            singleLogoutServiceUrl = endpoint.getLocation().toString();
+                            break;
+                        } else if (!postBinding && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())){
+                            singleLogoutServiceUrl = endpoint.getLocation().toString();
+                            break;
+                        }
+
+                    }
+                    samlIdentityProviderConfig.setSingleLogoutServiceUrl(singleLogoutServiceUrl);
+                    samlIdentityProviderConfig.setSingleSignOnServiceUrl(singleSignOnServiceUrl);
+                    samlIdentityProviderConfig.setWantAuthnRequestsSigned(idpDescriptor.isWantAuthnRequestsSigned());
+                    samlIdentityProviderConfig.setValidateSignature(idpDescriptor.isWantAuthnRequestsSigned());
+                    samlIdentityProviderConfig.setPostBindingResponse(postBinding);
+                    samlIdentityProviderConfig.setPostBindingAuthnRequest(postBinding);
+
+                    List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor();
+                    String defaultCertificate = null;
+
+                    if (keyDescriptor != null) {
+                        for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
+                            Element keyInfo = keyDescriptorType.getKeyInfo();
+                            Element x509KeyInfo = DocumentUtil.getChildElement(keyInfo, new QName("dsig", "X509Certificate"));
+
+                            if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
+                                samlIdentityProviderConfig.setSigningCertificate(x509KeyInfo.getTextContent());
+                            } else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) {
+                                samlIdentityProviderConfig.setEncryptionPublicKey(x509KeyInfo.getTextContent());
+                            } else if (keyDescriptorType.getUse() ==  null) {
+                                defaultCertificate = x509KeyInfo.getTextContent();
+                            }
+                        }
+                    }
+
+                    if (defaultCertificate != null) {
+                        if (samlIdentityProviderConfig.getSigningCertificate() == null) {
+                            samlIdentityProviderConfig.setSigningCertificate(defaultCertificate);
+                        }
+
+                        if (samlIdentityProviderConfig.getEncryptionPublicKey() == null) {
+                            samlIdentityProviderConfig.setEncryptionPublicKey(defaultCertificate);
+                        }
+                    }
+
+                    return samlIdentityProviderConfig.getConfig();
+                }
             }
         } catch (ParsingException pe) {
             throw new RuntimeException("Could not parse IdP SAML Metadata", pe);

From 0c49fce78f04f64525f4c285829fe588f642b6cd Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Wed, 2 Sep 2015 13:19:32 +0200
Subject: [PATCH 28/35] KEYCLOAK-1241 Can't build release with Java 8

---
 distribution/docs-dist/assembly.xml           |   2 +-
 services/pom.xml                              | 131 +++++++++++++++---
 services/src/docs/asciidoc/index.adoc         |   3 +
 services/src/docs/swagger/apiinfo.json        |   4 +
 .../services/resources/admin/AdminRoot.java   |   3 +
 5 files changed, 122 insertions(+), 21 deletions(-)
 create mode 100644 services/src/docs/asciidoc/index.adoc
 create mode 100644 services/src/docs/swagger/apiinfo.json

diff --git a/distribution/docs-dist/assembly.xml b/distribution/docs-dist/assembly.xml
index 879e92c6d1..c1a1bd97dd 100755
--- a/distribution/docs-dist/assembly.xml
+++ b/distribution/docs-dist/assembly.xml
@@ -13,7 +13,7 @@
             <outputDirectory>javadocs</outputDirectory>
         </fileSet>
         <fileSet>
-            <directory>../../services/target/apidocs</directory>
+            <directory>../../services/target/apidocs-rest/output</directory>
             <outputDirectory>rest-api</outputDirectory>
         </fileSet>
         <fileSet>
diff --git a/services/pom.xml b/services/pom.xml
index 41d80e752f..25e1756547 100755
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -13,6 +13,10 @@
     <name>Keycloak REST Services</name>
     <description />
 
+    <properties>
+        <version.swagger.doclet>1.0.5</version.swagger.doclet>
+    </properties>
+
     <dependencies>
         <dependency>
             <groupId>org.bouncycastle</groupId>
@@ -188,27 +192,114 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <configuration>
-                    <subpackages>org.keycloak.services.resources.admin:org.keycloak.protocol.oidc</subpackages>
-                    <doclet>com.lunatech.doclets.jax.jaxrs.JAXRSDoclet</doclet>
-                    <docletArtifacts>
-                        <docletArtifact>
-                            <groupId>com.lunatech.jax-doclets</groupId>
-                            <artifactId>doclets</artifactId>
-                            <version>0.10.2</version>
-                        </docletArtifact>
-                    </docletArtifacts>
-                    <detectOfflineLinks>false</detectOfflineLinks>
-                    <offlineLinks>
-                        <offlineLink>
-                            <url>../javadocs</url>
-                            <location>${project.basedir}/../target/site/apidocs</location>
-                        </offlineLink>
-                    </offlineLinks>
-                    <additionalparam>-disablejavascriptexample</additionalparam>
-                    <additionalparam>-pathexcludefilter '/admin/.*index.*' -pathexcludefilter '/admin' -pathexcludefilter '/admin/\\{realm\\}/console.*'</additionalparam>
-                </configuration>
+                <executions>
+                    <execution>
+                        <id>generate-service-docs</id>
+                        <phase>generate-resources</phase>
+                        <configuration>
+                            <doclet>com.carma.swagger.doclet.ServiceDoclet</doclet>
+                            <docletArtifact>
+                                <groupId>com.carma</groupId>
+                                <artifactId>swagger-doclet</artifactId>
+                                <version>${version.swagger.doclet}</version>
+                            </docletArtifact>
+
+                            <subpackages>org.keycloak.services.resources.admin:org.keycloak.protocol.oidc</subpackages>
+                            <detectOfflineLinks>false</detectOfflineLinks>
+                            <offlineLinks>
+                                <offlineLink>
+                                    <url>../javadocs</url>
+                                    <location>${project.basedir}/../target/site/apidocs</location>
+                                </offlineLink>
+                            </offlineLinks>
+
+                            <reportOutputDirectory>${project.basedir}/target/apidocs-rest/swagger</reportOutputDirectory>
+                            <useStandardDocletOptions>false</useStandardDocletOptions>
+                            <additionalparam> -skipUiFiles -apiVersion 1 -includeResourcePrefixes org.keycloak.services.resources.admin,org.keycloak.protocol.oidc -docBasePath /apidocs -apiBasePath http://localhost:8080/auth -apiInfoFile ${project.basedir}/src/docs/swagger/apiinfo.json</additionalparam>
+                        </configuration>
+                        <goals>
+                            <goal>javadoc</goal>
+                        </goals>
+                    </execution>
+                </executions>
             </plugin>
         </plugins>
     </build>
+
+    <profiles>
+        <profile>
+            <id>jboss-release</id>
+
+            <repositories>
+                <repository>
+                    <snapshots>
+                        <enabled>false</enabled>
+                    </snapshots>
+                    <id>central</id>
+                    <name>bintray</name>
+                    <url>http://jcenter.bintray.com</url>
+                </repository>
+            </repositories>
+
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>com.redowlanalytics</groupId>
+                        <artifactId>swagger2markup-maven-plugin</artifactId>
+                        <version>0.7.1</version>
+
+                        <dependencies>
+                            <dependency>
+                                <groupId>io.github.robwin</groupId>
+                                <artifactId>swagger2markup</artifactId>
+                                <version>0.7.1</version>
+                            </dependency>
+                        </dependencies>
+
+                        <executions>
+                            <execution>
+                                <id>gen-asciidoc</id>
+                                <phase>process-resources</phase>
+                                <goals>
+                                    <goal>process-swagger</goal>
+                                </goals>
+                                <configuration>
+                                    <inputDirectory>${project.basedir}/target/apidocs-rest/swagger/apidocs</inputDirectory>
+                                    <outputDirectory>${project.basedir}/target/apidocs-rest/asciidoc</outputDirectory>
+                                    <markupLanguage>asciidoc</markupLanguage>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+
+                    <plugin>
+                        <groupId>org.asciidoctor</groupId>
+                        <artifactId>asciidoctor-maven-plugin</artifactId>
+                        <version>1.5.2</version>
+                        <executions>
+                            <execution>
+                                <id>generate-docs</id>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>process-asciidoc</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceDirectory>${project.basedir}/src/docs/asciidoc</sourceDirectory>
+                                    <sourceDocumentName>index.adoc</sourceDocumentName>
+                                    <outputDirectory>${project.basedir}/target/apidocs-rest/output</outputDirectory>
+                                    <backend>html5</backend>
+                                    <attributes>
+                                        <!-- List of attributes:
+                                        https://github.com/asciidoctor/asciidoctorj/blob/master/asciidoctorj-core/src/main/java/org/asciidoctor/Attributes.java
+                                         -->
+                                        <generated>${project.basedir}/target/apidocs-rest/asciidoc</generated>
+                                    </attributes>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
 </project>
diff --git a/services/src/docs/asciidoc/index.adoc b/services/src/docs/asciidoc/index.adoc
new file mode 100644
index 0000000000..226d206aca
--- /dev/null
+++ b/services/src/docs/asciidoc/index.adoc
@@ -0,0 +1,3 @@
+include::{generated}/overview.adoc[]
+include::{generated}/paths.adoc[]
+include::{generated}/definitions.adoc[]
\ No newline at end of file
diff --git a/services/src/docs/swagger/apiinfo.json b/services/src/docs/swagger/apiinfo.json
new file mode 100644
index 0000000000..575955f57d
--- /dev/null
+++ b/services/src/docs/swagger/apiinfo.json
@@ -0,0 +1,4 @@
+{
+  "title": "Keycloak Admin REST API",
+  "description": "This is a REST API reference for the Keycloak Admin"
+}
\ No newline at end of file
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java
index d57e96ee32..834d957324 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java
@@ -77,6 +77,7 @@ public class AdminRoot {
     /**
      * Convenience path to master realm admin console
      *
+     * @exclude
      * @return
      */
     @GET
@@ -90,6 +91,7 @@ public class AdminRoot {
     /**
      * Convenience path to master realm admin console
      *
+     * @exclude
      * @return
      */
     @Path("index.{html:html}") // expression is actually "index.html" but this is a hack to get around jax-doclet bug
@@ -118,6 +120,7 @@ public class AdminRoot {
     /**
      * path to realm admin console ui
      *
+     * @exclude
      * @param name Realm name (not id!)
      * @return
      */

From 3bbe82057c4d55c452724a4e99bf3d092bd2d99d Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Tue, 15 Sep 2015 21:22:06 +0200
Subject: [PATCH 29/35] KEYCLOAK-1241 Can't build release with Java 8  -
 Improve javadoc comments for new REST API documentation generation

---
 services/pom.xml                              |   1 +
 .../ClientIdAndSecretAuthenticator.java       |   7 +-
 .../client/JWTClientAuthenticator.java        |   3 +-
 .../services/managers/RealmManager.java       |   2 +-
 .../admin/AttackDetectionResource.java        |  48 +----
 .../AuthenticationManagementResource.java     | 171 ++++++++++++++++--
 .../ClientAttributeCertificateResource.java   |  13 +-
 .../resources/admin/ClientResource.java       |  62 +++++--
 .../resources/admin/ClientsResource.java      |   8 +-
 .../admin/IdentityProviderResource.java       |  54 +++++-
 .../admin/IdentityProvidersResource.java      |  34 ++++
 .../admin/ProtocolMappersResource.java        |  31 +++-
 .../resources/admin/RealmAdminResource.java   |  62 ++++---
 .../resources/admin/RealmsAdminResource.java  |  14 +-
 .../resources/admin/RoleByIdResource.java     |  22 ++-
 .../admin/RoleContainerResource.java          |  15 +-
 .../admin/ScopeMappedClientResource.java      |  12 +-
 .../resources/admin/ScopeMappedResource.java  |  12 +-
 .../admin/UserClientRoleMappingsResource.java |  14 +-
 .../admin/UserFederationProviderResource.java |  20 +-
 .../UserFederationProvidersResource.java      |  10 +-
 .../resources/admin/UsersResource.java        | 125 ++++++++-----
 .../admin/info/ServerInfoAdminResource.java   |   2 +-
 23 files changed, 528 insertions(+), 214 deletions(-)

diff --git a/services/pom.xml b/services/pom.xml
index 25e1756547..bfb07ce768 100755
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -292,6 +292,7 @@
                                         <!-- List of attributes:
                                         https://github.com/asciidoctor/asciidoctorj/blob/master/asciidoctorj-core/src/main/java/org/asciidoctor/Attributes.java
                                          -->
+                                        <toc/>
                                         <generated>${project.basedir}/target/apidocs-rest/asciidoc</generated>
                                     </attributes>
                                 </configuration>
diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
index e86e68e10e..bb17291d85 100644
--- a/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
@@ -12,15 +12,10 @@ import javax.ws.rs.core.Response;
 
 import org.jboss.logging.Logger;
 import org.keycloak.OAuth2Constants;
-import org.keycloak.authentication.AuthenticationFlowContext;
 import org.keycloak.authentication.AuthenticationFlowError;
 import org.keycloak.authentication.ClientAuthenticationFlowContext;
-import org.keycloak.events.Details;
-import org.keycloak.events.Errors;
 import org.keycloak.models.AuthenticationExecutionModel;
 import org.keycloak.models.ClientModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
 import org.keycloak.provider.ProviderConfigProperty;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.util.BasicAuthHelper;
@@ -147,7 +142,7 @@ public class ClientIdAndSecretAuthenticator extends AbstractClientAuthenticator
 
     @Override
     public List<ProviderConfigProperty> getConfigPropertiesPerClient() {
-        // This impl doesn't use generic screen in admin console, but has it's own screen. So no need to return anything here
+        // This impl doesn't use generic screen in admin console, but has its own screen. So no need to return anything here
         return Collections.emptyList();
     }
 
diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
index bb87e34dc0..0c308abec3 100644
--- a/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java
@@ -19,7 +19,6 @@ import org.keycloak.jose.jws.JWSInput;
 import org.keycloak.jose.jws.crypto.RSAProvider;
 import org.keycloak.models.AuthenticationExecutionModel;
 import org.keycloak.models.ClientModel;
-import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.provider.ProviderConfigProperty;
@@ -163,7 +162,7 @@ public class JWTClientAuthenticator extends AbstractClientAuthenticator {
 
     @Override
     public List<ProviderConfigProperty> getConfigPropertiesPerClient() {
-        // This impl doesn't use generic screen in admin console, but has it's own screen. So no need to return anything here
+        // This impl doesn't use generic screen in admin console, but has its own screen. So no need to return anything here
         return Collections.emptyList();
     }
 
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index bb582af189..fb0578e8f3 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -337,7 +337,7 @@ public class RealmManager implements RealmImporter {
         }
 
         // Could happen when migrating from older version and I have exported JSON file, which contains "realm-management" client but not "impersonation" client
-        // I need to postpone impersonation because it needs "realm-management" client and it's roles set
+        // I need to postpone impersonation because it needs "realm-management" client and its roles set
         if (postponeImpersonationSetup) {
             setupImpersonationService(realm);
         }
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java
index 38eec9cd77..26b9956f56 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AttackDetectionResource.java
@@ -2,64 +2,24 @@ package org.keycloak.services.resources.admin;
 
 import org.jboss.logging.Logger;
 import org.jboss.resteasy.annotations.cache.NoCache;
-import org.jboss.resteasy.spi.BadRequestException;
-import org.jboss.resteasy.spi.NotFoundException;
-import org.jboss.resteasy.spi.ResteasyProviderFactory;
 import org.keycloak.ClientConnection;
-import org.keycloak.events.Event;
-import org.keycloak.events.EventQuery;
-import org.keycloak.events.EventStoreProvider;
-import org.keycloak.events.EventType;
-import org.keycloak.events.admin.AdminEvent;
-import org.keycloak.events.admin.AdminEventQuery;
 import org.keycloak.events.admin.OperationType;
-import org.keycloak.exportimport.ClientImporter;
-import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.ModelDuplicateException;
 import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserFederationProviderModel;
-import org.keycloak.models.UserSessionModel;
 import org.keycloak.models.UsernameLoginFailureModel;
-import org.keycloak.models.cache.CacheRealmProvider;
-import org.keycloak.models.cache.CacheUserProvider;
-import org.keycloak.models.utils.ModelToRepresentation;
-import org.keycloak.models.utils.RepresentationToModel;
-import org.keycloak.protocol.oidc.TokenManager;
-import org.keycloak.representations.adapters.action.GlobalRequestResult;
-import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
-import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.services.ErrorResponse;
-import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.services.managers.BruteForceProtector;
-import org.keycloak.services.managers.LDAPConnectionTestManager;
-import org.keycloak.services.managers.RealmManager;
-import org.keycloak.services.managers.ResourceAdminManager;
-import org.keycloak.services.managers.UsersSyncManager;
-import org.keycloak.timer.TimerProvider;
 
-import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
 import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
 import java.util.Map;
-import java.util.regex.PatternSyntaxException;
 
 /**
  * Base resource class for the admin REST api of one realm
@@ -127,7 +87,9 @@ public class AttackDetectionResource {
     }
 
     /**
-     * Clear any user login failures for the user.  This can release temporary disabled user
+     * Clear any user login failures for the user
+     *
+     * This can release temporary disabled user
      *
      * @param username
      */
@@ -143,7 +105,9 @@ public class AttackDetectionResource {
     }
 
     /**
-     * Clear any user login failures for all users.  This can release temporary disabled users
+     * Clear any user login failures for all users
+     *
+     * This can release temporary disabled users
      *
      */
     @Path("brute-force/usernames")
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
index 0bb2e11866..ede2e278a7 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
@@ -6,13 +6,10 @@ import org.jboss.resteasy.spi.BadRequestException;
 import org.jboss.resteasy.spi.NotFoundException;
 import org.keycloak.authentication.AuthenticationFlow;
 import org.keycloak.authentication.Authenticator;
-import org.keycloak.authentication.AuthenticatorUtil;
 import org.keycloak.authentication.ClientAuthenticator;
 import org.keycloak.authentication.ClientAuthenticatorFactory;
 import org.keycloak.authentication.ConfigurableAuthenticatorFactory;
-import org.keycloak.authentication.DefaultAuthenticationFlow;
 import org.keycloak.authentication.FormAction;
-import org.keycloak.authentication.FormAuthenticationFlow;
 import org.keycloak.authentication.FormAuthenticator;
 import org.keycloak.authentication.RequiredActionFactory;
 import org.keycloak.authentication.RequiredActionProvider;
@@ -22,7 +19,6 @@ import org.keycloak.models.AuthenticatorConfigModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RequiredActionProviderModel;
-import org.keycloak.provider.ConfiguredProvider;
 import org.keycloak.provider.ProviderConfigProperty;
 import org.keycloak.provider.ProviderFactory;
 import org.keycloak.representations.idm.ConfigPropertyRepresentation;
@@ -172,6 +168,11 @@ public class AuthenticationManagementResource {
         }
     }
 
+    /**
+     * Get form providers
+     *
+     * Returns a list of form providers.
+     */
     @Path("/form-providers")
     @GET
     @NoCache
@@ -182,6 +183,11 @@ public class AuthenticationManagementResource {
         return buildProviderMetadata(factories);
     }
 
+    /**
+     * Get authenticator providers
+     *
+     * Returns a list of authenticator providers.
+     */
     @Path("/authenticator-providers")
     @GET
     @NoCache
@@ -192,6 +198,11 @@ public class AuthenticationManagementResource {
         return buildProviderMetadata(factories);
     }
 
+    /**
+     * Get client authenticator providers
+     *
+     * Returns a list of client authenticator providers.
+     */
     @Path("/client-authenticator-providers")
     @GET
     @NoCache
@@ -216,6 +227,11 @@ public class AuthenticationManagementResource {
         return providers;
     }
 
+    /**
+     * Get form action providers
+     *
+     * Returns a list of form action providers.
+     */
     @Path("/form-action-providers")
     @GET
     @NoCache
@@ -227,6 +243,11 @@ public class AuthenticationManagementResource {
     }
 
 
+    /**
+     * Get authentication flows
+     *
+     * Returns a list of authentication flows.
+     */
     @Path("/flows")
     @GET
     @NoCache
@@ -242,6 +263,12 @@ public class AuthenticationManagementResource {
         return flows;
     }
 
+    /**
+     * Create a new authentication flow
+     *
+     * @param model Authentication flow model
+     * @return
+     */
     @Path("/flows")
     @POST
     @NoCache
@@ -258,6 +285,12 @@ public class AuthenticationManagementResource {
 
     }
 
+    /**
+     * Get authentication flow for id
+     *
+     * @param id Flow id
+     * @return
+     */
     @Path("/flows/{id}")
     @GET
     @NoCache
@@ -272,6 +305,11 @@ public class AuthenticationManagementResource {
         return flow;
     }
 
+    /**
+     * Delete an authentication flow
+     *
+     * @param id Flow id
+     */
     @Path("/flows/{id}")
     @DELETE
     @NoCache
@@ -288,6 +326,14 @@ public class AuthenticationManagementResource {
         realm.removeAuthenticationFlow(flow);
     }
 
+    /**
+     * Copy existing authentication flow under a new name
+     *
+     * The new name is given as 'newName' attribute of the passed JSON object
+     *
+     * @param flowAlias Name of the existing authentication flow
+     * @param data JSON containing 'newName' attribute
+     */
     @Path("/flows/{flowAlias}/copy")
     @POST
     @NoCache
@@ -338,6 +384,12 @@ public class AuthenticationManagementResource {
         }
     }
 
+    /**
+     * Add new flow with new execution to existing flow
+     *
+     * @param flowAlias Alias of parent authentication flow
+     * @param data New authentication flow / execution JSON data containing 'alias', 'type', 'provider', and 'description' attributes
+     */
     @Path("/flows/{flowAlias}/executions/flow")
     @POST
     @NoCache
@@ -373,6 +425,12 @@ public class AuthenticationManagementResource {
         realm.addAuthenticatorExecution(execution);
     }
 
+    /**
+     * Add new authentication execution to a flow
+     *
+     * @param flowAlias Alias of parent flow
+     * @param data New execution JSON data containing 'provider' attribute
+     */
     @Path("/flows/{flowAlias}/executions/execution")
     @POST
     @NoCache
@@ -395,8 +453,11 @@ public class AuthenticationManagementResource {
         realm.addAuthenticatorExecution(execution);
     }
 
-
-
+    /**
+     * Get authentication executions for a flow
+     *
+     * @param flowAlias Flow alias
+     */
     @Path("/flows/{flowAlias}/executions")
     @GET
     @NoCache
@@ -467,6 +528,12 @@ public class AuthenticationManagementResource {
         }
     }
 
+    /**
+     * Update authentication executions of a flow
+     *
+     * @param flowAlias Flow alias
+     * @param rep
+     */
     @Path("/flows/{flowAlias}/executions")
     @PUT
     @NoCache
@@ -492,6 +559,11 @@ public class AuthenticationManagementResource {
         }
     }
 
+    /**
+     * Add new authentication execution
+     *
+     * @param model JSON model describing authentication execution
+     */
     @Path("/executions")
     @POST
     @NoCache
@@ -525,6 +597,11 @@ public class AuthenticationManagementResource {
         return parentFlow;
     }
 
+    /**
+     * Raise execution's priority
+     *
+     * @param execution Execution id
+     */
     @Path("/executions/{executionId}/raise-priority")
     @POST
     @NoCache
@@ -564,6 +641,11 @@ public class AuthenticationManagementResource {
         return executions;
     }
 
+    /**
+     * Lower execution's priority
+     *
+     * @param execution Execution id
+     */
     @Path("/executions/{executionId}/lower-priority")
     @POST
     @NoCache
@@ -597,6 +679,11 @@ public class AuthenticationManagementResource {
     }
 
 
+    /**
+     * Delete execution
+     *
+     * @param execution Execution id
+     */
     @Path("/executions/{executionId}")
     @DELETE
     @NoCache
@@ -617,9 +704,13 @@ public class AuthenticationManagementResource {
     }
 
 
-
-
-
+    /**
+     * Update execution with new configuration
+     *
+     * @param execution Execution id
+     * @param config JSON with new configuration
+     * @return
+     */
     @Path("/executions/{executionId}/config")
     @POST
     @NoCache
@@ -639,6 +730,12 @@ public class AuthenticationManagementResource {
         return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build();
     }
 
+    /**
+     * Get execution's configuration
+     *
+     * @param execution Execution id
+     * @param id Configuration id
+     */
     @Path("/executions/{executionId}/config/{id}")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
@@ -702,6 +799,11 @@ public class AuthenticationManagementResource {
         }
     }
 
+    /**
+     * Get unregistered required actions
+     *
+     * Returns a list of unregistered required actions.
+     */
     @Path("unregistered-required-actions")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
@@ -729,6 +831,11 @@ public class AuthenticationManagementResource {
         return unregisteredList;
     }
 
+    /**
+     * Register a new required actions
+     *
+     * @param data JSON containing 'providerId', and 'name' attributes.
+     */
     @Path("register-required-action")
     @POST
     @Consumes(MediaType.APPLICATION_JSON)
@@ -746,7 +853,11 @@ public class AuthenticationManagementResource {
     }
 
 
-
+    /**
+     * Get required actions
+     *
+     * Returns a list of required actions.
+     */
     @Path("required-actions")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
@@ -770,6 +881,10 @@ public class AuthenticationManagementResource {
         return rep;
     }
 
+    /**
+     * Get required action for alias
+     * @param alias Alias of required action
+     */
     @Path("required-actions/{alias}")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
@@ -783,6 +898,12 @@ public class AuthenticationManagementResource {
     }
 
 
+    /**
+     * Update required action
+     *
+     * @param alias Alias of required action
+     * @param rep JSON describing new state of required action
+     */
     @Path("required-actions/{alias}")
     @PUT
     @Consumes(MediaType.APPLICATION_JSON)
@@ -803,6 +924,10 @@ public class AuthenticationManagementResource {
         realm.updateRequiredActionProvider(update);
     }
 
+    /**
+     * Delete required action
+     * @param alias Alias of required action
+     */
     @Path("required-actions/{alias}")
     @DELETE
     public void updateRequiredAction(@PathParam("alias") String alias) {
@@ -855,6 +980,9 @@ public class AuthenticationManagementResource {
     }
 
 
+    /**
+     * Get authenticator provider's configuration description
+     */
     @Path("config-description/{providerId}")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
@@ -888,7 +1016,9 @@ public class AuthenticationManagementResource {
         return propRep;
     }
 
-
+    /**
+     *  Get configuration descriptions for all clients
+     */
     @Path("per-client-config-description")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
@@ -915,6 +1045,10 @@ public class AuthenticationManagementResource {
         return toReturn;
     }
 
+    /**
+     * Create new authenticator configuration
+     * @param config JSON describing new authenticator configuration
+     */
     @Path("config")
     @POST
     @NoCache
@@ -924,6 +1058,10 @@ public class AuthenticationManagementResource {
         return Response.created(uriInfo.getAbsolutePathBuilder().path(config.getId()).build()).build();
     }
 
+    /**
+     * Get authenticator configuration
+     * @param id Configuration id
+     */
     @Path("config/{id}")
     @GET
     @Produces(MediaType.APPLICATION_JSON)
@@ -937,6 +1075,11 @@ public class AuthenticationManagementResource {
         }
         return config;
     }
+
+    /**
+     * Delete authenticator configuration
+     * @param id Configuration id
+     */
     @Path("config/{id}")
     @DELETE
     @NoCache
@@ -959,6 +1102,12 @@ public class AuthenticationManagementResource {
 
         realm.removeAuthenticatorConfig(config);
     }
+
+    /**
+     * Update authenticator configuration
+     * @param id Configuration id
+     * @param config JSON describing new state of authenticator configuration
+     */
     @Path("config/{id}")
     @PUT
     @Consumes(MediaType.APPLICATION_JSON)
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
index f6949fc4c2..c6a5feae93 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
@@ -64,6 +64,7 @@ public class ClientAttributeCertificateResource {
     }
 
     /**
+     * Get key info
      *
      * @return
      */
@@ -78,6 +79,7 @@ public class ClientAttributeCertificateResource {
     }
 
     /**
+     * Generate a new certificate with new key pair
      *
      * @return
      */
@@ -256,8 +258,9 @@ public class ClientAttributeCertificateResource {
     }
 
     /**
+     * Get a keystore file for the client, containing private key and public certificate
      *
-     * @param config
+     * @param config Keystore configuration as JSON
      * @return
      */
     @POST
@@ -288,10 +291,12 @@ public class ClientAttributeCertificateResource {
     }
 
     /**
-     * Generate new keypair and certificate and downloads private key into specified keystore format. Only generated certificate is saved in Keycloak DB, but private
-     * key is not.
+     * Generate a new keypair and certificate, and get the private key file
      *
-     * @param config
+     * Generates a keypair and certificate and serves the private key in a specified keystore format.
+     * Only generated public certificate is saved in Keycloak DB - the private key is not.
+     *
+     * @param config Keystore configuration as JSON
      * @return
      */
     @POST
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
index 821f2793ee..2198333559 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
@@ -92,7 +92,7 @@ public class ClientResource {
     }
 
     /**
-     * Update the client.
+     * Update the client
      * @param rep
      * @return
      */
@@ -116,7 +116,7 @@ public class ClientResource {
 
 
     /**
-     * Get representation of the client.
+     * Get representation of the client
      *
      * @return
      */
@@ -129,6 +129,7 @@ public class ClientResource {
     }
 
     /**
+     * Get representation of certificate resource
      *
      * @param attributePrefix
      * @return
@@ -140,7 +141,9 @@ public class ClientResource {
 
 
     /**
-     * Return keycloak.json file for this client to be used to configure the adapter of that client.
+     * Get keycloak.json file
+     *
+     * Returns a keycloak.json file to be used to configure the adapter of the specified client.
      *
      * @return
      * @throws IOException
@@ -160,7 +163,9 @@ public class ClientResource {
     }
 
     /**
-     * Return XML that can be included in the JBoss/Wildfly Keycloak subsystem to configure the adapter of that client.
+     * Get adapter configuration XML for JBoss / Wildfly Keycloak subsystem
+     *
+     * Returns XML that can be included in the JBoss / Wildfly Keycloak subsystem to configure the adapter of that client.
      *
      * @return
      * @throws IOException
@@ -177,7 +182,7 @@ public class ClientResource {
     }
 
     /**
-     * Delete this client.
+     * Delete the client
      *
      */
     @DELETE
@@ -190,7 +195,7 @@ public class ClientResource {
 
 
     /**
-     * Generates a new secret for this client
+     * Generate a new secret for the client
      *
      * @return
      */
@@ -209,7 +214,7 @@ public class ClientResource {
     }
 
     /**
-     * Get the secret of this client
+     * Get the client secret
      *
      * @return
      */
@@ -227,7 +232,7 @@ public class ClientResource {
     }
 
     /**
-     * Base path for managing the scope mappings for this client
+     * Base path for managing the scope mappings for the client
      *
      * @return
      */
@@ -242,7 +247,9 @@ public class ClientResource {
     }
 
     /**
-     * Returns set of allowed origin.  This is used for CORS requests.  Access tokens will have
+     * Get allowed origins
+     *
+     * This is used for CORS requests.  Access tokens will have
      * their allowedOrigins claim set to this value for tokens created for this client.
      *
      * @return
@@ -258,7 +265,9 @@ public class ClientResource {
     }
 
     /**
-     * Change the set of allowed origins.   This is used for CORS requests.  Access tokens will have
+     * Update allowed origins
+     *
+     * This is used for CORS requests.  Access tokens will have
      * their allowedOrigins claim set to this value for tokens created for this client.
      *
      * @param allowedOrigins
@@ -275,10 +284,12 @@ public class ClientResource {
     }
 
     /**
-     * Remove set of allowed origins from current allowed origins list.  This is used for CORS requests.  Access tokens will have
+     * Delete the specified origins from current allowed origins
+     *
+     * This is used for CORS requests.  Access tokens will have
      * their allowedOrigins claim set to this value for tokens created for this client.
      *
-     * @param allowedOrigins
+     * @param allowedOrigins List of origins to delete
      */
     @Path("allowed-origins")
     @DELETE
@@ -294,7 +305,7 @@ public class ClientResource {
     }
 
     /**
-     * Returns user dedicated to this service account
+     * Get a user dedicated to the service account
      *
      * @return
      */
@@ -319,8 +330,9 @@ public class ClientResource {
     }
 
     /**
-     * If the client has an admin URL, push the client's revocation policy to it.
+     * Push the client's revocation policy to its admin URL
      *
+     * If the client has an admin URL, push revocation policy to it.
      */
     @Path("push-revocation")
     @POST
@@ -332,7 +344,9 @@ public class ClientResource {
     }
     
     /**
-     * Number of user sessions associated with this client
+     * Get application session count
+     *
+     * Returns a number of user sessions associated with this client
      *
      * {
      *     "count": number
@@ -352,8 +366,12 @@ public class ClientResource {
     }
 
     /**
-     * Return a list of user sessions associated with this client
+     * Get user sessions for client
      *
+     * Returns a list of user sessions associated with this client
+     *
+     * @param firstResult Paging offset
+     * @param maxResults Paging size
      * @return
      */
     @Path("user-sessions")
@@ -373,6 +391,8 @@ public class ClientResource {
     }
 
     /**
+     * Logout all sessions
+     *
      * If the client has an admin URL, invalidate all sessions associated with that client directly.
      *
      */
@@ -386,6 +406,8 @@ public class ClientResource {
     }
 
     /**
+     * Logout the user by username
+     *
      * If the client has an admin URL, invalidate the sessions for a particular user directly.
      *
      */
@@ -403,6 +425,8 @@ public class ClientResource {
     }
 
     /**
+     * Register a cluster node with the client
+     *
      * Manually register cluster node to this client - usually it's not needed to call this directly as adapter should handle
      * by sending registration request to Keycloak
      *
@@ -423,7 +447,7 @@ public class ClientResource {
     }
 
     /**
-     * Unregister cluster node from this client
+     * Unregister a cluster node from the client
      *
      * @param node
      */
@@ -443,7 +467,9 @@ public class ClientResource {
     }
 
     /**
-     * Test if registered cluster nodes are available by sending 'ping' request to all of them
+     * Test if registered cluster nodes are available
+     *
+     * Tests availability by sending 'ping' request to all cluster nodes.
      *
      * @return
      */
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
index 862aa0952b..e780dbf9b1 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java
@@ -52,9 +52,9 @@ public class ClientsResource {
     }
 
     /**
-     * List of clients belonging to this realm.
+     * Get clients belonging to the realm
      *
-     * @return
+     * Returns a list of clients belonging to the realm
      */
     @GET
     @Produces(MediaType.APPLICATION_JSON)
@@ -80,7 +80,9 @@ public class ClientsResource {
     }
 
     /**
-     * Create a new client.  Client client_id must be unique!
+     * Create a new client
+     *
+     * Client's client_id must be unique!
      *
      * @param uriInfo
      * @param rep
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
index eeffe5dc22..bf17f4be0c 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
@@ -7,7 +7,6 @@ import org.keycloak.broker.provider.IdentityProvider;
 import org.keycloak.broker.provider.IdentityProviderFactory;
 import org.keycloak.broker.provider.IdentityProviderMapper;
 import org.keycloak.events.admin.OperationType;
-import org.keycloak.models.ClientModel;
 import org.keycloak.models.FederatedIdentityModel;
 import org.keycloak.models.IdentityProviderMapperModel;
 import org.keycloak.models.IdentityProviderModel;
@@ -70,6 +69,11 @@ public class IdentityProviderResource {
         this.adminEvent = adminEvent;
     }
 
+    /**
+     * Get the identity provider
+     *
+     * @return
+     */
     @GET
     @NoCache
     @Produces(MediaType.APPLICATION_JSON)
@@ -79,6 +83,11 @@ public class IdentityProviderResource {
         return rep;
     }
 
+    /**
+     * Delete the identity provider
+     *
+     * @return
+     */
     @DELETE
     @NoCache
     public Response delete() {
@@ -91,6 +100,12 @@ public class IdentityProviderResource {
         return Response.noContent().build();
     }
 
+    /**
+     * Update the identity provider
+     *
+     * @param providerRep
+     * @return
+     */
     @PUT
     @Consumes(MediaType.APPLICATION_JSON)
     @NoCache
@@ -161,7 +176,13 @@ public class IdentityProviderResource {
         return null;
     }
 
-
+    /**
+     * Export public broker configuration for identity provider
+     *
+     * @param uriInfo
+     * @param format Format to use
+     * @return
+     */
     @GET
     @Path("export")
     @NoCache
@@ -175,6 +196,9 @@ public class IdentityProviderResource {
         }
     }
 
+    /**
+     * Get mapper types for identity provider
+     */
     @GET
     @Path("mapper-types")
     @NoCache
@@ -210,6 +234,9 @@ public class IdentityProviderResource {
         return types;
     }
 
+    /**
+     * Get mappers for identity provider
+     */
     @GET
     @Path("mappers")
     @Produces(MediaType.APPLICATION_JSON)
@@ -223,6 +250,12 @@ public class IdentityProviderResource {
         return mappers;
     }
 
+    /**
+     * Add a mapper to identity provider
+     *
+     * @param mapper
+     * @return
+     */
     @POST
     @Path("mappers")
     @Consumes(MediaType.APPLICATION_JSON)
@@ -238,6 +271,12 @@ public class IdentityProviderResource {
 
     }
 
+    /**
+     * Get mapper by id for the identity provider
+     *
+     * @param id
+     * @return
+     */
     @GET
     @NoCache
     @Path("mappers/{id}")
@@ -249,6 +288,12 @@ public class IdentityProviderResource {
         return ModelToRepresentation.toRepresentation(model);
     }
 
+    /**
+     * Update a mapper for the identity provider
+     *
+     * @param id Mapper id
+     * @param rep
+     */
     @PUT
     @NoCache
     @Path("mappers/{id}")
@@ -263,6 +308,11 @@ public class IdentityProviderResource {
 
     }
 
+    /**
+     * Delete a mapper for the identity provider
+     *
+     * @param id Mapper id
+     */
     @DELETE
     @NoCache
     @Path("mappers/{id}")
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java
index 8b2a0499e5..d3dc33a5a2 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProvidersResource.java
@@ -57,6 +57,12 @@ public class IdentityProvidersResource {
         this.adminEvent = adminEvent;
     }
 
+    /**
+     * Get identity providers
+     *
+     * @param providerId Provider id
+     * @return
+     */
     @Path("/providers/{provider_id}")
     @GET
     @NoCache
@@ -70,6 +76,14 @@ public class IdentityProvidersResource {
         return Response.status(BAD_REQUEST).build();
     }
 
+    /**
+     * Import identity provider from uploaded JSON file
+     *
+     * @param uriInfo
+     * @param input
+     * @return
+     * @throws IOException
+     */
     @POST
     @Path("import-config")
     @Consumes(MediaType.MULTIPART_FORM_DATA)
@@ -85,6 +99,14 @@ public class IdentityProvidersResource {
         return config;
     }
 
+    /**
+     * Import identity provider from JSON body
+     *
+     * @param uriInfo
+     * @param data JSON body
+     * @return
+     * @throws IOException
+     */
     @POST
     @Path("import-config")
     @Consumes(MediaType.APPLICATION_JSON)
@@ -108,6 +130,11 @@ public class IdentityProvidersResource {
         }
     }
 
+    /**
+     * Get identity providers
+     *
+     * @return
+     */
     @GET
     @Path("instances")
     @NoCache
@@ -123,6 +150,13 @@ public class IdentityProvidersResource {
         return representations;
     }
 
+    /**
+     * Create a new identity provider
+     *
+     * @param uriInfo
+     * @param representation JSON body
+     * @return
+     */
     @POST
     @Path("instances")
     @Consumes(MediaType.APPLICATION_JSON)
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java
index 145a26d0ce..306d350b65 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ProtocolMappersResource.java
@@ -7,7 +7,6 @@ import org.keycloak.events.admin.OperationType;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.ProtocolMapperModel;
-import org.keycloak.models.RealmModel;
 import org.keycloak.models.utils.ModelToRepresentation;
 import org.keycloak.models.utils.RepresentationToModel;
 import org.keycloak.representations.idm.ProtocolMapperRepresentation;
@@ -39,7 +38,7 @@ public class ProtocolMappersResource {
     
     protected ClientModel client;
 
-    protected  RealmAuth auth;
+    protected RealmAuth auth;
     
     protected AdminEventBuilder adminEvent;
 
@@ -58,7 +57,7 @@ public class ProtocolMappersResource {
     }
 
     /**
-     * Map of mappers by name for a specific protocol
+     * Get mappers by name for a specific protocol
      *
      * @param protocol
      * @return
@@ -77,7 +76,7 @@ public class ProtocolMappersResource {
     }
 
     /**
-     * creates mapper
+     * Create a mapper
      *
      * @param rep
      */
@@ -93,7 +92,7 @@ public class ProtocolMappersResource {
         return Response.created(uriInfo.getAbsolutePathBuilder().path(model.getId()).build()).build();
     }
     /**
-     * creates multiple mapper
+     * Create multiple mappers
      *
      */
     @Path("add-models")
@@ -110,6 +109,11 @@ public class ProtocolMappersResource {
         adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo).representation(reps).success();
     }
 
+    /**
+     * Get mappers
+     *
+     * @return
+     */
     @GET
     @NoCache
     @Path("models")
@@ -123,6 +127,12 @@ public class ProtocolMappersResource {
         return mappers;
     }
 
+    /**
+     * Get mapper by id
+     *
+     * @param id Mapper id
+     * @return
+     */
     @GET
     @NoCache
     @Path("models/{id}")
@@ -134,6 +144,12 @@ public class ProtocolMappersResource {
         return ModelToRepresentation.toRepresentation(model);
     }
 
+    /**
+     * Update the mapper
+     *
+     * @param id Mapper id
+     * @param rep
+     */
     @PUT
     @NoCache
     @Path("models/{id}")
@@ -147,6 +163,11 @@ public class ProtocolMappersResource {
         adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
     }
 
+    /**
+     * Delete the mapper
+     *
+     * @param id Mapper id
+     */
     @DELETE
     @NoCache
     @Path("models/{id}")
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
index 40710a1a11..bab74d646e 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@@ -6,8 +6,6 @@ import org.jboss.resteasy.spi.BadRequestException;
 import org.jboss.resteasy.spi.NotFoundException;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
 import org.keycloak.ClientConnection;
-import org.keycloak.authentication.RequiredActionFactory;
-import org.keycloak.authentication.RequiredActionProvider;
 import org.keycloak.events.Event;
 import org.keycloak.events.EventQuery;
 import org.keycloak.events.EventStoreProvider;
@@ -27,7 +25,6 @@ import org.keycloak.models.cache.CacheUserProvider;
 import org.keycloak.models.utils.ModelToRepresentation;
 import org.keycloak.models.utils.RepresentationToModel;
 import org.keycloak.protocol.oidc.TokenManager;
-import org.keycloak.provider.ProviderFactory;
 import org.keycloak.representations.adapters.action.GlobalRequestResult;
 import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
@@ -143,7 +140,9 @@ public class RealmAdminResource {
     }
 
     /**
-     * Get the top-level representation of the realm.  It will not include nested information like User and Client representations.
+     * Get the top-level representation of the realm
+     *
+     * It will not include nested information like User and Client representations.
      *
      * @return
      */
@@ -172,7 +171,9 @@ public class RealmAdminResource {
     }
 
     /**
-     * Update the top-level information of this realm.  Any user, roles or client information in the representation
+     * Update the top-level information of the realm
+     *
+     * Any user, roles or client information in the representation
      * will be ignored.  This will only update top-level attributes of the realm.
      *
      * @param rep
@@ -215,7 +216,7 @@ public class RealmAdminResource {
     }
 
     /**
-     * Delete this realm.
+     * Delete the realm
      *
      */
     @DELETE
@@ -260,7 +261,7 @@ public class RealmAdminResource {
     }
 
     /**
-     * Path for managing all realm-level or client-level roles defined in this realm by it's id.
+     * Path for managing all realm-level or client-level roles defined in this realm by its id.
      *
      * @return
      */
@@ -316,8 +317,10 @@ public class RealmAdminResource {
     }
 
     /**
+     * Get client session stats
+     *
      * Returns a JSON map.  The key is the client id, the value is the number of sessions that currently are active
-     * with that client.  Only client's that actually have a session associated with them will be in this map.
+     * with that client.  Only clients that actually have a session associated with them will be in this map.
      *
      * @return
      */
@@ -341,7 +344,9 @@ public class RealmAdminResource {
     }
 
     /**
-     * View the events provider and how it is configured.
+     * Get the events provider configuration
+     *
+     * Returns JSON object with events provider configuration
      *
      * @return
      */
@@ -356,7 +361,9 @@ public class RealmAdminResource {
     }
 
     /**
-     * Change the events provider and/or it's configuration
+     * Update the events provider
+     *
+     * Change the events provider and/or its configuration
      *
      * @param rep
      */
@@ -371,15 +378,17 @@ public class RealmAdminResource {
     }
 
     /**
-     * Query events.  Returns all events, or will query based on URL query parameters listed here
+     * Get events
      *
-     * @param client app or oauth client name
-     * @param user user id
-     * @param ipAddress
-     * @param dateTo
-     * @param dateFrom
-     * @param firstResult
-     * @param maxResults
+     * Returns all events, or filters them based on URL query parameters listed here
+     *
+     * @param client App or oauth client name
+     * @param user User id
+     * @param ipAddress IP address
+     * @param dateTo To date
+     * @param dateFrom From date
+     * @param firstResult Paging offset
+     * @param maxResults Paging size
      * @return
      */
     @Path("events")
@@ -448,7 +457,9 @@ public class RealmAdminResource {
     }
     
     /**
-     * Query admin events.  Returns all admin events, or will query based on URL query parameters listed here
+     * Get admin events
+     *
+     * Returns all admin events, or filters events based on URL query parameters listed here
      *
      * @param authRealm
      * @param authClient
@@ -538,7 +549,7 @@ public class RealmAdminResource {
     }
 
     /**
-     * Delete all events.
+     * Delete all events
      *
      */
     @Path("events")
@@ -551,7 +562,7 @@ public class RealmAdminResource {
     }
     
     /**
-     * Delete all admin events.
+     * Delete all admin events
      *
      */
     @Path("admin-events")
@@ -563,6 +574,15 @@ public class RealmAdminResource {
         eventStore.clearAdmin(realm.getId());
     }
 
+    /**
+     * Test LDAP connection
+     *
+     * @param action
+     * @param connectionUrl
+     * @param bindDn
+     * @param bindCredential
+     * @return
+     */
     @Path("testLDAPConnection")
     @GET
     @NoCache
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
index f2494c90ee..d0fb5214eb 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java
@@ -73,7 +73,9 @@ public class RealmsAdminResource {
     }
 
     /**
-     * Returns a list of realms.  This list is filtered based on what realms the caller is allowed to view.
+     * Get accessible realms
+     *
+     * Returns a list of accessible realms. The list is filtered based on what realms the caller is allowed to view.
      *
      * @return
      */
@@ -107,10 +109,12 @@ public class RealmsAdminResource {
     }
 
     /**
-     * Import a realm from a full representation of that realm.  Realm name must be unique.
+     * Import a realm
+     *
+     * Imports a realm from a full representation of that realm.  Realm name must be unique.
      *
      * @param uriInfo
-     * @param rep JSON representation
+     * @param rep JSON representation of the realm
      * @return
      */
     @POST
@@ -141,7 +145,9 @@ public class RealmsAdminResource {
     }
 
     /**
-     * Upload a realm from a uploaded JSON file.  The posted represenation is expected to be a multipart/form-data encapsulation
+     * Import a realm from uploaded JSON file
+     *
+     * The posted represenation is expected to be a multipart/form-data encapsulation
      * of a JSON file.  The same format a browser would use when uploading a file.
      *
      * @param uriInfo
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
index bea5d5283c..1482cabe3f 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleByIdResource.java
@@ -87,7 +87,7 @@ public class RoleByIdResource extends RoleResource {
     }
 
     /**
-     * Delete this role
+     * Delete the role
      *
      * @param id id of role
      */
@@ -102,7 +102,7 @@ public class RoleByIdResource extends RoleResource {
     }
 
     /**
-     * Update this role
+     * Update the role
      *
      * @param id id of role
      * @param rep
@@ -118,7 +118,7 @@ public class RoleByIdResource extends RoleResource {
     }
 
     /**
-     * Make this role a composite role by associating some child roles to it.
+     * Make the role a composite role by associating some child roles
      *
      * @param id
      * @param roles
@@ -133,7 +133,9 @@ public class RoleByIdResource extends RoleResource {
     }
 
     /**
-     * If this role is a composite, return a set of its children
+     * Get role's children
+     *
+     * Returns a set of role's children provided the role is a composite.
      *
      * @param id
      * @return
@@ -151,7 +153,7 @@ public class RoleByIdResource extends RoleResource {
     }
 
     /**
-     * Return a set of realm-level roles that are in the role's composite
+     * Get realm-level roles that are in the role's composite
      *
      * @param id
      * @return
@@ -167,7 +169,7 @@ public class RoleByIdResource extends RoleResource {
     }
 
     /**
-     * Return a set of client-level roles for a specific client that are in the role's composite
+     * Get client-level roles for the client that are in the role's composite
      *
      * @param id
      * @param client
@@ -189,7 +191,7 @@ public class RoleByIdResource extends RoleResource {
     }
 
     /**
-     * Return a set of client-level roles for a specific client that are in the role's composite
+     * Get client-level roles for the client that are in the role's composite
      *
      * @param role
      * @param client
@@ -212,10 +214,10 @@ public class RoleByIdResource extends RoleResource {
     }
 
     /**
-     * Remove the listed set of roles from this role's composite
+     * Remove a set of roles from the role's composite
      *
-     * @param id
-     * @param roles
+     * @param id Role id
+     * @param roles A set of roles to be removed
      */
     @Path("{role-id}/composites")
     @DELETE
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
index f267d15ef5..168ff471c6 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RoleContainerResource.java
@@ -4,7 +4,6 @@ import org.jboss.resteasy.annotations.cache.NoCache;
 import org.jboss.resteasy.spi.NotFoundException;
 import org.keycloak.events.admin.OperationType;
 import org.keycloak.models.ClientModel;
-import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.ModelDuplicateException;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleContainerModel;
@@ -51,7 +50,7 @@ public class RoleContainerResource extends RoleResource {
     }
 
     /**
-     * List all roles for this realm or client
+     * Get all roles for the realm or client
      *
      * @return
      */
@@ -70,7 +69,7 @@ public class RoleContainerResource extends RoleResource {
     }
 
     /**
-     * Create a new role for this realm or client
+     * Create a new role for the realm or client
      *
      * @param rep
      * @return
@@ -164,7 +163,7 @@ public class RoleContainerResource extends RoleResource {
     }
 
     /**
-     * Add a composite to this role
+     * Add a composite to the role
      *
      * @param roleName role's name (not id!)
      * @param roles
@@ -183,7 +182,7 @@ public class RoleContainerResource extends RoleResource {
     }
 
     /**
-     * List composites of this role
+     * Get composites of the role
      *
      * @param roleName role's name (not id!)
      * @return
@@ -203,7 +202,7 @@ public class RoleContainerResource extends RoleResource {
     }
 
     /**
-     * Get realm-level roles of this role's composite
+     * Get realm-level roles of the role's composite
      *
      * @param roleName role's name (not id!)
      * @return
@@ -223,7 +222,7 @@ public class RoleContainerResource extends RoleResource {
     }
 
     /**
-     * An app-level roles for a specific app for this role's composite
+     * An app-level roles for the specified app for the role's composite
      *
      * @param roleName role's name (not id!)
      * @param client
@@ -252,7 +251,7 @@ public class RoleContainerResource extends RoleResource {
 
 
     /**
-     * Remove roles from this role's composite
+     * Remove roles from the role's composite
      *
      * @param roleName role's name (not id!)
      * @param roles roles to remove
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java
index c087197efa..44b355e037 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedClientResource.java
@@ -44,7 +44,9 @@ public class ScopeMappedClientResource {
     }
 
     /**
-     * Get the roles associated with a client's scope for a specific client.
+     * Get the roles associated with a client's scope
+     *
+     * Returns roles for the client.
      *
      * @return
      */
@@ -63,7 +65,9 @@ public class ScopeMappedClientResource {
     }
 
     /**
-     * The available client-level roles that can be associated with the client's scope
+     * The available client-level roles
+     *
+     * Returns the roles for the client that can be associated with the client's scope
      *
      * @return
      */
@@ -79,7 +83,9 @@ public class ScopeMappedClientResource {
     }
 
     /**
-     * Get effective client roles that are associated with the client's scope for a specific client.
+     * Get effective client roles
+     *
+     * Returns the roles for the client that are associated with the client's scope.
      *
      * @return
      */
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
index 407594452c..2d9b6a263b 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ScopeMappedResource.java
@@ -19,9 +19,7 @@ import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.UriInfo;
 
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -51,7 +49,7 @@ public class ScopeMappedResource {
     }
 
     /**
-     * Get all scope mappings for this client
+     * Get all scope mappings for the client
      *
      * @return
      */
@@ -94,7 +92,7 @@ public class ScopeMappedResource {
     }
 
     /**
-     * Get list of realm-level roles associated with this client's scope.
+     * Get realm-level roles associated with the client's scope
      *
      * @return
      */
@@ -114,7 +112,7 @@ public class ScopeMappedResource {
     }
 
     /**
-     * Get list of realm-level roles that are available to attach to this client's scope.
+     * Get realm-level roles that are available to attach to this client's scope
      *
      * @return
      */
@@ -139,7 +137,9 @@ public class ScopeMappedResource {
     }
 
     /**
-     * Get all effective realm-level roles that are associated with this client's scope.  What this does is recurse
+     * Get effective realm-level roles associated with the client's scope
+     *
+     * What this does is recurse
      * any composite roles associated with the client's scope and adds the roles to this lists.  The method is really
      * to show a comprehensive total view of realm-level roles associated with the client.
      *
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java
index 228ebbde86..8c5851c99f 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserClientRoleMappingsResource.java
@@ -5,7 +5,6 @@ import org.jboss.resteasy.annotations.cache.NoCache;
 import org.jboss.resteasy.spi.NotFoundException;
 import org.keycloak.events.admin.OperationType;
 import org.keycloak.models.ClientModel;
-import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
@@ -18,7 +17,6 @@ import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.UriInfo;
 
@@ -51,7 +49,7 @@ public class UserClientRoleMappingsResource {
     }
 
     /**
-     * Get client-level role mappings for this user for a specific app
+     * Get client-level role mappings for the user, and the app
      *
      * @return
      */
@@ -70,7 +68,9 @@ public class UserClientRoleMappingsResource {
     }
 
     /**
-     * Get effective client-level role mappings.  This recurses any composite roles
+     * Get effective client-level role mappings
+     *
+     * This recurses any composite roles
      *
      * @return
      */
@@ -120,9 +120,9 @@ public class UserClientRoleMappingsResource {
     }
 
     /**
-     * Add client-level roles to the user role mapping.
+     * Add client-level roles to the user role mapping
      *
-      * @param roles
+     * @param roles
      */
     @POST
     @Consumes(MediaType.APPLICATION_JSON)
@@ -141,7 +141,7 @@ public class UserClientRoleMappingsResource {
     }
 
     /**
-     * Delete client-level roles from user role mapping.
+     * Delete client-level roles from user role mapping
      *
      * @param roles
      */
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java
index db1e278e92..6f7bedfd82 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java
@@ -98,7 +98,7 @@ public class UserFederationProviderResource {
     }
 
     /**
-     * get a provider
+     * Get a provider
      *
      */
     @GET
@@ -126,7 +126,7 @@ public class UserFederationProviderResource {
     }
 
     /**
-     * trigger sync of users
+     * Trigger sync of users
      *
      * @return
      */
@@ -150,7 +150,7 @@ public class UserFederationProviderResource {
     }
 
     /**
-     * List of available User Federation mapper types
+     * Get available user federation mapper types
      *
      * @return
      */
@@ -227,7 +227,7 @@ public class UserFederationProviderResource {
     }
 
     /**
-     * Create mapper
+     * Create a mapper
      *
      * @param mapper
      * @return
@@ -251,9 +251,9 @@ public class UserFederationProviderResource {
     }
 
     /**
-     * Get mapper
+     * Get a mapper
      *
-     * @param id mapperId
+     * @param id Mapper id
      * @return
      */
     @GET
@@ -268,9 +268,9 @@ public class UserFederationProviderResource {
     }
 
     /**
-     * Update mapper
+     * Update a mapper
      *
-     * @param id
+     * @param id Mapper id
      * @param rep
      */
     @PUT
@@ -291,9 +291,9 @@ public class UserFederationProviderResource {
     }
 
     /**
-     * Delete mapper with given ID
+     * Delete a mapper with a given id
      *
-     * @param id
+     * @param id Mapper id
      */
     @DELETE
     @NoCache
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java
index 294e633874..8946c36e72 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserFederationProvidersResource.java
@@ -8,8 +8,6 @@ import org.keycloak.constants.KerberosConstants;
 import org.keycloak.events.admin.OperationType;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
-import org.keycloak.models.RequiredCredentialModel;
-import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserFederationProvider;
 import org.keycloak.models.UserFederationProviderFactory;
 import org.keycloak.models.UserFederationProviderModel;
@@ -84,7 +82,9 @@ public class UserFederationProvidersResource {
     }
 
     /**
-     * Get List of available provider factories
+     * Get available provider factories
+     *
+     * Returns a list of available provider factories.
      *
      * @return
      */
@@ -105,7 +105,7 @@ public class UserFederationProvidersResource {
     }
 
     /**
-     * Get factory with given ID
+     * Get factory with given id
      *
      * @return
      */
@@ -159,7 +159,7 @@ public class UserFederationProvidersResource {
     }
 
     /**
-     * list configured providers
+     * Get configured providers
      *
      * @return
      */
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index e3e243788c..24aa35adaf 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -118,7 +118,7 @@ public class UsersResource {
     /**
      * Update the user
      *
-     * @param id
+     * @param id User id
      * @param rep
      * @return
      */
@@ -164,7 +164,9 @@ public class UsersResource {
     }
 
     /**
-     * Create a new user.  Must be a unique username!
+     * Create a new user
+     *
+     * Username must be unique.
      *
      * @param uriInfo
      * @param rep
@@ -245,7 +247,7 @@ public class UsersResource {
     /**
      * Get represenation of the user
      *
-     * @param id user id
+     * @param id User id
      * @return
      */
     @Path("{id}")
@@ -274,6 +276,12 @@ public class UsersResource {
         return rep;
     }
 
+    /**
+     * Impersonate the user
+     *
+     * @param id User id
+     * @return
+     */
     @Path("{id}/impersonation")
     @POST
     @NoCache
@@ -314,9 +322,9 @@ public class UsersResource {
 
 
     /**
-     * List set of sessions associated with this user.
+     * Get sessions associated with the user
      *
-     * @param id
+     * @param id User id
      * @return
      */
     @Path("{id}/sessions")
@@ -339,9 +347,9 @@ public class UsersResource {
     }
 
     /**
-     * List set of social logins associated with this user.
+     * Get social logins associated with the user
      *
-     * @param id
+     * @param id User id
      * @return
      */
     @Path("{id}/federated-identity")
@@ -373,6 +381,14 @@ public class UsersResource {
         return result;
     }
 
+    /**
+     * Add a social login provider to the user
+     *
+     * @param id User id
+     * @param provider Social login provider id
+     * @param rep
+     * @return
+     */
     @Path("{id}/federated-identity/{provider}")
     @POST
     @NoCache
@@ -392,6 +408,12 @@ public class UsersResource {
         return Response.noContent().build();
     }
 
+    /**
+     * Remove a social login provider from user
+     *
+     * @param id User id
+     * @param provider Social login provider id
+     */
     @Path("{id}/federated-identity/{provider}")
     @DELETE
     @NoCache
@@ -408,9 +430,9 @@ public class UsersResource {
     }
 
     /**
-     * List set of consents granted by this user.
+     * Get consents granted by the user
      *
-     * @param id
+     * @param id User id
      * @return
      */
     @Path("{id}/consents")
@@ -435,10 +457,10 @@ public class UsersResource {
     }
 
     /**
-     * Revoke consent for particular client
+     * Revoke consent for particular client from user
      *
-     * @param id
-     * @param clientId
+     * @param id User id
+     * @param clientId Client id
      */
     @Path("{id}/consents/{client}")
     @DELETE
@@ -462,10 +484,11 @@ public class UsersResource {
     }
 
     /**
-     * Remove all user sessions associated with this user.  And, for all client that have an admin URL, tell
-     * them to invalidate the sessions for this particular user.
+     * Remove all user sessions associated with the user
      *
-     * @param id user id
+     * Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.
+     *
+     * @param id User id
      */
     @Path("{id}/logout")
     @POST
@@ -484,9 +507,9 @@ public class UsersResource {
     }
 
     /**
-     * delete this user
+     * Delete the user
      *
-     * @param id user id
+     * @param id User id
      */
     @Path("{id}")
     @DELETE
@@ -509,13 +532,17 @@ public class UsersResource {
     }
 
     /**
-     * Query list of users.  May pass in query criteria
+     * Get users
      *
-     * @param search string contained in username, first or last name, or email
+     * Returns a list of users, filtered according to query parameters
+     *
+     * @param search A String contained in username, first or last name, or email
      * @param last
      * @param first
      * @param email
      * @param username
+     * @param first Pagination offset
+     * @param maxResults Pagination size
      * @return
      */
     @GET
@@ -563,9 +590,9 @@ public class UsersResource {
     }
 
     /**
-     * Get role mappings for this user
+     * Get role mappings for the user
      *
-     * @param id user id
+     * @param id User id
      * @return
      */
     @Path("{id}/role-mappings")
@@ -614,9 +641,9 @@ public class UsersResource {
     }
 
     /**
-     * Get realm-level role mappings for this user
+     * Get realm-level role mappings for the user
      *
-     * @param id user id
+     * @param id User id
      * @return
      */
     @Path("{id}/role-mappings/realm")
@@ -640,9 +667,11 @@ public class UsersResource {
     }
 
     /**
-     * Effective realm-level role mappings for this user.  Will recurse all composite roles to get this list.
+     * Get effective realm-level role mappings for the user
      *
-     * @param id user id
+     * This will recurse all composite roles to get the result.
+     *
+     * @param id User id
      * @return
      */
     @Path("{id}/role-mappings/realm/composite")
@@ -668,9 +697,9 @@ public class UsersResource {
     }
 
     /**
-     * Realm-level roles that can be mapped to this user
+     * Get realm-level roles that can be mapped to this user
      *
-     * @param id
+     * @param id User id
      * @return
      */
     @Path("{id}/role-mappings/realm/available")
@@ -690,10 +719,10 @@ public class UsersResource {
     }
 
     /**
-     * Add realm-level role mappings
+     * Add realm-level role mappings to the user
      *
-     * @param id
-     * @param roles
+     * @param id User id
+     * @param roles Roles to add
      */
     @Path("{id}/role-mappings/realm")
     @POST
@@ -720,7 +749,7 @@ public class UsersResource {
     /**
      * Delete realm-level role mappings
      *
-     * @param id user id
+     * @param id User id
      * @param roles
      */
     @Path("{id}/role-mappings/realm")
@@ -770,12 +799,14 @@ public class UsersResource {
         return new UserClientRoleMappingsResource(uriInfo, realm, auth, user, clientModel, adminEvent);
 
     }
+
     /**
-     *  Set up a temporary password for this user.  User will have to reset this temporary password when they log
-     *  in next.
+     * Set up a temporary password for the user
      *
-     * @param id
-     * @param pass temporary password
+     * User will have to reset the temporary password next time they log in.
+     *
+     * @param id User id
+     * @param pass A Temporary password
      */
     @Path("{id}/reset-password")
     @PUT
@@ -805,9 +836,9 @@ public class UsersResource {
     }
 
     /**
+     * Remove TOTP from the user
      *
-     *
-     * @param id
+     * @param id User id
      */
     @Path("{id}/remove-totp")
     @PUT
@@ -825,13 +856,15 @@ public class UsersResource {
     }
 
     /**
-     * Send an email to the user with a link they can click to reset their password.
+     * Send a password-reset email to the user
+     *
+     * An email contains a link the user can click to reset their password.
      * The redirectUri and clientId parameters are optional. The default for the
      * redirect is the account client.
      *
-     * @param id
-     * @param redirectUri redirect uri
-     * @param clientId client id
+     * @param id User is
+     * @param redirectUri Redirect uri
+     * @param clientId Client id
      * @return
      */
     @Path("{id}/execute-actions-email")
@@ -880,13 +913,15 @@ public class UsersResource {
     }
 
     /**
-     * Send an email to the user with a link they can click to verify their email address.
+     * Send an email-verification email to the user
+     *
+     * An email contains a link the user can click to verify their email address.
      * The redirectUri and clientId parameters are optional. The default for the
      * redirect is the account client.
      *
-     * @param id
-     * @param redirectUri redirect uri
-     * @param clientId client id
+     * @param id User id
+     * @param redirectUri Redirect uri
+     * @param clientId Client id
      * @return
      */
     @Path("{id}/send-verify-email")
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java
index fd0afc9615..70022c0c21 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java
@@ -38,7 +38,7 @@ public class ServerInfoAdminResource {
     private KeycloakSession session;
 
     /**
-     * Returns a list of themes, social providers, auth providers, and event listeners available on this server
+     * Get themes, social providers, auth providers, and event listeners available on this server
      *
      * @return
      */

From 8396b999a203922e38e994cab6b3a8a5e07d2495 Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Wed, 16 Sep 2015 11:53:53 +0200
Subject: [PATCH 30/35] KEYCLOAK-1241 Can't build release with Java 8  - Speed
 up build by only building REST API doc during -Pjboss-release

---
 services/pom.xml | 69 ++++++++++++++++++++++++------------------------
 1 file changed, 35 insertions(+), 34 deletions(-)

diff --git a/services/pom.xml b/services/pom.xml
index bfb07ce768..3f6bd514d6 100755
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -189,40 +189,6 @@
                     <target>${maven.compiler.target}</target>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>generate-service-docs</id>
-                        <phase>generate-resources</phase>
-                        <configuration>
-                            <doclet>com.carma.swagger.doclet.ServiceDoclet</doclet>
-                            <docletArtifact>
-                                <groupId>com.carma</groupId>
-                                <artifactId>swagger-doclet</artifactId>
-                                <version>${version.swagger.doclet}</version>
-                            </docletArtifact>
-
-                            <subpackages>org.keycloak.services.resources.admin:org.keycloak.protocol.oidc</subpackages>
-                            <detectOfflineLinks>false</detectOfflineLinks>
-                            <offlineLinks>
-                                <offlineLink>
-                                    <url>../javadocs</url>
-                                    <location>${project.basedir}/../target/site/apidocs</location>
-                                </offlineLink>
-                            </offlineLinks>
-
-                            <reportOutputDirectory>${project.basedir}/target/apidocs-rest/swagger</reportOutputDirectory>
-                            <useStandardDocletOptions>false</useStandardDocletOptions>
-                            <additionalparam> -skipUiFiles -apiVersion 1 -includeResourcePrefixes org.keycloak.services.resources.admin,org.keycloak.protocol.oidc -docBasePath /apidocs -apiBasePath http://localhost:8080/auth -apiInfoFile ${project.basedir}/src/docs/swagger/apiinfo.json</additionalparam>
-                        </configuration>
-                        <goals>
-                            <goal>javadoc</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
         </plugins>
     </build>
 
@@ -243,6 +209,41 @@
 
             <build>
                 <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-javadoc-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>generate-service-docs</id>
+                                <phase>generate-resources</phase>
+                                <configuration>
+                                    <doclet>com.carma.swagger.doclet.ServiceDoclet</doclet>
+                                    <docletArtifact>
+                                        <groupId>com.carma</groupId>
+                                        <artifactId>swagger-doclet</artifactId>
+                                        <version>${version.swagger.doclet}</version>
+                                    </docletArtifact>
+
+                                    <subpackages>org.keycloak.services.resources.admin:org.keycloak.protocol.oidc</subpackages>
+                                    <detectOfflineLinks>false</detectOfflineLinks>
+                                    <offlineLinks>
+                                        <offlineLink>
+                                            <url>../javadocs</url>
+                                            <location>${project.basedir}/../target/site/apidocs</location>
+                                        </offlineLink>
+                                    </offlineLinks>
+
+                                    <reportOutputDirectory>${project.basedir}/target/apidocs-rest/swagger</reportOutputDirectory>
+                                    <useStandardDocletOptions>false</useStandardDocletOptions>
+                                    <additionalparam> -skipUiFiles -apiVersion 1 -includeResourcePrefixes org.keycloak.services.resources.admin,org.keycloak.protocol.oidc -docBasePath /apidocs -apiBasePath http://localhost:8080/auth -apiInfoFile ${project.basedir}/src/docs/swagger/apiinfo.json</additionalparam>
+                                </configuration>
+                                <goals>
+                                    <goal>javadoc</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+
                     <plugin>
                         <groupId>com.redowlanalytics</groupId>
                         <artifactId>swagger2markup-maven-plugin</artifactId>

From 95967b9c79ed94750d9b4cb10f0a6a9a64c44501 Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Mon, 14 Sep 2015 14:54:19 +0200
Subject: [PATCH 31/35] =?UTF-8?q?=EF=BB=BFKEYCLOAK-1852=20Improve=20Kerber?=
 =?UTF-8?q?os=20example=20documentation=20and=20user=20experience?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 examples/kerberos/README.md                   | 154 +++++++++++++++++-
 examples/kerberos/kerberosrealm.json          |   2 +-
 examples/kerberos/pom.xml                     |   4 +
 .../kerberos/impl/SPNEGOAuthenticator.java    |   5 +
 .../util/ldap/KerberosKeytabCreator.java      |   2 +-
 5 files changed, 156 insertions(+), 11 deletions(-)

diff --git a/examples/kerberos/README.md b/examples/kerberos/README.md
index 7b95993ef8..c0f2800318 100644
--- a/examples/kerberos/README.md
+++ b/examples/kerberos/README.md
@@ -9,17 +9,22 @@ It also needs to enable forwardable ticket support in Kerberos configuration and
 
 Detailed steps:
 
-**1)** Build and deploy this sample's WAR file. For this example, deploy on the same server that is running the Keycloak Server, although this is not required for real world scenarios.
+**1)** Build and deploy this sample's WAR file. For this example, deploy on the same server that is running the Keycloak Server (the easiest way is to use Keycloak Demo distribution), although this is not required for real world scenarios.
 
+If Keycloak Server is running locally, you can deploy the WAR using maven:
 
-**2)** Copy `http.keytab` file from the root directory of example to `/tmp` directory (On Linux):
+    mvn wildfly:deploy
 
+**2)** Open `kerberosrealm.json` file for edit. Find `keyTab` config property, and adjust the path to `http.keytab` file, which is in project's root directory, to be an absolute path.
+For example:
 ```
-cp http.keytab /tmp/http.keytab
+   "keyTab" : "/home/user1/devel/keycloak/examples/kerberos/http.keytab"
 ```
 
-Alternative is to configure different location for `keyTab` property in `kerberosrealm.json` configuration file (On Windows this will be needed).
-**WARNING**: In production, keytab file should be in secured location accessible just to the user under which is Keycloak server running.
+On Windows you have to use forward slashes or double backslashes (\\) - e.g.`c:/Users/User1/devel/keycloak/examples/kerberos/http.keytab`.
+
+You can also move the file to another location if you want.
+**WARNING**: In production, keytab file should be in secured location accessible only to the user under which the Keycloak server is running.
 
 
 **3)** Run Keycloak server and import `kerberosrealm.json` into it through admin console. This will import realm with sample application
@@ -37,13 +42,16 @@ Also if you are on Linux, make sure that record like:
 ```
 is in your `/etc/hosts` before other records for the 127.0.0.1 host to avoid issues related to incompatible reverse lookup (Ensure the similar for other OS as well)
 
-**4)** Install kerberos client. This is platform dependent. If you are on Fedora, Ubuntu or RHEL, you can install package `freeipa-client`, which contains Kerberos client and bunch of other stuff. 
+**4)** Install kerberos client. This is platform dependent. If you are on Fedora, Ubuntu or RHEL, you can install package `freeipa-client`, which contains Kerberos client and bunch of other stuff.
+
 
 **5)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm for host `localhost` and enable `forwardable` flag, which is needed 
 for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server. 
 See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/test/resources/kerberos/test-krb5.conf) for inspiration.
+On OS X the file to edit (or create) is `/Library/Preferences/edu.mit.Kerberos` with the same syntax as `krb5.conf`.
+On Windows the file to edit (or create) is `c:\Windows\krb5.ini` with the same syntax as `krb5.conf`.
 
-**6)**  Run ApacheDS based LDAP server. You can run the command like this (assuming you're in the "kerberos" directory with this example): 
+**6)**  Run ApacheDS based LDAP server. You can run the command like this (assuming you're in the `kerberos` directory with this example):
 
 ```
 mvn exec:java -Pkerberos
@@ -60,7 +68,7 @@ both `network.negotiate-auth.trusted-uris` and `network.negotiate-auth.delegatio
 A bit more details in [testsuite README](https://github.com/keycloak/keycloak/blob/master/misc/Testsuite.md#kerberos-server) .  
  
  
-**8)** Test the example. Obtain kerberos ticket by running command from CMD (on linux):
+**8)** Test the example. Obtain kerberos ticket by running command from Terminal / CMD:
 ```
 kinit hnelson@KEYCLOAK.ORG
 ```
@@ -68,4 +76,132 @@ with password `secret` .
 
 Then in your web browser open `http://localhost:8080/kerberos-portal` . You should be logged-in automatically through SPNEGO without displaying Keycloak login screen.
 Keycloak will also transmit the delegated GSS credential to the application inside access token and application will be able to login with this credential
-to the LDAP server and retrieve some data from it (Actually it just retrieve few simple data about authenticated user himself).
\ No newline at end of file
+to the LDAP server and retrieve some data from it (Actually it just retrieve few simple data about authenticated user himself).
+
+
+Troubleshooting
+---------------
+
+You followed the instructions, but things don't seem to be working. Follow these instructions to troubleshoot.
+
+**1)** Make sure to use the default user in all Terminal / CMD sessions. Do not use 'sudo' or 'su'.
+The reason is that when you open Firefox, it will open within the context of currently signed in user. And it will use that user's Kerberos ticket to perform authentication.
+When you obtain Kerberos ticket using Terminal session, you have to be that same user, otherwise the ticket will not be visible to the browser.
+
+Of course make sure to obtain the ticket:
+
+```
+kinit hnelson@KEYCLOAK.ORG
+```
+with password `secret`.
+
+
+**2)** On Linux make sure that the first entry in your /etc/hosts file is:
+```
+127.0.0.1  localhost
+```
+
+Even if it already contains a similar entry like:
+
+    127.0.0.1  localhost.localdomain localhost
+
+Make sure to insert the short one before the existing one.
+
+**3)** Make sure you have properly adjusted the path to `http.keytab` file in `kerberosrealm.json`.
+On Windows either use `/` as path delimiter or `\\` (two backslashes).
+
+**4)** Make sure that you have configured Firefox attributes via about:config url, and set `network.negotiate-auth.trusted-uris` and `network.negotiate-auth.delegation-uris` to `localhost`,
+and `network.negotiate-auth.allow-non-fqdn` to `true`.
+
+
+
+Symptoms and solutions
+----------------------
+
+Here are some typical errors, and how to overcome them. It often helps to close and reopen browser, or restart servers in order for remedy to take effect.
+
+
+### Symptom
+
+  There is an error when starting embedded LDAP server:
+
+```
+GSSException: Invalid name provided (Mechanism level: KrbException: Cannot locate default realm)
+```
+### Solution
+
+  Make sure that krb5.conf file exists - location and file name is OS specific. See step no. 5 of the instructions.
+
+
+### Symptom
+
+  Browser redirects to normal login screen. There are no errors in Wildfly log.
+
+### Solution
+
+  Make sure to perform `kinit`, and properly configure Firefox. See points no. 1, and no. 4 above.
+
+
+### Symptom
+
+  Browser redirects to a normal login screen. There is a warning in Wildfly log:
+
+```
+11:31:48,267 WARN  [org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator] (default task-6) GSS Context accepted, but no context initiator recognized. Check your kerberos configuration and reverse DNS lookup configuration
+```
+
+  There is also a warning similar to the following in Embedded LDAP log:
+
+```
+11:31:47,923 WARN  [org.apache.directory.server.KERBEROS_LOG] No server entry found for kerberos principal name HTTP/localhost.localdomain@KEYCLOAK.ORG
+11:31:47,925 WARN  [org.apache.directory.server.KERBEROS_LOG] Server not found in Kerberos database (7)
+```
+
+### Solution
+
+  Make sure that 127.0.0.1 reverse resolution returns 'localhost'. See point no. 2 above.
+
+
+### Symptom
+
+  Browser redirects to a normal login screen. There is a stacktrace in Wildfly log:
+```
+15:10:04,531 WARN  [org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator] (default task-3) SPNEGO login failed: java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - DES3 CBC mode with SHA1-KD)
+   at java.security.AccessController.doPrivileged(Native Method)
+   at javax.security.auth.Subject.doAs(Subject.java:422)
+   at org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:46)
+```
+
+### Solution
+
+  Make sure `http.keytab` is available at the location specified in `kerberosrealm.json`. See point no. 3 above.
+
+
+### Symptom
+
+  Browser opens /kerberos-portal page, but reports an error retrieving user details from LDAP. There is a stacktrace in Wildfly log:
+```
+15:29:39,685 ERROR [stderr] (default task-6) javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)]]
+15:29:39,687 ERROR [stderr] (default task-6) 	at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:169)
+15:29:39,687 ERROR [stderr] (default task-6) 	at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:236)
+15:29:39,689 ERROR [stderr] (default task-6) 	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)
+```
+
+### Solution
+
+  Make sure `http.keytab` is available in location specified in `kerberosrealm.json`. See point no. 3 above. Also delete embedded server's cache directory:
+
+    rm -rf /tmp/server-work-keycloakDS
+
+
+### Symptom
+```
+17:32:19,825 ERROR [stderr] (default task-24) org.keycloak.util.KerberosSerializationUtils$KerberosSerializationException: Null credential given as input. Did you enable kerberos credential delegation for your web browser and mapping of gss credential to access token?, Java version: 1.8.0_60, runtime version: 1.8.0_60-b27, vendor: Oracle Corporation, os: 4.1.6-200.fc22.x86_64
+17:32:19,826 ERROR [stderr] (default task-24) 	at org.keycloak.util.KerberosSerializationUtils.deserializeCredential(KerberosSerializationUtils.java:109)
+17:32:19,827 ERROR [stderr] (default task-24) 	at org.keycloak.example.kerberos.GSSCredentialsClient.getUserFromLDAP(GSSCredentialsClient.java:42)
+```
+
+### Solution
+
+  Make sure to properly configure Firefox. See point no. 4 above.
+
diff --git a/examples/kerberos/kerberosrealm.json b/examples/kerberos/kerberosrealm.json
index c2deeac3bd..95d612bb13 100644
--- a/examples/kerberos/kerberosrealm.json
+++ b/examples/kerberos/kerberosrealm.json
@@ -86,7 +86,7 @@
                 "bindCredential" : "secret",
                 "kerberosRealm" : "KEYCLOAK.ORG",
                 "serverPrincipal" : "HTTP/localhost@KEYCLOAK.ORG",
-                "keyTab" : "/tmp/http.keytab"
+                "keyTab" : "http.keytab"
             }
         }
     ]
diff --git a/examples/kerberos/pom.xml b/examples/kerberos/pom.xml
index 02955dc79b..27d7071b6a 100755
--- a/examples/kerberos/pom.xml
+++ b/examples/kerberos/pom.xml
@@ -83,6 +83,10 @@
                                     <key>ldap.ldif</key>
                                     <value>kerberos-example-users.ldif</value>
                                 </systemProperty>
+                                <systemProperty>
+                                    <key>workingDirectory</key>
+                                    <value>${project.basedir}/target</value>
+                                </systemProperty>
                             </systemProperties>
                         </configuration>
                     </plugin>
diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java
index 9c56f75385..2252a87d88 100644
--- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java
+++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java
@@ -106,6 +106,11 @@ public class SPNEGOAuthenticator {
                 logAuthDetails(gssContext);
 
                 if (gssContext.isEstablished()) {
+                    if (gssContext.getSrcName() == null) {
+                        log.warn("GSS Context accepted, but no context initiator recognized. Check your kerberos configuration and reverse DNS lookup configuration");
+                        return false;
+                    }
+
                     authenticatedKerberosPrincipal = gssContext.getSrcName().toString();
 
                     if (gssContext.getCredDelegState()) {
diff --git a/util/embedded-ldap/src/main/java/org/keycloak/util/ldap/KerberosKeytabCreator.java b/util/embedded-ldap/src/main/java/org/keycloak/util/ldap/KerberosKeytabCreator.java
index 8863e7c531..72c90c0b39 100644
--- a/util/embedded-ldap/src/main/java/org/keycloak/util/ldap/KerberosKeytabCreator.java
+++ b/util/embedded-ldap/src/main/java/org/keycloak/util/ldap/KerberosKeytabCreator.java
@@ -35,7 +35,7 @@ public class KerberosKeytabCreator {
             System.out.println("-------------------------");
             System.out.println("Arguments missing or invalid. Required arguments are: <principalName> <passPhrase> <outputKeytabFile>");
             System.out.println("Example of usage:");
-            System.out.println("java -jar embedded-ldap/target/embedded-ldap.jar keytabCreator HTTP/localhost@KEYCLOAK.ORG httppassword /tmp/http.keytab");
+            System.out.println("java -jar embedded-ldap/target/embedded-ldap.jar keytabCreator HTTP/localhost@KEYCLOAK.ORG httppassword http.keytab");
         } else {
             final File keytabFile = new File(args[2]);
             createKeytab(args[0], args[1], keytabFile);

From a8378fe84bb7b54bf31732e11ca5d31dd0a9a6f0 Mon Sep 17 00:00:00 2001
From: Stan Silvert <ssilvert@redhat.com>
Date: Wed, 16 Sep 2015 07:40:14 -0400
Subject: [PATCH 32/35] Update client-credentials-jwt-key-export.html

---
 .../resources/partials/client-credentials-jwt-key-export.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html
index ad21e93e7d..08c1dcd811 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-export.html
@@ -3,7 +3,7 @@
     <ol class="breadcrumb">
         <li><a href="#/realms/{{realm.realm}}/clients">Clients</a></li>
         <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
-        <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/credentials">credentials</a></li>
+        <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/credentials">Credentials</a></li>
         <li class="active">Generate Client Private Key</li>
     </ol>
 
@@ -54,4 +54,4 @@
     </form>
 </div>
 
-<kc-menu></kc-menu>
\ No newline at end of file
+<kc-menu></kc-menu>

From ae54babbbbe1e5f3215ec175dae64c17877327cf Mon Sep 17 00:00:00 2001
From: Stan Silvert <ssilvert@redhat.com>
Date: Wed, 16 Sep 2015 07:40:30 -0400
Subject: [PATCH 33/35] Update client-credentials-jwt-key-import.html

---
 .../resources/partials/client-credentials-jwt-key-import.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html
index 41c1be5a2a..a3556ea5e4 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials-jwt-key-import.html
@@ -3,7 +3,7 @@
     <ol class="breadcrumb">
         <li><a href="#/realms/{{realm.realm}}/clients">Clients</a></li>
         <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}">{{client.clientId}}</a></li>
-        <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/credentials">credentials</a></li>
+        <li><a href="#/realms/{{realm.realm}}/clients/{{client.id}}/credentials">Credentials</a></li>
         <li class="active">Client Certificate Import</li>
     </ol>
 
@@ -59,4 +59,4 @@
     </form>
 </div>
 
-<kc-menu></kc-menu>
\ No newline at end of file
+<kc-menu></kc-menu>

From b7e49dc88df6485665494d47b6bb7809c3d0b195 Mon Sep 17 00:00:00 2001
From: Lukas Kubik <lkubik@redhat.com>
Date: Wed, 16 Sep 2015 17:03:32 +0200
Subject: [PATCH 34/35] Unify jetty 8.1 artifacts version with
 fabric8-bom-1.2.0.redhat-133.pom

---
 integration/jetty/jetty-core/pom.xml | 2 +-
 integration/jetty/jetty8.1/pom.xml   | 2 +-
 integration/osgi-adapter/pom.xml     | 2 +-
 testsuite/jetty/jetty81/pom.xml      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/integration/jetty/jetty-core/pom.xml b/integration/jetty/jetty-core/pom.xml
index aa02a1c627..93504df597 100755
--- a/integration/jetty/jetty-core/pom.xml
+++ b/integration/jetty/jetty-core/pom.xml
@@ -12,7 +12,7 @@
 	<artifactId>keycloak-jetty-core</artifactId>
 	<name>Keycloak Jetty Core Integration</name>
     <properties>
-        <jetty9.version>8.1.16.v20140903</jetty9.version>
+        <jetty9.version>8.1.17.v20150415</jetty9.version>
         <keycloak.osgi.export>
             org.keycloak.adapters.jetty.core.*
         </keycloak.osgi.export>
diff --git a/integration/jetty/jetty8.1/pom.xml b/integration/jetty/jetty8.1/pom.xml
index 7c03844e11..81625f443e 100755
--- a/integration/jetty/jetty8.1/pom.xml
+++ b/integration/jetty/jetty8.1/pom.xml
@@ -12,7 +12,7 @@
 	<artifactId>keycloak-jetty81-adapter</artifactId>
 	<name>Keycloak Jetty 8.1.x Integration</name>
     <properties>
-        <jetty9.version>8.1.16.v20140903</jetty9.version>
+        <jetty9.version>8.1.17.v20150415</jetty9.version>
         <keycloak.osgi.export>
             org.keycloak.adapters.jetty.*
         </keycloak.osgi.export>
diff --git a/integration/osgi-adapter/pom.xml b/integration/osgi-adapter/pom.xml
index 43be02d480..0f01b8f829 100755
--- a/integration/osgi-adapter/pom.xml
+++ b/integration/osgi-adapter/pom.xml
@@ -14,7 +14,7 @@
     <packaging>jar</packaging>
 
     <properties>
-        <jetty9.version>8.1.16.v20140903</jetty9.version>
+        <jetty9.version>8.1.17.v20150415</jetty9.version>
         <keycloak.osgi.export>
             org.keycloak.adapters.osgi.*
         </keycloak.osgi.export>
diff --git a/testsuite/jetty/jetty81/pom.xml b/testsuite/jetty/jetty81/pom.xml
index 595fdf27c1..5fd9e6a303 100755
--- a/testsuite/jetty/jetty81/pom.xml
+++ b/testsuite/jetty/jetty81/pom.xml
@@ -12,7 +12,7 @@
     <artifactId>keycloak-testsuite-jetty81</artifactId>
     <name>Keycloak Jetty 8.1.x Integration TestSuite</name>
     <properties>
-        <jetty9.version>8.1.16.v20140903</jetty9.version>
+        <jetty9.version>8.1.17.v20150415</jetty9.version>
     </properties>
     <description />
 

From 2eaa03539ca927e18e30412bd4647f1c72e256a7 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Thu, 17 Sep 2015 07:38:14 +0200
Subject: [PATCH 35/35] KEYCLOAK-1854 NPE in SystemInfoRepresentation if
 user.country or user.language not set

---
 .../resources/admin/info/SystemInfoRepresentation.java        | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/info/SystemInfoRepresentation.java b/services/src/main/java/org/keycloak/services/resources/admin/info/SystemInfoRepresentation.java
index bc0329a785..e34edc9eea 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/info/SystemInfoRepresentation.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/info/SystemInfoRepresentation.java
@@ -46,7 +46,9 @@ public class SystemInfoRepresentation {
         rep.userName = System.getProperty("user.name");
         rep.userDir = System.getProperty("user.dir");
         rep.userTimezone = System.getProperty("user.timezone");
-        rep.userLocale = (new Locale(System.getProperty("user.country"), System.getProperty("user.language")).toString());
+        if (System.getProperty("user.country") != null && System.getProperty("user.language") != null) {
+            rep.userLocale = (new Locale(System.getProperty("user.country"), System.getProperty("user.language")).toString());
+        }
         return rep;
     }