diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java
index f410bec0f1..71c30e42a2 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java
@@ -23,6 +23,7 @@ import org.jboss.resteasy.spi.HttpResponse;
 import org.keycloak.ClientConnection;
 import org.keycloak.OAuthErrorException;
 import org.keycloak.RSATokenVerifier;
+import org.keycloak.VerificationException;
 import org.keycloak.events.Details;
 import org.keycloak.events.EventBuilder;
 import org.keycloak.events.EventType;
@@ -119,8 +120,8 @@ public class UserInfoEndpoint {
         AccessToken token = null;
         try {
             token = RSATokenVerifier.verifyToken(tokenString, realm.getPublicKey(), Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()), true);
-        } catch (Exception e) {
-            throw new ErrorResponseException(OAuthErrorException.INVALID_GRANT, "Token invalid", Status.FORBIDDEN);
+        } catch (VerificationException e) {
+            throw new ErrorResponseException(OAuthErrorException.INVALID_GRANT, "Token invalid: " + e.getMessage(), Status.FORBIDDEN);
         }
 
         UserSessionModel userSession = session.sessions().getUserSession(realm, token.getSessionState());
diff --git a/testsuite/docker-cluster/README.md b/testsuite/docker-cluster/README.md
index 2dc10fd391..87ebc08ca4 100644
--- a/testsuite/docker-cluster/README.md
+++ b/testsuite/docker-cluster/README.md
@@ -19,7 +19,7 @@ $ cd distribution
 $ mvn clean install
 ````
 
-3) Build Docker with maven to ensure that needed data will be accessible to Docker+Fig volumes: 
+3) Build docker-cluster module with maven to ensure that needed data will be accessible to Docker+Fig volumes: 
 ```shell 
 $ cd $KEYCLOAK_HOME/testsuite/docker-cluster
 $ mvn clean install
diff --git a/testsuite/docker-cluster/pom.xml b/testsuite/docker-cluster/pom.xml
index 79ded26868..00abb8bac9 100755
--- a/testsuite/docker-cluster/pom.xml
+++ b/testsuite/docker-cluster/pom.xml
@@ -21,7 +21,7 @@
         </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wf8-adapter-dist</artifactId>
+            <artifactId>keycloak-wf9-adapter-dist</artifactId>
             <type>zip</type>
         </dependency>
         <dependency>
@@ -69,7 +69,7 @@
                                 </artifactItem>
                                 <artifactItem>
                                     <groupId>org.keycloak</groupId>
-                                    <artifactId>keycloak-wf8-adapter-dist</artifactId>
+                                    <artifactId>keycloak-wf9-adapter-dist</artifactId>
                                     <type>zip</type>
                                     <version>${project.version}</version>
                                     <outputDirectory>${project.build.directory}/wildfly-adapter</outputDirectory>
diff --git a/testsuite/docker-cluster/shared-files/keycloak-base-prepare.sh b/testsuite/docker-cluster/shared-files/keycloak-base-prepare.sh
index c303009a6d..e15d1cd555 100644
--- a/testsuite/docker-cluster/shared-files/keycloak-base-prepare.sh
+++ b/testsuite/docker-cluster/shared-files/keycloak-base-prepare.sh
@@ -12,24 +12,13 @@ mkdir -p mysql/main && mv /mysql-connector-java-5.1.32.jar mysql/main/
 cp /keycloak-docker-cluster/shared-files/mysql-module.xml mysql/main/module.xml
 mv mysql $JBOSS_MODULES_HOME/com/
 
-sed -i -e "s/<extensions>/&\n <extension module=\"org.keycloak.keycloak-server-subsystem\"\/>/" $JBOSS_HOME/standalone/configuration/standalone-ha.xml
-sed -i -e 's/<profile>/&\n <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">\n  <auth-server name="main-auth-server">\n   <enabled>true<\/enabled>\n   <web-context>auth<\/web-context>\n  <\/auth-server> \n <\/subsystem>/' $JBOSS_HOME/standalone/configuration/standalone-ha.xml && \
-sed -i -e 's/<security-domains>/&\n <security-domain name="keycloak">\n  <authentication>\n   <login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"\/>\n  <\/authentication>\n <\/security-domain>/' $JBOSS_HOME/standalone/configuration/standalone-ha.xml && \
-sed -i -e 's/<drivers>/&\n <driver name="mysql" module="com.mysql">\n  <xa-datasource-class>com.mysql.jdbc.Driver<\/xa-datasource-class>\n  <driver-class>com.mysql.jdbc.Driver<\/driver-class>\n <\/driver>/' $JBOSS_HOME/standalone/configuration/standalone-ha.xml && \
-sed -i -e 's/<\/periodic-rotating-file-handler>/&\n <logger category=\"org.keycloak\">\n  <level name=\"DEBUG\" \/> \n <\/logger>\n <logger category=\"org.jboss.resteasy.core.ResourceLocator\">\n  <level name=\"ERROR\" \/> \n <\/logger>/' $JBOSS_HOME/standalone/configuration/standalone-ha.xml
-
-sed -i -e 's/<subsystem xmlns=\"urn:jboss:domain:infinispan:[0-9]\.[0-9]\">/&\n <cache-container name=\"keycloak\" jndi-name=\"infinispan\/Keycloak\" start=\"EAGER\"> \
-\n  <transport lock-timeout=\"60000\"\/>\n  <distributed-cache name=\"sessions\" mode=\"SYNC\" owners=\"2\" segments=\"60\"\/> \
-\n  <distributed-cache name=\"loginFailures\" mode=\"SYNC\" owners=\"2\" segments=\"60\"\/> \
-\n  <invalidation-cache name=\"realms\" mode=\"SYNC\"\/>\n \
-\n  <invalidation-cache name=\"users\"  mode=\"SYNC\"\/>\n <\/cache-container>/' $JBOSS_HOME/standalone/configuration/standalone-ha.xml
-
-sed -i "s|<mod-cluster-config .*>|<mod-cluster-config advertise-socket=\"modcluster\" proxy-list=\"\$\{httpd.proxyList\}\" proxy-url=\"\/\" balancer=\"mycluster\" advertise=\"false\" connector=\"ajp\" sticky-session=\"true\">|" $JBOSS_HOME/standalone/configuration/standalone-ha.xml
+# Transform standalone-keycloak-ha.xml
+java -jar /usr/share/java/saxon.jar -s:$JBOSS_HOME/standalone/configuration/standalone-keycloak-ha.xml -xsl:/keycloak-docker-cluster/shared-files/standaloneXmlChanges.xsl -o:$JBOSS_HOME/standalone/configuration/standalone-keycloak-ha.xml
 
 sed -i "s|#JAVA_OPTS=\"\$JAVA_OPTS -agentlib:jdwp=transport=dt_socket|JAVA_OPTS=\"\$JAVA_OPTS -agentlib:jdwp=transport=dt_socket|" $JBOSS_HOME/bin/standalone.conf
 
 cp /keycloak-docker-cluster/shared-files/mysql-keycloak-ds.xml $JBOSS_HOME/standalone/deployments/
 
 # Enable Infinispan provider
-sed -i "s|\"provider\".*: \"mem\"|\"provider\": \"infinispan\"|" $JBOSS_HOME/standalone/configuration/keycloak-server.json
-sed -i -e "s/\"connectionsJpa\"/\n \"connectionsInfinispan\": \{\n  \"default\" : \{\n   \"cacheContainer\" : \"java:jboss\/infinispan\/Keycloak\"\n  \}\n \},\n     &/" $JBOSS_HOME/standalone/configuration/keycloak-server.json
+#sed -i "s|\"provider\".*: \"mem\"|\"provider\": \"infinispan\"|" $JBOSS_HOME/standalone/configuration/keycloak-server.json
+#sed -i -e "s/\"connectionsJpa\"/\n \"connectionsInfinispan\": \{\n  \"default\" : \{\n   \"cacheContainer\" : \"java:jboss\/infinispan\/Keycloak\"\n  \}\n \},\n     &/" $JBOSS_HOME/standalone/configuration/keycloak-server.json
diff --git a/testsuite/docker-cluster/shared-files/keycloak-run-node.sh b/testsuite/docker-cluster/shared-files/keycloak-run-node.sh
index 1506dc6a3d..1b0eca6a88 100644
--- a/testsuite/docker-cluster/shared-files/keycloak-run-node.sh
+++ b/testsuite/docker-cluster/shared-files/keycloak-run-node.sh
@@ -73,6 +73,6 @@ export JBOSS_HOME=/keycloak-docker-shared/keycloak-$JBOSS_TYPE-$MYHOST;
 
 cd $JBOSS_HOME/bin/
 
-./standalone.sh -c standalone-ha.xml -Djboss.node.name=$MYHOST -b `hostname -i` -Djboss.mod_cluster.jvmRoute=$MYHOST \
--Dmysql.host=$MYSQL_PORT_3306_TCP_ADDR -Dhttpd.proxyList=$HTTPD_1_PORT_10001_TCP_ADDR:$HTTPD_PORT_10001_TCP_PORT \
+./standalone.sh -c standalone-keycloak-ha.xml -Djboss.node.name=$MYHOST -b `hostname -i` -Djboss.mod_cluster.jvmRoute=$MYHOST \
+-Dmysql.host=$MYSQL_PORT_3306_TCP_ADDR -Dhttpd.proxyHost=$HTTPD_1_PORT_10001_TCP_ADDR -Dhttpd.proxyPort=$HTTPD_PORT_10001_TCP_PORT \
 -Dkeycloak.import=/keycloak-docker-cluster/examples/testrealm.json "$@"
diff --git a/testsuite/docker-cluster/shared-files/mysql-keycloak-ds.xml b/testsuite/docker-cluster/shared-files/mysql-keycloak-ds.xml
deleted file mode 100644
index cd6982e592..0000000000
--- a/testsuite/docker-cluster/shared-files/mysql-keycloak-ds.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<datasources xmlns="http://www.jboss.org/ironjacamar/schema">        
-  <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
-    <connection-url>jdbc:mysql://${mysql.host}/keycloak_db</connection-url>
-    <driver>mysql</driver>
-    <security>
-      <user-name>root</user-name>
-      <password>mysecretpassword</password>
-    </security>
-  </datasource>
-</datasources>
diff --git a/testsuite/docker-cluster/shared-files/standaloneXmlChanges.xsl b/testsuite/docker-cluster/shared-files/standaloneXmlChanges.xsl
new file mode 100644
index 0000000000..b8220ebce7
--- /dev/null
+++ b/testsuite/docker-cluster/shared-files/standaloneXmlChanges.xsl
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xsl:stylesheet version="2.0"
+                xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                xmlns:xalan="http://xml.apache.org/xalan"
+                xmlns:ds="urn:jboss:domain:datasources:3.0"
+                xmlns:logging="urn:jboss:domain:logging:3.0"
+                xmlns:ispn="urn:jboss:domain:infinispan:3.0"
+                xmlns:mcluster="urn:jboss:domain:modcluster:2.0"
+                xmlns:server="urn:jboss:domain:3.0"
+                exclude-result-prefixes='ds logging ispn mcluster xalan server'
+                >
+
+    <xsl:output method="xml" indent="yes" xalan:indent-amount="4" standalone="no"/>
+    <xsl:strip-space elements="*"/>
+
+    <xsl:template match="//ds:subsystem/ds:datasources/ds:datasource[@jndi-name='java:jboss/datasources/KeycloakDS']" >
+        <ds:datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
+            <ds:connection-url>jdbc:mysql://${mysql.host}/keycloak_db</ds:connection-url>
+            <ds:driver>mysql</ds:driver>
+            <ds:security>
+                <ds:user-name>root</ds:user-name>
+                <ds:password>mysecretpassword</ds:password>
+            </ds:security>
+        </ds:datasource>
+    </xsl:template>
+
+    <xsl:template match="//ds:subsystem/ds:datasources/ds:drivers">
+        <xsl:copy>
+            <xsl:apply-templates select="@*|node()"/>
+            <ds:driver name="mysql" module="com.mysql">
+                <ds:xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</ds:xa-datasource-class>
+            </ds:driver>
+        </xsl:copy>
+    </xsl:template>
+
+    <xsl:template match="//logging:subsystem/logging:periodic-rotating-file-handler">
+        <xsl:copy>
+            <xsl:apply-templates select="@*|node()"/>
+        </xsl:copy>
+        <logging:logger category="org.keycloak">
+            <logging:level name="DEBUG" />
+        </logging:logger>
+        <logging:logger category="org.jboss.resteasy.core.ResourceLocator">
+            <logging:level name="ERROR" />
+        </logging:logger>
+    </xsl:template>
+
+    <xsl:template match="//ispn:subsystem/ispn:cache-container[@name='keycloak']">
+        <ispn:cache-container name="keycloak" jndi-name="infinispan/Keycloak">
+            <ispn:transport lock-timeout="60000"/>
+            <ispn:invalidation-cache name="realms" mode="SYNC"/>
+            <ispn:invalidation-cache name="users" mode="SYNC"/>
+            <ispn:distributed-cache name="sessions" mode="SYNC" owners="2"/>
+            <ispn:distributed-cache name="loginFailures" mode="SYNC" owners="2"/>
+        </ispn:cache-container>
+    </xsl:template>
+
+    <xsl:template match="//mcluster:subsystem/mcluster:mod-cluster-config">
+        <mcluster:mod-cluster-config advertise-socket="modcluster" proxies='myproxy' proxy-url="/" balancer="mycluster" advertise="false" connector="ajp" sticky-session="true">
+            <mcluster:dynamic-load-provider>
+                <mcluster:load-metric type="cpu"/>
+            </mcluster:dynamic-load-provider>
+        </mcluster:mod-cluster-config>
+    </xsl:template>
+
+    <xsl:template match="//server:socket-binding-group">
+        <xsl:copy>
+            <xsl:apply-templates select="@*|node()"/>
+            <server:outbound-socket-binding name="myproxy">
+                <server:remote-destination host="${{httpd.proxyHost}}" port="${{httpd.proxyPort}}"/>
+            </server:outbound-socket-binding>
+        </xsl:copy>
+    </xsl:template>
+
+    <xsl:template match="@*|node()">
+        <xsl:copy>
+            <xsl:apply-templates select="@*|node()"/>
+        </xsl:copy>
+    </xsl:template>
+
+</xsl:stylesheet>
\ No newline at end of file
diff --git a/testsuite/docker-cluster/wildfly/Dockerfile b/testsuite/docker-cluster/wildfly/Dockerfile
index 0ed3bccaa5..2f5850003e 100644
--- a/testsuite/docker-cluster/wildfly/Dockerfile
+++ b/testsuite/docker-cluster/wildfly/Dockerfile
@@ -1,4 +1,4 @@
-FROM jboss/wildfly:8.2.0.Final
+FROM jboss/wildfly:9.0.1.Final
 
 USER root