From 1c8087baafc3c4e3cb4bca82c2804adaf664c270 Mon Sep 17 00:00:00 2001
From: Peter Skopek <pskopek@redhat.com>
Date: Fri, 5 Feb 2021 20:23:49 +0100
Subject: [PATCH] KEYCLOAK-17502 Galleon based server build

---
 distribution/adapters/wildfly-adapter/pom.xml |   10 -
 distribution/feature-packs/pom.xml            |    1 +
 .../server-feature-pack-dependencies/pom.xml  |  417 ++++++
 .../feature-packs/server-feature-pack/pom.xml |  369 +----
 .../adapter-galleon-pack/pom.xml              |   11 +-
 distribution/galleon-feature-packs/pom.xml    |    5 +-
 .../server-galleon-pack/assembly.xml          |   39 +
 .../keycloak-server-galleon-pack-build.xml    |   78 ++
 .../server-galleon-pack/pom.xml               |  434 ++++++
 .../keycloak-server-galleon-pack-licenses.xml | 1236 +++++++++++++++++
 .../rh-sso-server-galleon-pack-licenses.xml   | 1221 ++++++++++++++++
 .../configs/domain/domain.xml/config.xml      |   24 +
 .../configs/host/host-master.xml/config.xml   |    5 +
 .../configs/host/host-slave.xml/config.xml    |    5 +
 .../configs/host/host.xml/config.xml          |    5 +
 .../resources/configs/standalone/model.xml    |    7 +
 .../standalone/standalone-ha.xml/config.xml   |    5 +
 .../standalone/standalone.xml/config.xml      |    5 +
 .../content/bin/add-user-keycloak.bat         |   79 ++
 .../content/bin/add-user-keycloak.sh          |   79 ++
 .../content/bin/federation-sssd-setup.sh      |   44 +
 .../content/bin/migrate-domain-clustered.cli  |  753 ++++++++++
 .../content/bin/migrate-domain-standalone.cli |  654 +++++++++
 .../content/bin/migrate-standalone-ha.cli     |  891 ++++++++++++
 .../content/bin/migrate-standalone.cli        |  744 ++++++++++
 .../docs/licenses/apache license 2.0.txt      |  202 +++
 .../content/docs/licenses/licenses.css        |   22 +
 .../content/docs/licenses/licenses.xsl        |   71 +
 .../domain-keycloak-clustered.xml             |   47 +
 .../domain-keycloak-standalone.xml            |   48 +
 .../domain-server-groups-keycloak.xml         |   38 +
 .../resources/feature_groups/host-master.xml  |   34 +
 .../resources/feature_groups/host-slave.xml   |   28 +
 .../main/resources/feature_groups/host.xml    |   35 +
 .../feature_groups/infinispan-dist-ejb.xml    |   31 +
 .../infinispan-dist-hibernate.xml             |   39 +
 .../infinispan-dist-keycloak.xml              |   77 +
 .../feature_groups/infinispan-dist-server.xml |   22 +
 .../feature_groups/infinispan-dist-web.xml    |   40 +
 .../feature_groups/infinispan-dist.xml        |   14 +
 .../feature_groups/infinispan-local-ejb.xml   |   28 +
 .../infinispan-local-hibernate.xml            |   30 +
 .../infinispan-local-keycloak.xml             |   67 +
 .../infinispan-local-server.xml               |   19 +
 .../feature_groups/infinispan-local-web.xml   |   37 +
 .../feature_groups/infinispan-local.xml       |   14 +
 .../feature_groups/keycloak-datasource.xml    |   18 +
 .../keycloak-server-subsystem.xml             |  124 ++
 .../feature_groups/standalone-ha.xml          |   43 +
 .../resources/feature_groups/standalone.xml   |   42 +
 .../layers/standalone/keycloak/layer-spec.xml |   19 +
 .../src/main/resources/modules/layers.conf    |    1 +
 .../jackson-dataformat-cbor/main/module.xml   |   28 +
 .../com/github/ua-parser/main/module.xml      |   25 +
 .../com/google/zxing/core/main/module.xml     |   30 +
 .../com/google/zxing/javase/main/module.xml   |   31 +
 .../owasp-java-html-sanitizer/main/module.xml |   26 +
 .../openshift-restclient-java/main/module.xml |   34 +
 .../webauthn4j-core/main/module.xml           |   32 +
 .../webauthn4j-util/main/module.xml           |   29 +
 .../org/apache/commons/lang/main/module.xml   |   30 +
 .../org/apache/commons/lang3/main/module.xml  |   30 +
 .../apache/kerby/kerby-asn1/main/module.xml   |   23 +
 .../keycloak/org/freemarker/main/module.xml   |   31 +
 .../jboss-marshalling/main/module.xml         |   37 +
 .../org/jboss/marshalling/main/module.xml     |   29 +
 .../jboss/marshalling/river/main/module.xml   |   32 +
 .../main/module.xml                           |   36 +
 .../keycloak/keycloak-common/main/module.xml  |   30 +
 .../keycloak/keycloak-core/main/module.xml    |   35 +
 .../keycloak-js-adapter/main/module.xml       |   26 +
 .../main/module.xml                           |   37 +
 .../keycloak-ldap-federation/main/module.xml  |   38 +
 .../keycloak-model-infinispan/main/module.xml |   44 +
 .../keycloak-model-jpa/main/module.xml        |   46 +
 .../keycloak-model-map/main/module.xml        |   43 +
 .../keycloak-saml-core-public/main/module.xml |   38 +
 .../keycloak-saml-core/main/module.xml        |   40 +
 .../main/module.xml                           |   44 +
 .../keycloak-server-spi/main/module.xml       |   38 +
 .../dependencies/main/module.xml              |   29 +
 .../keycloak-server-subsystem/main/module.xml |   30 +
 .../WEB-INF/jboss-deployment-structure.xml    |   27 +
 .../main/server-war/WEB-INF/web.xml           |   71 +
 .../keycloak-services/main/module.xml         |   81 ++
 .../keycloak-sssd-federation/main/module.xml  |   34 +
 .../keycloak-wildfly-adduser/main/module.xml  |   40 +
 .../main/module.xml                           |   41 +
 .../main/module.xml                           |   55 +
 .../keycloak/org/liquibase/main/module.xml    |   31 +
 .../keycloak/org/twitter4j/main/module.xml    |   30 +
 .../resources/packages/client-cli/package.xml |    6 +
 .../map-storage-concurrenthashmap.cli         |    0
 .../packages/docs-examples/package.xml        |    2 +
 .../identity/content/bin/product.conf         |    1 +
 .../org/jboss/as/product/keycloak/module.xml  |    1 +
 .../resources/packages/identity/package.xml   |    4 +
 .../pm/wildfly/resources/bin/product.conf     |    1 +
 .../product/keycloak/dir/META-INF/MANIFEST.MF |    3 +
 .../org/jboss/as/product/keycloak/module.xml  |   26 +
 .../packages/identity/pm/wildfly/tasks.xml    |    5 +
 .../packages/root/content/LICENSE.txt         |  202 +++
 .../main/resources/packages/root/package.xml  |    6 +
 .../root/pm/wildfly/resources}/version.txt    |    0
 .../packages/root/pm/wildfly/tasks.xml        |    5 +
 .../packages/themes/content/themes/README.txt |    3 +
 .../resources/packages/themes/package.xml     |    6 +
 .../content}/welcome-content/index.html       |    0
 .../content}/welcome-content/robots.txt       |    0
 .../welcome-content-keycloak/package.xml      |    3 +
 distribution/pom.xml                          |   18 +
 distribution/server-dist/assembly.xml         |  135 +-
 distribution/server-dist/pom.xml              |  264 +++-
 .../src/verifier/verifications.xml            |   91 ++
 distribution/server-legacy-dist/assembly.xml  |  138 ++
 distribution/server-legacy-dist/pom.xml       |  144 ++
 .../map-storage-concurrenthashmap.cli         |   38 +
 .../src/main/modules/layers.conf              |    0
 .../server-legacy-dist/src/main/version.txt   |    1 +
 .../src/main/welcome-content/index.html       |   30 +
 .../src/main/welcome-content/robots.txt       |    2 +
 distribution/server-overlay/pom.xml           |   10 -
 pom.xml                                       |  170 +++
 .../default-server-subsys-config.properties   |    2 +
 124 files changed, 10439 insertions(+), 600 deletions(-)
 create mode 100644 distribution/feature-packs/server-feature-pack-dependencies/pom.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/assembly.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/keycloak-server-galleon-pack-build.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/pom.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/license/keycloak-server-galleon-pack-licenses.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/license/rh-sso-server-galleon-pack-licenses.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/domain/domain.xml/config.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/host/host-master.xml/config.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/host/host-slave.xml/config.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/host/host.xml/config.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/standalone/model.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/standalone/standalone-ha.xml/config.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/standalone/standalone.xml/config.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/add-user-keycloak.bat
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/add-user-keycloak.sh
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/federation-sssd-setup.sh
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-domain-clustered.cli
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-domain-standalone.cli
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-standalone-ha.cli
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-standalone.cli
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/docs/licenses/apache license 2.0.txt
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/docs/licenses/licenses.css
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/docs/licenses/licenses.xsl
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/domain-keycloak-clustered.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/domain-keycloak-standalone.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/domain-server-groups-keycloak.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/host-master.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/host-slave.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/host.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-ejb.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-hibernate.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-keycloak.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-server.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-web.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-ejb.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-hibernate.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-keycloak.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-server.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-web.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/keycloak-datasource.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/keycloak-server-subsystem.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/standalone-ha.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/standalone.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/layers/standalone/keycloak/layer-spec.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/layers.conf
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/github/ua-parser/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/google/zxing/core/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/google/zxing/javase/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/googlecode/owasp-java-html-sanitizer/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/openshift/openshift-restclient-java/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/webauthn4j/webauthn4j-core/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/webauthn4j/webauthn4j-util/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/apache/commons/lang/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/apache/commons/lang3/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/apache/kerby/kerby-asn1/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/freemarker/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/infinispan/jboss-marshalling/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/jboss/marshalling/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/jboss/marshalling/river/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-authz-policy-common/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-common/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-core/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-js-adapter/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-kerberos-federation/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-infinispan/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-jpa/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-map/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-saml-core-public/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-saml-core/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi-private/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/dependencies/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/jboss-deployment-structure.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/web.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-sssd-federation/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-adduser/main/module.xml
 create mode 100755 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-extensions/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-server-subsystem/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/liquibase/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/twitter4j/main/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/client-cli/package.xml
 rename distribution/{server-dist/src/main => galleon-feature-packs/server-galleon-pack/src/main/resources/packages/docs-examples/content}/docs/examples/map-storage-concurrenthashmap.cli (100%)
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/docs-examples/package.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/content/bin/product.conf
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/content/modules/system/layers/keycloak/org/jboss/as/product/keycloak/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/package.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/resources/bin/product.conf
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/resources/modules/system/layers/keycloak/org/jboss/as/product/keycloak/dir/META-INF/MANIFEST.MF
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/resources/modules/system/layers/keycloak/org/jboss/as/product/keycloak/module.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/tasks.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/content/LICENSE.txt
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/package.xml
 rename distribution/{server-dist/src/main => galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/pm/wildfly/resources}/version.txt (100%)
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/pm/wildfly/tasks.xml
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/themes/content/themes/README.txt
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/themes/package.xml
 rename distribution/{server-dist/src/main => galleon-feature-packs/server-galleon-pack/src/main/resources/packages/welcome-content-keycloak/content}/welcome-content/index.html (100%)
 rename distribution/{server-dist/src/main => galleon-feature-packs/server-galleon-pack/src/main/resources/packages/welcome-content-keycloak/content}/welcome-content/robots.txt (100%)
 create mode 100644 distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/welcome-content-keycloak/package.xml
 mode change 100755 => 100644 distribution/server-dist/assembly.xml
 mode change 100755 => 100644 distribution/server-dist/pom.xml
 create mode 100644 distribution/server-dist/src/verifier/verifications.xml
 create mode 100755 distribution/server-legacy-dist/assembly.xml
 create mode 100755 distribution/server-legacy-dist/pom.xml
 create mode 100644 distribution/server-legacy-dist/src/main/docs/examples/map-storage-concurrenthashmap.cli
 rename distribution/{server-dist => server-legacy-dist}/src/main/modules/layers.conf (100%)
 create mode 100644 distribution/server-legacy-dist/src/main/version.txt
 create mode 100644 distribution/server-legacy-dist/src/main/welcome-content/index.html
 create mode 100644 distribution/server-legacy-dist/src/main/welcome-content/robots.txt

diff --git a/distribution/adapters/wildfly-adapter/pom.xml b/distribution/adapters/wildfly-adapter/pom.xml
index cc17317f80..03e3d05bc5 100644
--- a/distribution/adapters/wildfly-adapter/pom.xml
+++ b/distribution/adapters/wildfly-adapter/pom.xml
@@ -29,16 +29,6 @@
     <name>Keycloak Adapter Overlay Distribution</name>
     <description/>
 
-    <repositories>
-        <repository>
-            <id>jboss</id>
-            <url>https://repository.jboss.org/nexus/content/groups/public/</url>
-            <snapshots>
-                <enabled>false</enabled>
-            </snapshots>
-        </repository>
-    </repositories>
-
     <dependencies>
         <dependency>
             <groupId>org.keycloak</groupId>
diff --git a/distribution/feature-packs/pom.xml b/distribution/feature-packs/pom.xml
index 9ced9fff8e..fb9bea878a 100644
--- a/distribution/feature-packs/pom.xml
+++ b/distribution/feature-packs/pom.xml
@@ -32,6 +32,7 @@
 
     <modules>
         <module>adapter-feature-pack</module>
+        <module>server-feature-pack-dependencies</module>
         <module>server-feature-pack</module>
     </modules>
 </project>
diff --git a/distribution/feature-packs/server-feature-pack-dependencies/pom.xml b/distribution/feature-packs/server-feature-pack-dependencies/pom.xml
new file mode 100644
index 0000000000..ce6d6f6491
--- /dev/null
+++ b/distribution/feature-packs/server-feature-pack-dependencies/pom.xml
@@ -0,0 +1,417 @@
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <parent>
+        <groupId>org.keycloak</groupId>
+        <artifactId>feature-packs-parent</artifactId>
+        <version>14.0.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+    
+    <artifactId>keycloak-server-feature-pack-dependencies</artifactId>
+
+    <name>Keycloak Feature Pack: Server Dependencies</name>
+    <packaging>pom</packaging>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.github.ua-parser</groupId>
+            <artifactId>uap-java</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>com.google.zxing</groupId>
+            <artifactId>core</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>com.google.zxing</groupId>
+            <artifactId>javase</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
+            <artifactId>owasp-java-html-sanitizer</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.freemarker</groupId>
+            <artifactId>freemarker</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.infinispan</groupId>
+            <artifactId>infinispan-jboss-marshalling</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.marshalling</groupId>
+            <artifactId>jboss-marshalling</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.marshalling</groupId>
+            <artifactId>jboss-marshalling-river</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-authz-policy-common</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-common</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-core</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-js-adapter</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-kerberos-federation</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-ldap-federation</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-model-infinispan</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-model-jpa</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-model-map</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-saml-core</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-saml-core-public</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-server-spi</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-server-spi-private</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-services</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-sssd-federation</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-wildfly-adduser</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-wildfly-extensions</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-themes</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-wildfly-server-subsystem</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-client-cli-dist</artifactId>
+            <type>zip</type>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.liquibase</groupId>
+            <artifactId>liquibase-core</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.twitter4j</groupId>
+            <artifactId>twitter4j-core</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.aesh</groupId>
+            <artifactId>aesh</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>com.openshift</groupId>
+            <artifactId>openshift-restclient-java</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>com.webauthn4j</groupId>
+            <artifactId>webauthn4j-core</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>com.webauthn4j</groupId>
+            <artifactId>webauthn4j-util</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.dataformat</groupId>
+            <artifactId>jackson-dataformat-cbor</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.kerby</groupId>
+            <artifactId>kerby-asn1</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+    </dependencies>
+
+</project>
+
diff --git a/distribution/feature-packs/server-feature-pack/pom.xml b/distribution/feature-packs/server-feature-pack/pom.xml
index 2a49161074..c5f8cfa7ab 100644
--- a/distribution/feature-packs/server-feature-pack/pom.xml
+++ b/distribution/feature-packs/server-feature-pack/pom.xml
@@ -30,374 +30,11 @@
     <packaging>pom</packaging>
 
     <dependencies>
-        <dependency>
-            <groupId>com.github.ua-parser</groupId>
-            <artifactId>uap-java</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>com.google.zxing</groupId>
-            <artifactId>core</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>com.google.zxing</groupId>
-            <artifactId>javase</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
-            <artifactId>owasp-java-html-sanitizer</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.freemarker</groupId>
-            <artifactId>freemarker</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.infinispan</groupId>
-            <artifactId>infinispan-jboss-marshalling</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <!--
-          ~ KEYCLOAK-18267: org.jboss.marshalling.jboss-marshalling and org.jboss.marshalling.jboss-marshalling-river
-          ~ are needed for proper work of org.infinispan.infinispan-jboss-marshalling with JDK 11
-          -->
-        <dependency>
-            <groupId>org.jboss.marshalling</groupId>
-            <artifactId>jboss-marshalling</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.jboss.marshalling</groupId>
-            <artifactId>jboss-marshalling-river</artifactId>
-            <exclusions>
-                <exclusion>
-                <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-authz-policy-common</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-common</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-core</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-js-adapter</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-kerberos-federation</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-ldap-federation</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-model-infinispan</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-model-jpa</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-saml-core</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-saml-core-public</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-server-spi</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-server-spi-private</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-services</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-sssd-federation</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-adduser</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-extensions</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-themes</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-server-subsystem</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-client-cli-dist</artifactId>
-            <type>zip</type>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.liquibase</groupId>
-            <artifactId>liquibase-core</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.twitter4j</groupId>
-            <artifactId>twitter4j-core</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.aesh</groupId>
-            <artifactId>aesh</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>com.openshift</groupId>
-            <artifactId>openshift-restclient-java</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>com.webauthn4j</groupId>
-            <artifactId>webauthn4j-core</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>com.webauthn4j</groupId>
-            <artifactId>webauthn4j-util</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.dataformat</groupId>
-            <artifactId>jackson-dataformat-cbor</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.kerby</groupId>
-            <artifactId>kerby-asn1</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>commons-lang</groupId>
-            <artifactId>commons-lang</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-lang3</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
+            <artifactId>keycloak-server-feature-pack-dependencies</artifactId>
+            <version>${project.version}</version>
+            <type>pom</type>
         </dependency>
     </dependencies>
 
diff --git a/distribution/galleon-feature-packs/adapter-galleon-pack/pom.xml b/distribution/galleon-feature-packs/adapter-galleon-pack/pom.xml
index 0e017a1000..aa0192a11e 100644
--- a/distribution/galleon-feature-packs/adapter-galleon-pack/pom.xml
+++ b/distribution/galleon-feature-packs/adapter-galleon-pack/pom.xml
@@ -23,7 +23,7 @@
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
-    
+
     <groupId>${galleon-adapter-group-id}</groupId>
     <artifactId>keycloak-adapter-galleon-pack</artifactId>
 
@@ -258,15 +258,6 @@
             <properties>
                 <galleon-adapter-group-id>org.keycloak</galleon-adapter-group-id>
             </properties>
-            <repositories>
-                <repository>
-                    <id>jboss</id>
-                    <url>https://repository.jboss.org/nexus/content/groups/public/</url>
-                    <snapshots>
-                        <enabled>false</enabled>
-                    </snapshots>
-                </repository>
-            </repositories>
             <dependencies>
                 <dependency>
                     <groupId>org.wildfly</groupId>
diff --git a/distribution/galleon-feature-packs/pom.xml b/distribution/galleon-feature-packs/pom.xml
index 7b18a5245f..307e98a1b2 100644
--- a/distribution/galleon-feature-packs/pom.xml
+++ b/distribution/galleon-feature-packs/pom.xml
@@ -23,7 +23,7 @@
         <version>14.0.0-SNAPSHOT</version>
     </parent>
 
-    <name>Feature Pack Builds</name>
+    <name>Galleon Feature Pack Builds</name>
     <description/>
     <modelVersion>4.0.0</modelVersion>
 
@@ -32,5 +32,6 @@
 
     <modules>
         <module>adapter-galleon-pack</module>
-    </modules>
+        <module>server-galleon-pack</module>
+   </modules>
 </project>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/assembly.xml b/distribution/galleon-feature-packs/server-galleon-pack/assembly.xml
new file mode 100644
index 0000000000..a4f8e11c46
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/assembly.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
+    <id>galleon-pack-src</id>
+    <formats>
+       <format>zip</format>
+    </formats>
+    <includeBaseDirectory>false</includeBaseDirectory>
+    <fileSets>
+        <fileSet>
+            <directory>src/main/resources</directory>
+            <outputDirectory/>
+        </fileSet>
+    </fileSets>
+    <fileSet>
+        <directory>target/unpacked-themes/theme</directory>
+        <outputDirectory>content/themes</outputDirectory>
+    </fileSet>
+    <fileSet>
+        <directory>target/keycloak-client-tools/bin</directory>
+        <outputDirectory>content/bin</outputDirectory>
+    </fileSet>
+    <fileSet>
+        <directory>src/main/resources/identity/module</directory>
+        <includes>
+            <include>**/**</include>
+        </includes>
+        <outputDirectory>modules/system/layers/keycloak/org/jboss/as/product/${product.slot}</outputDirectory>
+        <filtered>true</filtered>
+    </fileSet>
+    <fileSet>
+        <directory>src/main/resources/identity</directory>
+        <includes>
+            <include>product.conf</include>
+        </includes>
+        <outputDirectory>content/bin</outputDirectory>
+        <filtered>true</filtered>
+    </fileSet>
+</assembly>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/keycloak-server-galleon-pack-build.xml b/distribution/galleon-feature-packs/server-galleon-pack/keycloak-server-galleon-pack-build.xml
new file mode 100644
index 0000000000..a8fb68e29e
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/keycloak-server-galleon-pack-build.xml
@@ -0,0 +1,78 @@
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2021, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<build xmlns="urn:wildfly:feature-pack-build:3.1" producer="org.keycloak:keycloak-server-galleon-pack">
+    <transitive>
+        <dependency group-id="org.wildfly" artifact-id="wildfly-ee-galleon-pack">
+            <name>org.wildfly:wildfly-ee-galleon-pack</name>
+            <packages inherit="false">
+                <exclude name="product.conf"/>
+                <exclude name="welcome-content"/>
+            </packages>
+            <default-configs inherit="false"/>
+        </dependency>
+    </transitive>
+    <dependencies>
+        <dependency group-id="org.wildfly" artifact-id="wildfly-galleon-pack">
+            <name>org.wildfly:wildfly-galleon-pack</name>
+            <packages inherit="false">
+                <include name="docs.examples"/>
+                <exclude name="product.conf"/>
+                <exclude name="welcome-content"/>
+            </packages>
+            <default-configs inherit="false"/>
+        </dependency>
+    </dependencies>
+    <default-packages>
+        <package name="modules.all"/>
+        <package name="docs.licenses"/>
+        <package name="docs-examples"/>
+        <package name="root"/>
+        <package name="welcome-content-keycloak"/>
+    </default-packages>
+    <package-schemas>
+        <group name="org.keycloak"/>
+    </package-schemas>
+
+    <config name="standalone.xml" model="standalone"/>
+    <config name="standalone-ha.xml" model="standalone"/>
+    <config name="domain.xml" model="domain"/>
+    <config name="host.xml" model="host"/>
+    <config name="host-master.xml" model="host"/>
+    <config name="host-slave.xml" model="host"/>
+
+    <plugins>
+        <plugin artifact="org.wildfly.galleon-plugins:wildfly-galleon-plugins"/>
+    </plugins>
+
+    <generate-feature-specs>
+        <extensions>
+            <standalone>
+                <extension>org.keycloak.keycloak-server-subsystem</extension>
+            </standalone>
+            <domain>
+                <extension>org.keycloak.keycloak-server-subsystem</extension>
+            </domain>
+        </extensions>
+    </generate-feature-specs>
+
+</build>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/pom.xml b/distribution/galleon-feature-packs/server-galleon-pack/pom.xml
new file mode 100644
index 0000000000..6e9bd8bcbd
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/pom.xml
@@ -0,0 +1,434 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ /*
+  ~  * JBoss, Home of Professional Open Source.
+  ~  * Copyright $tody.year Red Hat, Inc., and individual contributors
+  ~  * as indicated by the @author tags.
+  ~  *
+  ~  * Licensed under the Apache License, Version 2.0 (the "License");
+  ~  * you may not use this file except in compliance with the License.
+  ~  * You may obtain a copy of the License at
+  ~  *
+  ~  *     http://www.apache.org/licenses/LICENSE-2.0
+  ~  *
+  ~  * Unless required by applicable law or agreed to in writing, software
+  ~  * distributed under the License is distributed on an "AS IS" BASIS,
+  ~  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~  * See the License for the specific language governing permissions and
+  ~  * limitations under the License.
+  ~  */
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.keycloak</groupId>
+        <artifactId>galleon-feature-packs-parent</artifactId>
+        <version>14.0.0-SNAPSHOT</version>
+    </parent>
+
+    <groupId>org.keycloak</groupId>
+    <artifactId>keycloak-server-galleon-pack</artifactId>
+
+    <name>Keycloak Galleon Feature Pack: Server</name>
+    <packaging>pom</packaging>
+
+    <properties>
+        <license.directory>${project.build.directory}/resources/content/docs/licenses</license.directory>
+    </properties>
+
+    <dependencies>
+
+        <!-- WildFly Core feature pack content -->
+        <dependency>
+            <groupId>org.wildfly.core</groupId>
+            <artifactId>wildfly-core-feature-pack-common</artifactId>
+            <type>pom</type>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.wildfly.core</groupId>
+            <artifactId>wildfly-core-feature-pack-ee-8-api</artifactId>
+            <type>pom</type>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.wildfly.core</groupId>
+            <artifactId>wildfly-core-feature-pack-galleon-common</artifactId>
+            <type>pom</type>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.wildfly.core</groupId>
+            <artifactId>wildfly-core-feature-pack-galleon-pruned</artifactId>
+            <type>pom</type>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.wildfly.core</groupId>
+            <artifactId>wildfly-core-galleon-pack</artifactId>
+            <type>pom</type>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.wildfly</groupId>
+            <artifactId>wildfly-ee-galleon-pack</artifactId>
+            <type>zip</type>
+        </dependency>
+
+        <dependency>
+            <groupId>org.wildfly</groupId>
+            <artifactId>wildfly-servlet-galleon-pack</artifactId>
+            <type>zip</type>
+        </dependency>
+
+        <dependency>
+            <groupId>org.wildfly.galleon-plugins</groupId>
+            <artifactId>wildfly-galleon-plugins</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.wildfly.galleon-plugins</groupId>
+            <artifactId>wildfly-config-gen</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- module and copy artifact dependencies -->
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-server-feature-pack-dependencies</artifactId>
+            <version>${project.version}</version>
+            <type>pom</type>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-client-registration-cli</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-admin-cli</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <!-- Feature pack generation is vulnerable to leftover files in the target
+                     folder from previous builds, so always clean even if the clean lifecycle is not invoked -->
+                <artifactId>maven-clean-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>auto-clean</id>
+                        <phase>initialize</phase>
+                        <goals>
+                            <goal>clean</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy-resources</id>
+                        <phase>process-resources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${basedir}/target/resources</outputDirectory>
+                            <resources>
+                                <resource>
+                                    <directory>${basedir}/src/main/resources</directory>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>unpack-theme</id>
+                        <phase>process-resources</phase>
+                        <goals>
+                            <goal>unpack</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.keycloak</groupId>
+                                    <artifactId>keycloak-themes</artifactId>
+                                    <outputDirectory>target/resources/packages/themes/content/themes</outputDirectory>
+                                    <includes>theme/*/**</includes>
+                                    <fileMappers>
+                                        <org.codehaus.plexus.components.io.filemappers.RegExpFileMapper>
+                                            <pattern>^\Qtheme/\E</pattern>
+                                            <replacement>./</replacement>
+                                        </org.codehaus.plexus.components.io.filemappers.RegExpFileMapper>
+                                    </fileMappers>
+                                </artifactItem>
+                            </artifactItems>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>unpack-cli</id>
+                        <phase>process-resources</phase>
+                        <goals>
+                            <goal>unpack</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.keycloak</groupId>
+                                    <artifactId>keycloak-client-cli-dist</artifactId>
+                                    <type>zip</type>
+                                    <includes>*/**</includes>
+                                    <fileMappers>
+                                        <org.codehaus.plexus.components.io.filemappers.RegExpFileMapper>
+                                            <pattern>^\Qkeycloak-client-tools/\E</pattern>
+                                            <replacement>./</replacement>
+                                        </org.codehaus.plexus.components.io.filemappers.RegExpFileMapper>
+                                    </fileMappers>
+                                    <outputDirectory>target/resources/packages/client-cli/content</outputDirectory>
+                                </artifactItem>
+                            </artifactItems>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <!-- plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>assemble</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                        <configuration>
+                            <descriptors>
+                                <descriptor>assembly.xml</descriptor>
+                            </descriptors>
+                            <recompressZippedFiles>true</recompressZippedFiles>
+                            <finalName>${project.build.finalName}</finalName>
+                            <appendAssemblyId>false</appendAssemblyId>
+                            <outputDirectory>${project.build.directory}</outputDirectory>
+                            <workDirectory>${project.build.directory}/assembly/work</workDirectory>
+                            <tarLongFileMode>gnu</tarLongFileMode>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin -->
+            <!-- TODO: do proper Galleon Style Licenses Distribution
+                plugin>
+                <groupId>org.wildfly.maven.plugins</groupId>
+                <artifactId>licenses-plugin</artifactId>
+                <inherited>false</inherited>
+                <executions>
+                    <execution>
+                        <id>update-licenses-xml-package</id>
+                        <goals>
+                            <goal>insert-versions</goal>
+                        </goals>
+                        <phase>process-resources</phase>
+                        <configuration>
+                            <sortByGroupIdAndArtifactId>true</sortByGroupIdAndArtifactId>
+                            <licensesConfigFiles>
+                                <licensesConfigFile>${basedir}/target/resources/license/${product.slot}-server-galleon-pack-licenses.xml</licensesConfigFile>
+                            </licensesConfigFiles>
+                            <licensesOutputFile>${license.directory}/keycloak-server-galleon-pack-licenses.xml</licensesOutputFile>
+                            <excludedGroups>org.wildfly.galleon-plugins</excludedGroups>
+                            <excludedArtifacts>wildfly-core-model-test-framework|wildfly-jar-boot|wildfly-core-feature-pack-common|wildfly-core-feature-pack-ee-8-api|wildfly-elytron\z</excludedArtifacts>
+                            <excludedScopes>system</excludedScopes>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin -->
+            <plugin>
+                <groupId>org.wildfly.galleon-plugins</groupId>
+                <artifactId>wildfly-galleon-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>keycloak-server-galleon-pack-build</id>
+                        <goals>
+                            <goal>build-feature-pack</goal>
+                        </goals>
+                        <phase>prepare-package</phase>
+                        <configuration>
+                            <release-name>Keycloak</release-name>
+                            <fork-embedded>${galleon.fork.embedded}</fork-embedded>
+                            <config-file>keycloak-server-galleon-pack-build.xml</config-file>
+                            <task-properties>
+                                <product.name>${product.name}</product.name>
+                                <product.name.full>${product.name.full}</product.name.full>
+                                <product.slot>${product.slot}</product.slot>
+                                <product.wildfly.console.slot>${product.wildfly.console.slot}</product.wildfly.console.slot>
+                                <product.version>${project.version}</product.version>
+                                <client-cli.src.dir>${project.basedir}</client-cli.src.dir>
+                            </task-properties>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+    <profiles>
+        <profile>
+            <id>community</id>
+            <activation>
+                <property>
+                    <name>!product</name>
+                </property>
+            </activation>
+
+            <properties>
+                <feature.parent>org.wildfly:wildfly-galleon-pack</feature.parent>
+            </properties>
+
+            <dependencies>
+                <dependency>
+                    <groupId>org.wildfly</groupId>
+                    <artifactId>wildfly-galleon-pack</artifactId>
+                    <type>zip</type>
+                    <exclusions>
+                        <exclusion>
+                            <groupId>*</groupId>
+                            <artifactId>*</artifactId>
+                        </exclusion>
+                    </exclusions>
+                </dependency>
+            </dependencies>
+        </profile>
+
+        <profile>
+            <id>product</id>
+            <activation>
+                <property>
+                    <name>product</name>
+                </property>
+            </activation>
+
+            <properties>
+                <feature.parent>org.jboss.eap:wildfly-galleon-pack</feature.parent>
+            </properties>
+
+            <dependencies>
+                <dependency>
+                    <groupId>org.jboss.eap</groupId>
+                    <artifactId>wildfly-galleon-pack</artifactId>
+                    <version>${eap.version}</version>
+                    <type>zip</type>
+                    <exclusions>
+                        <exclusion>
+                            <groupId>*</groupId>
+                            <artifactId>*</artifactId>
+                        </exclusion>
+                    </exclusions>
+                </dependency>
+            </dependencies>
+        </profile>
+
+        <profile>
+            <id>enforce</id>
+            <activation>
+                <property>
+                    <name>!skip-enforce</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-enforcer-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>ban-transitive-deps</id>
+                                <goals>
+                                    <goal>enforce</goal>
+                                </goals>
+                                <configuration>
+                                    <rules>
+                                        <banTransitiveDependencies>
+                                            <excludes>
+                                                <!-- Ignore jdk jars because they are system scope -->
+                                                <exclude>com.sun:tools</exclude>
+                                                <exclude>sun.jdk:jconsole</exclude>
+                                                <!-- Ignore the shared resource poms as those we want their
+                                                     transitives. Those poms ban transitives at their level -->
+                                                <exclude>org.keycloak:keycloak-server-feature-pack-dependencies</exclude>
+                                                <exclude>org.wildfly.core:wildfly-core-feature-pack-common</exclude>
+                                                <exclude>org.wildfly.core:wildfly-core-feature-pack-ee-8-api</exclude>
+                                                <exclude>org.keycloak:keycloak-client-registration-cli</exclude>
+                                                <exclude>org.keycloak:keycloak-admin-cli</exclude>
+                                            </excludes>
+                                        </banTransitiveDependencies>
+                                    </rules>
+                                </configuration>
+                            </execution>
+                        </executions>
+
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+        <profile>
+            <id>enforce-product</id>
+            <activation>
+                <property>
+                    <name>enforce-product</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-enforcer-plugin</artifactId>
+                        <dependencies>
+                            <dependency>
+                                <groupId>org.jboss.maven.plugins.enforcer.rules</groupId>
+                                <artifactId>version-enforcer-rule</artifactId>
+                                <version>1.0.0</version>
+                            </dependency>
+                        </dependencies>
+                        <executions>
+                            <execution>
+                                <id>ban-non-product-deps</id>
+                                <goals>
+                                    <goal>enforce</goal>
+                                </goals>
+                                <configuration>
+                                    <rules>
+                                        <rule implementation="org.jboss.maven.plugins.enforcer.rules.version.BanVersionDependenciesRule">
+                                            <versionPattern>^((?!redhat).)*$</versionPattern>
+                                        </rule>
+                                    </rules>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+</project>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/license/keycloak-server-galleon-pack-licenses.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/license/keycloak-server-galleon-pack-licenses.xml
new file mode 100644
index 0000000000..b04569f63d
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/license/keycloak-server-galleon-pack-licenses.xml
@@ -0,0 +1,1236 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!--
+  ~ Copyright 2021 Red Hat, Inc.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<licenseSummary>
+    <dependencies>
+        <dependency>
+            <groupId>com.openshift</groupId>
+            <artifactId>openshift-restclient-java</artifactId>
+            <version>8.0.0.Final</version>
+            <licenses>
+                <license>
+                    <name>Eclipse Public License 1.0</name>
+                    <url>https://raw.githubusercontent.com/openshift/openshift-restclient-java/openshift-restclient-java-8.0.0.Final/license</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
+            <artifactId>owasp-java-html-sanitizer</artifactId>
+            <version>20191001.1</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/OWASP/java-html-sanitizer/release-20191001.1/COPYING</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>com.google.zxing</groupId>
+            <artifactId>core</artifactId>
+            <version>3.4.0</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/zxing/zxing/zxing-3.4.0/LICENSE</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>com.google.zxing</groupId>
+            <artifactId>javase</artifactId>
+            <version>3.4.0</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/zxing/zxing/zxing-3.4.0/LICENSE</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.liquibase</groupId>
+            <artifactId>liquibase-core</artifactId>
+            <version>3.5.5</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/liquibase/liquibase/liquibase-parent-3.5.5/LICENSE.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.twitter4j</groupId>
+            <artifactId>twitter4j-core</artifactId>
+            <version>4.0.7</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/yusuke/twitter4j/4.0.7/LICENSE.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.freemarker</groupId>
+            <artifactId>freemarker</artifactId>
+            <version>2.3.29</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://git-wip-us.apache.org/repos/asf?p=freemarker.git;a=blob_plain;f=LICENSE;hb=v2.3.29</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>aopalliance</groupId>
+            <artifactId>aopalliance</artifactId>
+            <version>1.0</version>
+            <licenses>
+                <license>
+                    <name>Public Domain</name>
+                    <url>http://aopalliance.sourceforge.net/</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.codehaus.plexus</groupId>
+            <artifactId>plexus-classworlds</artifactId>
+            <version>2.5.2</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/sonatype/plexus-classworlds/plexus-classworlds-2.5.2/LICENSE-2.0.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.codehaus.plexus</groupId>
+            <artifactId>plexus-utils</artifactId>
+            <version>3.1.1</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.codehaus.plexus</groupId>
+            <artifactId>plexus-component-annotations</artifactId>
+            <version>1.6.0</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.codehaus.plexus</groupId>
+            <artifactId>plexus-interpolation</artifactId>
+            <version>1.21</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.ant</groupId>
+            <artifactId>ant-launcher</artifactId>
+            <version>1.8.4</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://git-wip-us.apache.org/repos/asf?p=ant.git;a=blob_plain;f=LICENSE;hb=rel/1.8.4</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.ant</groupId>
+            <artifactId>ant</artifactId>
+            <version>1.8.4</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://git-wip-us.apache.org/repos/asf?p=ant.git;a=blob_plain;f=LICENSE;hb=rel/1.8.4</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven.wagon</groupId>
+            <artifactId>wagon-http-shared</artifactId>
+            <version>3.0</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven.wagon</groupId>
+            <artifactId>wagon-provider-api</artifactId>
+            <version>3.0</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven.wagon</groupId>
+            <artifactId>wagon-http</artifactId>
+            <version>3.0</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-compat</artifactId>
+            <version>3.3.9</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-model-builder</artifactId>
+            <version>3.3.9</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-core</artifactId>
+            <version>3.3.9</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-model</artifactId>
+            <version>3.3.9</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-artifact</artifactId>
+            <version>3.3.9</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-plugin-api</artifactId>
+            <version>3.3.9</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-settings</artifactId>
+            <version>3.3.9</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-repository-metadata</artifactId>
+            <version>3.3.9</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-aether-provider</artifactId>
+            <version>3.3.9</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.maven</groupId>
+            <artifactId>maven-settings-builder</artifactId>
+            <version>3.3.9</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>com.google.inject.extensions</groupId>
+            <artifactId>guice-servlet</artifactId>
+            <version>4.0</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/google/guice/4.0/COPYING</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.sisu</groupId>
+            <artifactId>org.eclipse.sisu.plexus</artifactId>
+            <version>0.3.2</version>
+            <licenses>
+                <license>
+                    <name>Eclipse Public License 1.0</name>
+                    <url>http://git.eclipse.org/c/sisu/org.eclipse.sisu.inject.git/plain/LICENSE.txt?h=releases/0.3.2</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.sisu</groupId>
+            <artifactId>org.eclipse.sisu.inject</artifactId>
+            <version>0.3.2</version>
+            <licenses>
+                <license>
+                    <name>Eclipse Public License 1.0</name>
+                    <url>http://git.eclipse.org/c/sisu/org.eclipse.sisu.inject.git/plain/LICENSE.txt?h=releases/0.3.2</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.aether</groupId>
+            <artifactId>aether-util</artifactId>
+            <version>1.1.0</version>
+            <licenses>
+                <license>
+                    <name>Eclipse Public License 1.0</name>
+                    <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.aether</groupId>
+            <artifactId>aether-impl</artifactId>
+            <version>1.1.0</version>
+            <licenses>
+                <license>
+                    <name>Eclipse Public License 1.0</name>
+                    <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.aether</groupId>
+            <artifactId>aether-transport-wagon</artifactId>
+            <version>1.1.0</version>
+            <licenses>
+                <license>
+                    <name>Eclipse Public License 1.0</name>
+                    <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.aether</groupId>
+            <artifactId>aether-connector-basic</artifactId>
+            <version>1.1.0</version>
+            <licenses>
+                <license>
+                    <name>Eclipse Public License 1.0</name>
+                    <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.aether</groupId>
+            <artifactId>aether-transport-file</artifactId>
+            <version>1.1.0</version>
+            <licenses>
+                <license>
+                    <name>Eclipse Public License 1.0</name>
+                    <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.aether</groupId>
+            <artifactId>aether-api</artifactId>
+            <version>1.1.0</version>
+            <licenses>
+                <license>
+                    <name>Eclipse Public License 1.0</name>
+                    <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.aether</groupId>
+            <artifactId>aether-spi</artifactId>
+            <version>1.1.0</version>
+            <licenses>
+                <license>
+                    <name>Eclipse Public License 1.0</name>
+                    <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.aether</groupId>
+            <artifactId>aether-transport-http</artifactId>
+            <version>1.1.0</version>
+            <licenses>
+                <license>
+                    <name>Eclipse Public License 1.0</name>
+                    <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jdt.core.compiler</groupId>
+            <artifactId>ecj</artifactId>
+            <version>4.6.1</version>
+            <licenses>
+                <license>
+                    <name>Eclipse Public License 1.0</name>
+                    <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.sonatype.plexus</groupId>
+            <artifactId>plexus-cipher</artifactId>
+            <version>1.7</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.sonatype.plexus</groupId>
+            <artifactId>plexus-sec-dispatcher</artifactId>
+            <version>1.3</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.antlr</groupId>
+            <artifactId>antlr-runtime</artifactId>
+            <version>3.5.2</version>
+            <licenses>
+                <license>
+                    <name>BSD 3-clause New or Revised License</name>
+                    <url>https://raw.githubusercontent.com/antlr/antlr3/3.5.2/runtime/Python/LICENSE</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.kie</groupId>
+            <artifactId>kie-api</artifactId>
+            <version>7.11.0.Final</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/kiegroup/drools/7.11.0.Final/LICENSE-ASL-2.0.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.kie</groupId>
+            <artifactId>kie-ci</artifactId>
+            <version>7.11.0.Final</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/kiegroup/droolsjbpm-knowledge/7.11.0.Final/LICENSE-ASL-2.0.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.kie</groupId>
+            <artifactId>kie-internal</artifactId>
+            <version>7.11.0.Final</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/kiegroup/droolsjbpm-knowledge/7.11.0.Final/LICENSE-ASL-2.0.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.drools</groupId>
+            <artifactId>drools-compiler</artifactId>
+            <version>7.11.0.Final</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/kiegroup/drools/7.11.0.Final/LICENSE-ASL-2.0.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.drools</groupId>
+            <artifactId>drools-core</artifactId>
+            <version>7.11.0.Final</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/kiegroup/drools/7.11.0.Final/LICENSE-ASL-2.0.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>com.webauthn4j</groupId>
+            <artifactId>webauthnj4-core</artifactId>
+            <version>0.12.0.RELEASE</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.12.0.RELEASE/LICENSE.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>com.webauthn4j</groupId>
+            <artifactId>webauthnj4-util</artifactId>
+            <version>0.12.0.RELEASE</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.12.0.RELEASE/LICENSE.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.kerby</groupId>
+            <artifactId>kerby-asn1</artifactId>
+            <version>2.0.0</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/apache/directory-kerby/kerby-all-2.0.0/LICENSE</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.infinispan</groupId>
+            <artifactId>infinispan-jboss-marshalling</artifactId>
+            <version>10.1.8.Final</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/infinispan/infinispan/master/LICENSE.md</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.marshalling</groupId>
+            <artifactId>jboss-marshalling</artifactId>
+            <version>2.0.11.Final</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/jboss-remoting/jboss-marshalling/main/LICENSE.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.marshalling</groupId>
+            <artifactId>jboss-marshalling-river</artifactId>
+            <version>2.0.11.Final</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/jboss-remoting/jboss-marshalling/main/LICENSE.txt</url>
+                </license>
+            </licenses>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.dataformat</groupId>
+            <artifactId>jackson-dataformat-cbor</artifactId>
+            <version>2.10.1</version>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+                </license>
+            </licenses>
+        </dependency>
+    </dependencies>
+    <others>
+        <other>
+            <description>jQuery</description>
+            <locations>
+                <directory>themes/keycloak/common/resources/node_modules/jquery/dist</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/jquery/jquery/3.2.1/LICENSE.txt</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>AngularJS</description>
+            <locations>
+                <directory>themes/keycloak/common/resources/lib/angular</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/angular/angular.js/v1.4.4/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>angular-translate</description>
+            <locations>
+                <directory>themes/keycloak/common/resources/node_modules/angular-translate/dist</directory>
+                <directory>themes/keycloak/common/resources/node_modules/angular-translate-loader-url</directory>
+                <directory>themes/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-partial</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/angular-translate/angular-translate/2.15.1/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>ui-select2</description>
+            <locations>
+                <directory>themes/keycloak/common/resources/node_modules/angular-ui-select2</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/angular-ui/ui-select2/v0.0.5/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>angular-ui-bootstrap</description>
+            <locations>
+                <file>themes/keycloak/common/resources/lib/angular/ui-bootstrap-tpls-0.11.0.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/angular-ui/bootstrap/0.11.0/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>Angular Treeview</description>
+            <locations>
+                <directory>themes/keycloak/common/resources/lib/angular/treeview</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/eu81273/angular.treeview/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>safename</description>
+            <locations>
+                <directory>themes/src/main/resources/theme/keycloak/common/resources/node_modules/safename</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/jacoborus/safename/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>Select2</description>
+            <locations>
+                <directory>themes/keycloak/common/resources/node_modules/select2</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/select2/select2/3.4.1/LICENSE</url>
+                </license>
+                <license>
+                    <name>GNU General Public License v2.0 only</name>
+                    <url>https://raw.githubusercontent.com/select2/select2/3.4.1/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>text-security</description>
+            <locations>
+                <directory>themes/src/main/resources/theme/keycloak/common/resources/node_modules/text-security</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/noppa/text-security/master/LICENSE.txt</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>FileSaver.js</description>
+            <locations>
+                <file>themes/keycloak/common/resources/lib/filesaver/FileSaver.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/eligrey/FileSaver.js/1.3.2/LICENSE.md</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>angular-file-upload</description>
+            <locations>
+                <directory>themes/keycloak/common/resources/lib/fileupload</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/danialfarid/ng-file-upload/1.1.10/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>UI.Ace</description>
+            <locations>
+                <file>themes/keycloak/common/resources/lib/ui-ace/ui-ace.min.js</file>
+                <file>themes/keycloak/common/resources/lib/ui-ace/ui-ace.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/angular-ui/ui-ace/src0.2.3/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>Ace Code Editor</description>
+            <locations>
+                <directory>themes/keycloak/common/resources/lib/ui-ace</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>BSD 3-clause New or Revised License</name>
+                    <url>https://raw.githubusercontent.com/ajaxorg/ace-builds/v1.2.3/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>Font Awesome (Font)</description>
+            <locations>
+                <directory>themes/src/main/resources/theme/keycloak/common/resources/node_modules/font-awesome/fonts</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>SIL Open Font License 1.1</name>
+                    <url>https://raw.githubusercontent.com/FortAwesome/Font-Awesome/v4.3.0/README.md</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>RCUE</description>
+            <locations>
+                <directory>themes/src/main/resources/theme/keycloak/common/resources/node_modules/rcue</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/redhat-rcue/rcue/master/LICENSE.txt</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>Glyphicons Halflings</description>
+            <locations>
+                <directory>themes/keycloak/common/resources/lib/components/bootstrap/dist/fonts</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/twbs/bootstrap/v3.3.1-130-gadd44ca/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>Patternfly</description>
+            <locations>
+                <directory>themes/keycloak/common/resources/lib/patternfly</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/patternfly/patternfly/v3.59.4/LICENSE.txt</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>OpenSans</description>
+            <locations>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Bold-webfont.ttf</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-BoldItalic-webfont.svg</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Semibold-webfont.eot</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBoldItalic-webfont.woff</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBoldItalic-webfont.eot</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBoldItalic-webfont.ttf</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-SemiboldItalic-webfont.woff</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-BoldItalic-webfont.woff</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Italic-webfont.ttf</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Bold-webfont.woff</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBoldItalic-webfont.svg</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Regular-webfont.ttf</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Bold-webfont.eot</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Italic-webfont.svg</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-LightItalic-webfont.ttf</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBold-webfont.eot</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Light-webfont.ttf</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-SemiboldItalic-webfont.eot</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Regular-webfont.woff</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBold-webfont.woff</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Regular-webfont.eot</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-LightItalic-webfont.eot</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Italic-webfont.eot</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Light-webfont.woff</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-SemiboldItalic-webfont.ttf</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-SemiboldItalic-webfont.woff2</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Regular-webfont.woff2</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Semibold-webfont.woff</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Light-webfont.eot</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBold-webfont.woff2</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Semibold-webfont.woff2</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Light-webfont.woff2</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-BoldItalic-webfont.woff2</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-LightItalic-webfont.woff</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBold-webfont.ttf</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBold-webfont.svg</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Bold-webfont.svg</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-LightItalic-webfont.svg</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Regular-webfont.svg</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Italic-webfont.woff2</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Semibold-webfont.svg</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-LightItalic-webfont.woff2</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Italic-webfont.woff</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Semibold-webfont.ttf</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Light-webfont.svg</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-BoldItalic-webfont.ttf</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-BoldItalic-webfont.eot</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-SemiboldItalic-webfont.svg</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBoldItalic-webfont.woff2</file>
+                <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Bold-webfont.woff2</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>Apache Software License 2.0</name>
+                    <url>https://raw.githubusercontent.com/google/fonts/master/apache/opensans/LICENSE.txt</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>Zocial</description>
+            <locations>
+                <directory>themes/keycloak/common/resources/lib/zocial</directory>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/smcllns/css-social-buttons/547237515694d05eaa38aeae3fb4d2eb4dee1ac9/README.md</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>rfc4648.js</description>
+            <locations>
+                <file>services/src/main/resources/theme-resources/resources/base64url.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT License</name>
+                    <url>https://raw.githubusercontent.com/swansontec/rfc4648.js/master/package.json</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>@emotion</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/emotion-js/emotion/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>stylis-rule-sheet</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/thysultan/stylis.js/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>change-case</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/blakeembrey/change-case/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>@patternfly</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/patternfly/patternfly-react/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>tabbable</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/davidtheclark/tabbable/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>xtend</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/Raynos/xtend/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>focus-trap</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/davidtheclark/focus-trap/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>prop-types</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/common/index-fd2ed651.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/facebook/prop-types/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>popper.js</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/FezVrasta/popper.js/master/LICENSE.md</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>tippy.js</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/atomiks/tippyjs/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>tslib</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>Apache-2.0</name>
+                    <url>https://raw.githubusercontent.com/Microsoft/tslib/master/LICENSE.txt</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>file-selector</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/react-dropzone/file-selector/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>attr-accept</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/okonet/attr-accept/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>react-dropzone</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/react-dropzone/react-dropzone/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>@pika-react</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/react.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/facebook/react/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>@pika-react-dom</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/react-dom.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/facebook/react/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>warning</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://github.com/BerkeleyTrue/warning/raw/master/LICENSE.md</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>invariant</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/zertosh/invariant/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>resolve-pathname</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/mjackson/resolve-pathname/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>value-equal</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/mjackson/value-equal/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>history</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/ReactTraining/history/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>react-router</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/ReactTraining/react-router/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>react-router-dom</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/ReactTraining/react-router/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>isarray</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/juliangruber/isarray/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>path-to-regexp</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/pillarjs/path-to-regexp/master/LICENSE</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>hoist-non-react-statics</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>BSD-3-Clause</name>
+                    <url>https://raw.githubusercontent.com/mridgway/hoist-non-react-statics/master/LICENSE.md</url>
+                </license>
+            </licenses>
+        </other>
+        <other>
+            <description>object-assign</description>
+            <locations>
+                <file>themes/keycloak/common/resources/web_modules/common/index-fd2ed651.js</file>
+            </locations>
+            <licenses>
+                <license>
+                    <name>MIT</name>
+                    <url>https://raw.githubusercontent.com/sindresorhus/object-assign/master/license</url>
+                </license>
+            </licenses>
+        </other>
+    </others>
+</licenseSummary>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/license/rh-sso-server-galleon-pack-licenses.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/license/rh-sso-server-galleon-pack-licenses.xml
new file mode 100644
index 0000000000..1cbd8f2577
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/license/rh-sso-server-galleon-pack-licenses.xml
@@ -0,0 +1,1221 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<licenseSummary>
+  <dependencies>
+    <dependency>
+      <groupId>com.openshift</groupId>
+      <artifactId>openshift-restclient-java</artifactId>
+      <version>8.0.0.Final-redhat-00001</version>
+      <licenses>
+        <license>
+          <name>Eclipse Public License 1.0</name>
+          <url>https://raw.githubusercontent.com/openshift/openshift-restclient-java/openshift-restclient-java-8.0.0.Final/license</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
+      <artifactId>owasp-java-html-sanitizer</artifactId>
+      <version>20191001.1.0.redhat-00001</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/OWASP/java-html-sanitizer/release-20191001.1/COPYING</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>com.google.zxing</groupId>
+      <artifactId>core</artifactId>
+      <version>3.4.0.redhat-00001</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/zxing/zxing/zxing-3.4.0/LICENSE</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>com.google.zxing</groupId>
+      <artifactId>javase</artifactId>
+      <version>3.4.0.redhat-00001</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/zxing/zxing/zxing-3.4.0/LICENSE</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.liquibase</groupId>
+      <artifactId>liquibase-core</artifactId>
+      <version>3.5.5.redhat-1</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/liquibase/liquibase/liquibase-parent-3.5.5/LICENSE.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.twitter4j</groupId>
+      <artifactId>twitter4j-core</artifactId>
+      <version>4.0.7.redhat-00002</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/yusuke/twitter4j/4.0.7/LICENSE.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.freemarker</groupId>
+      <artifactId>freemarker</artifactId>
+      <version>2.3.29.redhat-00001</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://git-wip-us.apache.org/repos/asf?p=freemarker.git;a=blob_plain;f=LICENSE;hb=v2.3.29</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>aopalliance</groupId>
+      <artifactId>aopalliance</artifactId>
+      <version>1.0</version>
+      <licenses>
+        <license>
+          <name>Public Domain</name>
+          <url>http://aopalliance.sourceforge.net/</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-classworlds</artifactId>
+      <version>2.5.2</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/sonatype/plexus-classworlds/plexus-classworlds-2.5.2/LICENSE-2.0.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-utils</artifactId>
+      <version>3.0.22</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-component-annotations</artifactId>
+      <version>1.6.0</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-interpolation</artifactId>
+      <version>1.21</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.ant</groupId>
+      <artifactId>ant-launcher</artifactId>
+      <version>1.8.4</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://git-wip-us.apache.org/repos/asf?p=ant.git;a=blob_plain;f=LICENSE;hb=rel/1.8.4</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.ant</groupId>
+      <artifactId>ant</artifactId>
+      <version>1.8.4</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://git-wip-us.apache.org/repos/asf?p=ant.git;a=blob_plain;f=LICENSE;hb=rel/1.8.4</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven.wagon</groupId>
+      <artifactId>wagon-http-shared</artifactId>
+      <version>3.0</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven.wagon</groupId>
+      <artifactId>wagon-provider-api</artifactId>
+      <version>3.0</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven.wagon</groupId>
+      <artifactId>wagon-http</artifactId>
+      <version>3.0</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-compat</artifactId>
+      <version>3.3.9</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-model-builder</artifactId>
+      <version>3.3.9</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-core</artifactId>
+      <version>3.3.9</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-model</artifactId>
+      <version>3.3.9</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-artifact</artifactId>
+      <version>3.3.9</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-plugin-api</artifactId>
+      <version>3.3.9</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-settings</artifactId>
+      <version>3.3.9</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-repository-metadata</artifactId>
+      <version>3.3.9</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-aether-provider</artifactId>
+      <version>3.3.9</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-settings-builder</artifactId>
+      <version>3.3.9</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://gitbox.apache.org/repos/asf?p=maven.git;a=blob_plain;f=LICENSE;hb=maven-3.3.9</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>com.google.inject.extensions</groupId>
+      <artifactId>guice-servlet</artifactId>
+      <version>4.0</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/google/guice/4.0/COPYING</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.sisu</groupId>
+      <artifactId>org.eclipse.sisu.plexus</artifactId>
+      <version>0.3.2</version>
+      <licenses>
+        <license>
+          <name>Eclipse Public License 1.0</name>
+          <url>http://git.eclipse.org/c/sisu/org.eclipse.sisu.inject.git/plain/LICENSE.txt?h=releases/0.3.2</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.sisu</groupId>
+      <artifactId>org.eclipse.sisu.inject</artifactId>
+      <version>0.3.2</version>
+      <licenses>
+        <license>
+          <name>Eclipse Public License 1.0</name>
+          <url>http://git.eclipse.org/c/sisu/org.eclipse.sisu.inject.git/plain/LICENSE.txt?h=releases/0.3.2</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.aether</groupId>
+      <artifactId>aether-util</artifactId>
+      <version>1.1.0</version>
+      <licenses>
+        <license>
+          <name>Eclipse Public License 1.0</name>
+          <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.aether</groupId>
+      <artifactId>aether-impl</artifactId>
+      <version>1.1.0</version>
+      <licenses>
+        <license>
+          <name>Eclipse Public License 1.0</name>
+          <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.aether</groupId>
+      <artifactId>aether-transport-wagon</artifactId>
+      <version>1.1.0</version>
+      <licenses>
+        <license>
+          <name>Eclipse Public License 1.0</name>
+          <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.aether</groupId>
+      <artifactId>aether-connector-basic</artifactId>
+      <version>1.1.0</version>
+      <licenses>
+        <license>
+          <name>Eclipse Public License 1.0</name>
+          <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.aether</groupId>
+      <artifactId>aether-transport-file</artifactId>
+      <version>1.1.0</version>
+      <licenses>
+        <license>
+          <name>Eclipse Public License 1.0</name>
+          <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.aether</groupId>
+      <artifactId>aether-api</artifactId>
+      <version>1.1.0</version>
+      <licenses>
+        <license>
+          <name>Eclipse Public License 1.0</name>
+          <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.aether</groupId>
+      <artifactId>aether-spi</artifactId>
+      <version>1.1.0</version>
+      <licenses>
+        <license>
+          <name>Eclipse Public License 1.0</name>
+          <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.aether</groupId>
+      <artifactId>aether-transport-http</artifactId>
+      <version>1.1.0</version>
+      <licenses>
+        <license>
+          <name>Eclipse Public License 1.0</name>
+          <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url> <!-- Archived project: https://wiki.eclipse.org/Development_Resources/HOWTO/Archived_Phase -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jdt.core.compiler</groupId>
+      <artifactId>ecj</artifactId>
+      <version>4.6.1.redhat-1</version>
+      <licenses>
+        <license>
+          <name>Eclipse Public License 1.0</name>
+          <url>https://www.eclipse.org/org/documents/epl-1.0/EPL-1.0.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.sonatype.plexus</groupId>
+      <artifactId>plexus-cipher</artifactId>
+      <version>1.7</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.sonatype.plexus</groupId>
+      <artifactId>plexus-sec-dispatcher</artifactId>
+      <version>1.3</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.antlr</groupId>
+      <artifactId>antlr-runtime</artifactId>
+      <version>3.5.2</version>
+      <licenses>
+        <license>
+          <name>BSD 3-clause New or Revised License</name>
+          <url>https://raw.githubusercontent.com/antlr/antlr3/3.5.2/runtime/Python/LICENSE</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.kie</groupId>
+      <artifactId>kie-api</artifactId>
+      <version>7.11.0.Final</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/kiegroup/drools/7.11.0.Final/LICENSE-ASL-2.0.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.kie</groupId>
+      <artifactId>kie-ci</artifactId>
+      <version>7.11.0.Final</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/kiegroup/droolsjbpm-knowledge/7.11.0.Final/LICENSE-ASL-2.0.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.kie</groupId>
+      <artifactId>kie-internal</artifactId>
+      <version>7.11.0.Final</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/kiegroup/droolsjbpm-knowledge/7.11.0.Final/LICENSE-ASL-2.0.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.drools</groupId>
+      <artifactId>drools-compiler</artifactId>
+      <version>7.11.0.Final</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/kiegroup/drools/7.11.0.Final/LICENSE-ASL-2.0.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.drools</groupId>
+      <artifactId>drools-core</artifactId>
+      <version>7.11.0.Final</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/kiegroup/drools/7.11.0.Final/LICENSE-ASL-2.0.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>com.webauthn4j</groupId>
+      <artifactId>webauthnj4-core</artifactId>
+      <version>0.12.0.RELEASE-redhat-00001</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.12.0.RELEASE/LICENSE.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>com.webauthn4j</groupId>
+      <artifactId>webauthnj4-util</artifactId>
+      <version>0.12.0.RELEASE-redhat-00001</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.12.0.RELEASE/LICENSE.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerby-asn1</artifactId>
+      <version>2.0.0.redhat-00001</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/apache/directory-kerby/kerby-all-2.0.0/LICENSE</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.infinispan</groupId>
+      <artifactId>infinispan-jboss-marshalling</artifactId>
+      <version>10.1.8.Final</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/infinispan/infinispan/master/LICENSE.md</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.jboss.marshalling</groupId>
+      <artifactId>jboss-marshalling</artifactId>
+      <version>2.0.11.Final</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/jboss-remoting/jboss-marshalling/main/LICENSE.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>org.jboss.marshalling</groupId>
+      <artifactId>jboss-marshalling-river</artifactId>
+      <version>2.0.11.Final</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/jboss-remoting/jboss-marshalling/main/LICENSE.txt</url>
+        </license>
+      </licenses>
+    </dependency>
+    <dependency>
+      <groupId>com.fasterxml.jackson.dataformat</groupId>
+      <artifactId>jackson-dataformat-cbor</artifactId>
+      <version>2.9.10.redhat-00003</version>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url> <!-- Source repo contains no license file -->
+        </license>
+      </licenses>
+    </dependency>
+  </dependencies>
+  <others>
+    <other>
+      <description>jQuery</description>
+      <locations>
+        <directory>themes/keycloak/common/resources/node_modules/jquery/dist</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/jquery/jquery/3.2.1/LICENSE.txt</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>AngularJS</description>
+      <locations>
+        <directory>themes/keycloak/common/resources/lib/angular</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/angular/angular.js/v1.4.4/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>angular-translate</description>
+      <locations>
+        <directory>themes/keycloak/common/resources/node_modules/angular-translate/dist</directory>
+        <directory>themes/keycloak/common/resources/node_modules/angular-translate-loader-url</directory>
+        <directory>themes/keycloak/common/resources/node_modules/angular-translate/dist/angular-translate-loader-partial</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/angular-translate/angular-translate/2.15.1/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>ui-select2</description>
+      <locations>
+        <directory>themes/keycloak/common/resources/node_modules/angular-ui-select2</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/angular-ui/ui-select2/v0.0.5/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>angular-ui-bootstrap</description>
+      <locations>
+        <file>themes/keycloak/common/resources/lib/angular/ui-bootstrap-tpls-0.11.0.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/angular-ui/bootstrap/0.11.0/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>Angular Treeview</description>
+      <locations>
+        <directory>themes/keycloak/common/resources/lib/angular/treeview</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/eu81273/angular.treeview/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>safename</description>
+      <locations>
+        <directory>themes/src/main/resources/theme/keycloak/common/resources/node_modules/safename</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/jacoborus/safename/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>Select2</description>
+      <locations>
+        <directory>themes/keycloak/common/resources/node_modules/select2</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/select2/select2/3.4.1/LICENSE</url>
+        </license>
+        <license>
+          <name>GNU General Public License v2.0 only</name>
+          <url>https://raw.githubusercontent.com/select2/select2/3.4.1/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>text-security</description>
+      <locations>
+        <directory>themes/src/main/resources/theme/keycloak/common/resources/node_modules/text-security</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/noppa/text-security/master/LICENSE.txt</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>FileSaver.js</description>
+      <locations>
+        <file>themes/keycloak/common/resources/lib/filesaver/FileSaver.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/eligrey/FileSaver.js/1.3.2/LICENSE.md</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>angular-file-upload</description>
+      <locations>
+        <directory>themes/keycloak/common/resources/lib/fileupload</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/danialfarid/ng-file-upload/1.1.10/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>UI.Ace</description>
+      <locations>
+        <file>themes/keycloak/common/resources/lib/ui-ace/ui-ace.min.js</file>
+        <file>themes/keycloak/common/resources/lib/ui-ace/ui-ace.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/angular-ui/ui-ace/src0.2.3/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>Ace Code Editor</description>
+      <locations>
+        <directory>themes/keycloak/common/resources/lib/ui-ace</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>BSD 3-clause New or Revised License</name>
+          <url>https://raw.githubusercontent.com/ajaxorg/ace-builds/v1.2.3/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>Font Awesome (Font)</description>
+      <locations>
+        <directory>themes/src/main/resources/theme/keycloak/common/resources/node_modules/font-awesome/fonts</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>SIL Open Font License 1.1</name>
+          <url>https://raw.githubusercontent.com/FortAwesome/Font-Awesome/v4.3.0/README.md</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>RCUE</description>
+      <locations>
+        <directory>themes/src/main/resources/theme/keycloak/common/resources/node_modules/rcue</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/redhat-rcue/rcue/master/LICENSE.txt</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>Glyphicons Halflings</description>
+      <locations>
+        <directory>themes/keycloak/common/resources/lib/components/bootstrap/dist/fonts</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/twbs/bootstrap/v3.3.1-130-gadd44ca/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>Patternfly</description>
+      <locations>
+        <directory>themes/keycloak/common/resources/lib/patternfly</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/patternfly/patternfly/v3.59.4/LICENSE.txt</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>OpenSans</description>
+      <locations>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Bold-webfont.ttf</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-BoldItalic-webfont.svg</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Semibold-webfont.eot</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBoldItalic-webfont.woff</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBoldItalic-webfont.eot</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBoldItalic-webfont.ttf</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-SemiboldItalic-webfont.woff</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-BoldItalic-webfont.woff</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Italic-webfont.ttf</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Bold-webfont.woff</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBoldItalic-webfont.svg</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Regular-webfont.ttf</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Bold-webfont.eot</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Italic-webfont.svg</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-LightItalic-webfont.ttf</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBold-webfont.eot</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Light-webfont.ttf</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-SemiboldItalic-webfont.eot</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Regular-webfont.woff</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBold-webfont.woff</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Regular-webfont.eot</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-LightItalic-webfont.eot</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Italic-webfont.eot</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Light-webfont.woff</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-SemiboldItalic-webfont.ttf</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-SemiboldItalic-webfont.woff2</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Regular-webfont.woff2</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Semibold-webfont.woff</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Light-webfont.eot</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBold-webfont.woff2</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Semibold-webfont.woff2</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Light-webfont.woff2</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-BoldItalic-webfont.woff2</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-LightItalic-webfont.woff</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBold-webfont.ttf</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBold-webfont.svg</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Bold-webfont.svg</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-LightItalic-webfont.svg</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Regular-webfont.svg</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Italic-webfont.woff2</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Semibold-webfont.svg</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-LightItalic-webfont.woff2</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Italic-webfont.woff</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Semibold-webfont.ttf</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Light-webfont.svg</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-BoldItalic-webfont.ttf</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-BoldItalic-webfont.eot</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-SemiboldItalic-webfont.svg</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-ExtraBoldItalic-webfont.woff2</file>
+        <file>themes/src/main/resources/theme/keycloak/common/resources/node_modules/patternfly/dist/fonts/OpenSans-Bold-webfont.woff2</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>Apache Software License 2.0</name>
+          <url>https://raw.githubusercontent.com/google/fonts/master/apache/opensans/LICENSE.txt</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>Zocial</description>
+      <locations>
+        <directory>themes/keycloak/common/resources/lib/zocial</directory>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/smcllns/css-social-buttons/547237515694d05eaa38aeae3fb4d2eb4dee1ac9/README.md</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>rfc4648.js</description>
+      <locations>
+        <file>services/src/main/resources/theme-resources/resources/base64url.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT License</name>
+          <url>https://raw.githubusercontent.com/swansontec/rfc4648.js/master/package.json</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>@emotion</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/emotion-js/emotion/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>stylis-rule-sheet</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/thysultan/stylis.js/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>change-case</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/blakeembrey/change-case/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>@patternfly</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/patternfly/patternfly-react/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>tabbable</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/davidtheclark/tabbable/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>xtend</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/Raynos/xtend/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>focus-trap</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/davidtheclark/focus-trap/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>prop-types</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/common/index-fd2ed651.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/facebook/prop-types/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>popper.js</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/FezVrasta/popper.js/master/LICENSE.md</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>tippy.js</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/atomiks/tippyjs/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>tslib</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>Apache-2.0</name>
+          <url>https://raw.githubusercontent.com/Microsoft/tslib/master/LICENSE.txt</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>file-selector</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/react-dropzone/file-selector/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>attr-accept</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/okonet/attr-accept/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>react-dropzone</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/@patternfly/react-core.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/react-dropzone/react-dropzone/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>@pika-react</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/react.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/facebook/react/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>@pika-react-dom</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/react-dom.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/facebook/react/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>warning</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://github.com/BerkeleyTrue/warning/raw/master/LICENSE.md</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>invariant</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/zertosh/invariant/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>resolve-pathname</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/mjackson/resolve-pathname/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>value-equal</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/mjackson/value-equal/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>history</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/ReactTraining/history/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>react-router</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/ReactTraining/react-router/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>react-router-dom</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/ReactTraining/react-router/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>isarray</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/juliangruber/isarray/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>path-to-regexp</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/pillarjs/path-to-regexp/master/LICENSE</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>hoist-non-react-statics</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/react-router-dom.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>BSD-3-Clause</name>
+          <url>https://raw.githubusercontent.com/mridgway/hoist-non-react-statics/master/LICENSE.md</url>
+        </license>
+      </licenses>
+    </other>
+    <other>
+      <description>object-assign</description>
+      <locations>
+        <file>themes/keycloak/common/resources/web_modules/common/index-fd2ed651.js</file>
+      </locations>
+      <licenses>
+        <license>
+          <name>MIT</name>
+          <url>https://raw.githubusercontent.com/sindresorhus/object-assign/master/license</url>
+        </license>
+      </licenses>
+    </other>
+  </others>
+</licenseSummary>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/domain/domain.xml/config.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/domain/domain.xml/config.xml
new file mode 100644
index 0000000000..61d6fdbb5e
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/domain/domain.xml/config.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" ?>
+
+<config xmlns="urn:jboss:galleon:config:1.0" name="domain.xml" model="domain">
+    <!-- domain.server-group features are excluded from every domain group below
+         simply to preserve the order of the profiles specified here.
+         Not excluding the server groups will work but profiles full and full-ha
+         will appear in the resulting config before ha because the server groups that are
+         introduced into the config by the first domain group and overriden to reference
+         full and full-ha below will make those profiles installed before ha.
+    -->
+    <feature-group name="domain-keycloak-standalone">
+        <exclude spec="domain.server-group"/>
+    </feature-group>
+    <feature-group name="domain-keycloak-clustered">
+        <exclude spec="domain.server-group"/>
+    </feature-group>
+    <feature-group name="domain-load-balancer">
+        <exclude spec="domain.server-group"/>
+        <exclude feature-id="domain.interface:interface=unsecure"/>
+    </feature-group>
+
+    <feature-group name="domain-server-groups-keycloak"/>
+
+</config>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/host/host-master.xml/config.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/host/host-master.xml/config.xml
new file mode 100644
index 0000000000..59c2a27990
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/host/host-master.xml/config.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" ?>
+
+<config xmlns="urn:jboss:galleon:config:1.0" name="host-master.xml" model="host">
+    <feature-group name="host-master"/>
+</config>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/host/host-slave.xml/config.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/host/host-slave.xml/config.xml
new file mode 100644
index 0000000000..af8c40a223
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/host/host-slave.xml/config.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" ?>
+
+<config xmlns="urn:jboss:galleon:config:1.0" name="host-slave.xml" model="host">
+    <feature-group name="host-slave"/>
+</config>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/host/host.xml/config.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/host/host.xml/config.xml
new file mode 100644
index 0000000000..b42c0e7803
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/host/host.xml/config.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" ?>
+
+<config xmlns="urn:jboss:galleon:config:1.0" name="host.xml" model="host">
+    <feature-group name="host"/>
+</config>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/standalone/model.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/standalone/model.xml
new file mode 100644
index 0000000000..7455d294c9
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/standalone/model.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" ?>
+
+<config xmlns="urn:jboss:galleon:config:1.0" model="standalone">
+    <packages>
+        <package name="misc.standalone"/>
+    </packages>
+</config>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/standalone/standalone-ha.xml/config.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/standalone/standalone-ha.xml/config.xml
new file mode 100644
index 0000000000..8731c54806
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/standalone/standalone-ha.xml/config.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" ?>
+
+<config xmlns="urn:jboss:galleon:config:1.0" name="standalone-ha.xml" model="standalone">
+    <feature-group name="standalone-ha"/>
+</config>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/standalone/standalone.xml/config.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/standalone/standalone.xml/config.xml
new file mode 100644
index 0000000000..b06b220662
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/configs/standalone/standalone.xml/config.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" ?>
+
+<config xmlns="urn:jboss:galleon:config:1.0" name="standalone.xml" model="standalone">
+    <feature-group name="standalone"/>
+</config>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/add-user-keycloak.bat b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/add-user-keycloak.bat
new file mode 100644
index 0000000000..0aa1dc9a63
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/add-user-keycloak.bat
@@ -0,0 +1,79 @@
+@echo off
+rem -------------------------------------------------------------------------
+rem Add User script for Windows
+rem -------------------------------------------------------------------------
+rem
+rem A simple utility for adding new users to the properties file used
+rem for domain management authentication out of the box.
+
+rem $Id$
+
+@if not "%ECHO%" == ""  echo %ECHO%
+@if "%OS%" == "Windows_NT" setlocal
+
+if "%OS%" == "Windows_NT" (
+  set "DIRNAME=%~dp0%"
+) else (
+  set DIRNAME=.\
+)
+
+pushd "%DIRNAME%.."
+set "RESOLVED_JBOSS_HOME=%CD%"
+popd
+
+if "x%JBOSS_HOME%" == "x" (
+  set "JBOSS_HOME=%RESOLVED_JBOSS_HOME%"
+)
+
+pushd "%JBOSS_HOME%"
+set "SANITIZED_JBOSS_HOME=%CD%"
+popd
+
+if /i "%RESOLVED_JBOSS_HOME%" NEQ "%SANITIZED_JBOSS_HOME%" (
+   echo.
+   echo   WARNING: The JBOSS_HOME ^("%SANITIZED_JBOSS_HOME%"^) that this script uses points to a different installation than the one that this script resides in ^("%RESOLVED_JBOSS_HOME%"^). Unpredictable results may occur.
+   echo.
+   echo       JBOSS_HOME: "%JBOSS_HOME%"
+   echo.
+)
+
+rem Setup JBoss specific properties
+if "x%JAVA_HOME%" == "x" (
+  set  JAVA=java
+  echo JAVA_HOME is not set. Unexpected results may occur.
+  echo Set JAVA_HOME to the directory of your local JDK to avoid this message.
+) else (
+  set "JAVA=%JAVA_HOME%\bin\java"
+)
+
+rem set default modular jvm parameters
+setlocal EnableDelayedExpansion
+call "!DIRNAME!common.bat" :setDefaultModularJvmOptions "!JAVA_OPTS!"
+set "JAVA_OPTS=!JAVA_OPTS! !DEFAULT_MODULAR_JVM_OPTIONS!"
+setlocal DisableDelayedExpansion
+
+rem Find jboss-modules.jar, or we can't continue
+if exist "%JBOSS_HOME%\jboss-modules.jar" (
+    set "RUNJAR=%JBOSS_HOME%\jboss-modules.jar"
+) else (
+  echo Could not locate "%JBOSS_HOME%\jboss-modules.jar".
+  echo Please check that you are in the bin directory when running this script.
+  goto END
+)
+
+rem Set default module root paths
+if "x%JBOSS_MODULEPATH%" == "x" (
+  set "JBOSS_MODULEPATH=%JBOSS_HOME%\modules"
+)
+
+rem Uncomment to override standalone and domain user location
+rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.server.config.user.dir=..\standalone\configuration -Djboss.domain.config.user.dir=..\domain\configuration"
+
+"%JAVA%" %JAVA_OPTS% ^
+    -jar "%JBOSS_HOME%\jboss-modules.jar" ^
+    -mp "%JBOSS_MODULEPATH%" ^
+     org.keycloak.keycloak-wildfly-adduser ^
+     %*
+
+:END
+if "x%NOPAUSE%" == "x" pause
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/add-user-keycloak.sh b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/add-user-keycloak.sh
new file mode 100755
index 0000000000..6999848e35
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/add-user-keycloak.sh
@@ -0,0 +1,79 @@
+#!/bin/sh
+
+# Add User Utility
+#
+# A simple utility for adding new users to the properties file used
+# for domain management authentication out of the box.
+#
+
+DIRNAME=`dirname "$0"`
+GREP="grep"
+
+ . "$DIRNAME/common.sh"
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false;
+if  [ `uname|grep -i CYGWIN` ]; then
+    cygwin=true;
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+    [ -n "$JBOSS_HOME" ] &&
+        JBOSS_HOME=`cygpath --unix "$JBOSS_HOME"`
+    [ -n "$JAVA_HOME" ] &&
+        JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+    [ -n "$JAVAC_JAR" ] &&
+        JAVAC_JAR=`cygpath --unix "$JAVAC_JAR"`
+fi
+
+# Setup JBOSS_HOME
+RESOLVED_JBOSS_HOME=`cd "$DIRNAME/.."; pwd`
+if [ "x$JBOSS_HOME" = "x" ]; then
+    # get the full path (without any relative bits)
+    JBOSS_HOME=$RESOLVED_JBOSS_HOME
+else
+ SANITIZED_JBOSS_HOME=`cd "$JBOSS_HOME"; pwd`
+ if [ "$RESOLVED_JBOSS_HOME" != "$SANITIZED_JBOSS_HOME" ]; then
+   echo "WARNING: The JBOSS_HOME ($SANITIZED_JBOSS_HOME) that this script uses points to a different installation than the one that this script resides in ($RESOLVED_JBOSS_HOME). Unpredictable results may occur."
+   echo ""
+ fi
+fi
+export JBOSS_HOME
+
+# Setup the JVM
+if [ "x$JAVA" = "x" ]; then
+    if [ "x$JAVA_HOME" != "x" ]; then
+        JAVA="$JAVA_HOME/bin/java"
+    else
+        JAVA="java"
+    fi
+fi
+
+# Set default modular JVM options
+setDefaultModularJvmOptions $JAVA_OPTS
+JAVA_OPTS="$JAVA_OPTS $DEFAULT_MODULAR_JVM_OPTIONS"
+
+if [ "x$JBOSS_MODULEPATH" = "x" ]; then
+    JBOSS_MODULEPATH="$JBOSS_HOME/modules"
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+    JBOSS_HOME=`cygpath --path --windows "$JBOSS_HOME"`
+    JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+    JBOSS_MODULEPATH=`cygpath --path --windows "$JBOSS_MODULEPATH"`
+fi
+
+# Sample JPDA settings for remote socket debugging
+#JAVA_OPTS="$JAVA_OPTS -agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=y"
+# Uncomment to override standalone and domain user location  
+#JAVA_OPTS="$JAVA_OPTS -Djboss.server.config.user.dir=../standalone/configuration -Djboss.domain.config.user.dir=../domain/configuration"
+
+JAVA_OPTS="$JAVA_OPTS"
+
+eval \"$JAVA\" $JAVA_OPTS \
+         -jar \""$JBOSS_HOME"/jboss-modules.jar\" \
+         -mp \""${JBOSS_MODULEPATH}"\" \
+         org.keycloak.keycloak-wildfly-adduser \
+         '"$@"'
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/federation-sssd-setup.sh b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/federation-sssd-setup.sh
new file mode 100644
index 0000000000..1eddb95978
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/federation-sssd-setup.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# Setup for SSSD
+SSSD_FILE="/etc/sssd/sssd.conf"
+
+if [ -f "$SSSD_FILE" ];
+then
+
+  if ! grep -q ^ldap_user_extra_attrs $SSSD_FILE; then 
+    sed -i '/ldap_tls_cacert/a ldap_user_extra_attrs = mail:mail, sn:sn, givenname:givenname, telephoneNumber:telephoneNumber' $SSSD_FILE
+  fi
+
+  if ! grep -q ^services.*ifp.* /etc/sssd/sssd.conf; then
+    sed -i '/^services/ s/$/, ifp/' $SSSD_FILE
+  fi
+
+  if ! grep -q ^allowed_uids $SSSD_FILE; then 
+    sed -i '/\[ifp\]/a allowed_uids = root' $SSSD_FILE
+  fi
+
+  if ! grep -q ^user_attributes $SSSD_FILE; then 
+    sed -i '/allowed_uids/a user_attributes = +mail, +telephoneNumber, +givenname, +sn' $SSSD_FILE
+  fi
+
+  systemctl restart sssd
+
+else
+  echo "Please make sure you have $SSSD_FILE into your system! Aborting."
+  exit 1
+fi
+
+# Setup for PAM
+PAM_FILE="/etc/pam.d/keycloak"
+
+if [ ! -f "$PAM_FILE" ];
+then
+cat <<EOF > $PAM_FILE
+  auth    required   pam_sss.so
+  account required   pam_sss.so
+EOF
+else
+  echo "$PAM_FILE already exists. Skipping it..."
+  exit 0
+fi
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-domain-clustered.cli b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-domain-clustered.cli
new file mode 100644
index 0000000000..3530730068
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-domain-clustered.cli
@@ -0,0 +1,753 @@
+embed-host-controller --domain-config=domain.xml
+
+# Early versions of keycloak used "ha" for the clustered profile name.
+# Yours maybe be something completely different.
+set clusteredProfile=auth-server-clustered
+
+# keycloak-server.json is not normally on this path.
+set pathToJson=../domain/configuration/keycloak-server.json
+
+
+echo
+echo *** Begin Migration of /profile=$clusteredProfile ***
+echo
+
+# Migrate from 1.8.1 to 1.9.1
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:read-resource
+  echo Adding replicated-cache=work to keycloak cache container...
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:add(mode=SYNC)
+  echo
+end-if
+# realmVersions cache deprecated in 2.1.0
+#if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
+#  echo Adding local-cache=realmVersions to keycloak cache container...
+#  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:add(indexing=NONE,start=LAZY)
+#  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/component=transaction/:write-attribute(name=mode,value=BATCH)
+#  echo
+#end-if
+
+# Migrate from 1.9.1 to 1.9.2
+if (result == NONE) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:read-attribute(name=strategy)
+  echo Adding eviction strategy to keycloak users cache container...
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
+  echo
+end-if
+
+# Migrate from 1.9.2 to 2.0.0
+# NO CHANGES
+
+# Migrate from 2.0.0 to 2.1.0
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
+  echo Removing deprecated cache 'realmVersions'
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:remove
+  echo
+end-if
+
+# Migrate kecloak-server.json (deprecated in 2.2.0)
+if (result == []) of /profile=$clusteredProfile/subsystem=keycloak-server/:read-children-names(child-type=spi)
+  echo Migrating keycloak-server.json to keycloak-server subsystem...
+  /profile=$clusteredProfile/subsystem=keycloak-server/:migrate-json(file=$pathToJson)
+  echo
+end-if
+if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /profile=$clusteredProfile/subsystem=keycloak-server/:read-attribute(name=providers)
+    echo Updating provider to default value
+    /profile=$clusteredProfile/subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*])
+    echo
+end-if
+if (result == keycloak) of /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=default)
+    echo Undefining default theme...
+    /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default)
+    echo
+end-if
+if (result == expression "${jboss.server.config.dir}/themes") of /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=dir)
+    echo Updating theme dir to default value
+    /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes)
+    echo
+end-if
+
+set persistenceProvider=jpa
+
+# Migrate from 2.1.0 to 2.2.0
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource
+    # In migration from 3.0.0 to 3.2.0 there is authorization distributed-cache replaced with local-cache
+    try
+        echo
+        /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:add(mode=SYNC,owners=1)
+        echo Added distributed-cache=authorization
+    catch
+    end-try
+end-if
+
+if (result == update) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema)
+  echo Updating connectionsJpa default properties...
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema)
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=initializeEmpty,value=true)
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationStrategy,value=update)
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationExport,value=${jboss.home.dir}/keycloak-database-update.sql)
+  echo
+end-if
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource
+  echo Adding spi=userFederatedStorage...
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:add(default-provider=$persistenceProvider)
+  echo
+end-if
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=jta-lookup/:read-resource
+  echo Adding spi=jta-lookup...
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=jta-lookup/:add(default-provider=${keycloak.jta.lookup.provider:jboss})
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=jta-lookup/provider=jboss/:add(enabled=true)
+  echo
+end-if
+
+# Migrate from 2.2.0 to 2.2.1
+# NO CHANGES
+
+# Migrate from 2.2.1 to 2.3.0
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:read-resource
+  echo Adding local-cache=keys to keycloak cache container...
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+if (result == undefined) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:read-attribute(name=strategy,include-defaults=false)
+  echo Updating eviction and expiration in local-cache=keys...
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=max-entries,value=1000)
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=expiration/:write-attribute(name=max-idle,value=3600000)
+  echo
+end-if
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=publicKeyStorage/:read-resource
+  echo Adding spi=publicKeyStorage...
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=publicKeyStorage/:add
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=publicKeyStorage/provider=infinispan/:add(properties={minTimeBetweenRequests => "10"},enabled=true)
+  echo
+end-if
+
+# Migrate from 2.3.0 to 2.4.0
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:read-resource
+  echo Replacing invalidation-cache=users with local-cache=users
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:remove
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/:add
+  echo
+end-if
+if (result == undefined) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:read-attribute(name=strategy,include-defaults=false)
+  echo Updating eviction in local-cache=users
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
+  echo
+end-if
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:read-resource
+  echo Replacing invalidation-cache=realms with local-cache=realms
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:remove
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/:add
+  echo
+end-if
+
+
+# Migrate from 2.4.0 to 2.5.0
+if (result == NONE) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:read-attribute(name=strategy)
+  echo Adding eviction strategy to keycloak realms cache...
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=max-entries,value=10000)
+  echo
+end-if
+
+# Migrate from 2.5.0 to 2.5.1
+# NO CHANGES
+
+# Migrate 2.5.1 to 2.5.4
+if (result != REPEATABLE_READ) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
+  echo Changing ejb cache locking to REPEATABLE_READ
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
+  echo
+end-if
+
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
+   echo Removing Hibernate immutable-entity cache
+   /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
+end-if
+
+
+# Migrate from 2.5.4 to 3.0.0
+if (result == jpa) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
+   echo Removing default provider for eventsStore
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=realm/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=user/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for userFederatedStorage SPI
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for authorizationPersister SPI
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=authorizationPersister/:remove
+   echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/:read-resource
+   echo Adding userCache SPI
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/:add
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/:read-resource
+   echo Adding realmCache SPI
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/:add
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
+   echo Adding 'default' as default provider for connectionsInfinispan
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
+   echo
+end-if
+
+# Migrate from 3.0.0 to 3.1.0
+# NO CHANGES
+
+# Migrate from 3.1.0 to 3.2.0
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:read-resource
+  echo Adding distributed-cache=authenticationSessions to keycloak cache container...
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:add(mode=SYNC,owners=1)
+  echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:read-resource
+  echo Adding distributed-cache=actionTokens to keycloak cache container...
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:add(indexing=NONE,mode=SYNC,owners=2)
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
+  echo
+end-if
+
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource
+  echo Replacing distributed-cache=authorization with local-cache=authorization
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:remove
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000)
+  echo
+end-if
+
+# Migrate from 3.2.0 to 3.2.1
+# NO CHANGES
+
+# Migrate from 3.2.1 to 3.3.0
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=core-management/:read-resource
+    try
+        echo Trying to add core-management extension
+        /extension=org.wildfly.extension.core-management/:add
+        echo
+    catch
+        echo Wasn't able to add core-management extension, it should be already added by migrate-domain-standalone.cli
+        echo
+    end-try
+    echo Adding subsystem core-management
+    /profile=$clusteredProfile/subsystem=core-management/:add
+    echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/:read-resource
+    try
+        echo Trying to add elytron extension
+        /extension=org.wildfly.extension.elytron/:add
+        echo
+    catch
+        echo Wasn't able to add elytron extension, it should be already added by migrate-domain-standalone.cli
+        echo
+    end-try
+    echo Adding subsystem elytron
+    /profile=$clusteredProfile/subsystem=elytron/:add
+    /profile=$clusteredProfile/subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron)
+    /profile=$clusteredProfile/subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl)
+    /profile=$clusteredProfile/subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl])
+    /profile=$clusteredProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON)
+    /profile=$clusteredProfile/subsystem=elytron/identity-realm=local/:add(identity="$local")
+    /profile=$clusteredProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir})
+    /profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
+    /profile=$clusteredProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
+    /profile=$clusteredProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
+    /profile=$clusteredProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
+    /profile=$clusteredProfile/subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}])
+    /profile=$clusteredProfile/subsystem=elytron/provider-http-server-mechanism-factory=global/:add
+    /profile=$clusteredProfile/subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}])
+    /profile=$clusteredProfile/subsystem=elytron/provider-sasl-server-factory=global/:add
+    /profile=$clusteredProfile/subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}])
+    /profile=$clusteredProfile/subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"})
+    /profile=$clusteredProfile/subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}])
+    /profile=$clusteredProfile/subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers)
+    /profile=$clusteredProfile/subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto])
+    echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
+    echo Adding channel-creation-options READ_TIMEOUT to ejb3 remote
+    /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio)
+    echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:read-resource
+    echo Adding channel-creation-options MAX_OUTBOUND_MESSAGES to ejb3 remote
+    /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting)
+    echo
+end-if
+
+if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/distributed-cache=dist:read-attribute(name=mode)
+    echo Setting SYNC mode for web cache-container
+    /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/distributed-cache=dist:write-attribute(name=mode,value=SYNC)
+    echo
+end-if
+
+if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/distributed-cache=dist:read-attribute(name=mode)
+    echo Setting SYNC mode for ejb cache-container
+    /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/distributed-cache=dist:write-attribute(name=mode,value=SYNC)
+    echo
+end-if
+
+if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/channel=ee/:read-attribute(name=cluster)
+    echo Setting cluster attribute to ejb in jgroups subsystem
+    /profile=$clusteredProfile/subsystem=jgroups/channel=ee/:write-attribute(name=cluster,value=ejb)
+    echo
+end-if
+
+if (result != undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
+    echo Unsetting socket-binding from udp FD_SOCK protocol
+    # it has to be done via remove and add, because socket-binding is not writable attribute
+    /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:remove
+    /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:add
+    echo
+end-if
+
+if (outcome == success) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD/:read-resource
+    echo Replacing tcp FD protocol with FD_ALL
+    /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD/:remove
+    /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_ALL/:add
+    echo
+end-if
+
+if (result != undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
+    echo Unsetting socket-binding from tcp FD_SOCK protocol
+    # it has to be done via remove and add, because socket-binding is not writable attribute
+    /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:remove
+    /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:add
+    echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource
+    echo Adding http-invoker to default-host
+    /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm)
+    echo
+end-if
+
+if (result == false) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2)
+    echo Enabling http2 for default http-listener
+    /profile=$clusteredProfile/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true)
+    echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/https-listener=https/:read-resource
+    echo Adding https-listener
+    /profile=$clusteredProfile/subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true)
+    echo
+end-if
+
+if (result == 224.0.1.105) of /socket-binding-group=ha-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address)
+    echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address
+    /socket-binding-group=ha-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105})
+    echo
+end-if
+
+# Migrate from 3.3.0 to 3.4.0
+if (outcome == success) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
+  echo Removing X-Powered-By and Server headers from Keycloak responses...
+  /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove
+  /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove
+  /profile=$clusteredProfile/subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove
+  /profile=$clusteredProfile/subsystem=undertow/configuration=filter/response-header=server-header/:remove
+end-if
+
+if (outcome == success) of /profile=$clusteredProfile/subsystem=jdr/:read-resource
+    echo Removing jdr subsystem and extension
+    /profile=$clusteredProfile/subsystem=jdr/:remove
+    echo
+    try
+        echo Trying to remove jdr extension
+        /extension=org.jboss.as.jdr/:remove
+        echo
+    catch
+        echo Wasn't able to remove jdr extension, Should be removed by migrate-domain-standalone.cli
+        echo
+    end-try
+end-if
+
+if (outcome == success) of /profile=$clusteredProfile/subsystem=jsf/:read-resource
+    echo Removing jsf subsystem and extension
+    /profile=$clusteredProfile/subsystem=jsf/:remove
+    echo
+    try
+        echo Trying to remove jsf extension
+        /extension=org.jboss.as.jsf/:remove
+        echo
+    catch
+        echo Wasn't able to remove jsf extension, Should be removed by migrate-domain-standalone.cli
+        echo
+    end-try
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/:read-resource
+  echo Adding distributed-cache=offlineClientSessions to keycloak cache container...
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/:add(mode=SYNC,owners=1)
+  echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/:read-resource
+  echo Adding distributed-cache=clientSessions to keycloak cache container...
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/:add(mode=SYNC,owners=1)
+  echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=x509cert-lookup/:read-resource
+  echo Adding spi=x509cert-lookup...
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=x509cert-lookup/:add(default-provider=${keycloak.x509cert.lookup.provider:default})
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=x509cert-lookup/provider=default/:add(enabled=true)
+  echo
+end-if
+
+# Migrate from 4.2.0 to 4.3.0
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/:read-resource
+  echo Adding spi=hostname...
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/:add(default-provider=request)
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/provider=fixed/:add(properties={hostname => "localhost",httpPort => "-1",httpsPort => "-1"},enabled=true)
+  echo
+end-if
+
+# Migrate from 4.3.0 to 4.4.0
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/permission-set=login-permission/:read-resource
+  echo Adding permission-set=login-permission to elytron
+  /profile=$clusteredProfile/subsystem=elytron/permission-set=login-permission:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}])
+  /profile=$clusteredProfile/subsystem=elytron/permission-set=default-permissions/:add(permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
+  /profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:undefine-attribute(name=permission-mappings)
+  /profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper:write-attribute(name=permission-mappings,value=[{permission-sets=[{permission-set=login-permission},{permission-set=default-permissions}],match-all=true},{permission-sets=[{permission-set=default-permissions}],principals=[anonymous]}])
+  echo
+end-if
+
+if (result == org.hibernate.infinispan) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate:read-attribute(name=module)
+  echo Update hibernate cache module
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate:write-attribute(name=module, value=org.infinispan.hibernate-cache)
+  echo
+end-if
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate:read-attribute(name=default-cache)
+  echo Remove default cache from hibernate cache
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate:undefine-attribute(name=default-cache)
+  echo
+end-if
+if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/replicated-cache=timestamps:read-attribute(name=mode)
+  echo Switching mode for timestamps cache from ASYNC to SYNC
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/replicated-cache=timestamps:write-attribute(name=mode, value=SYNC)
+  echo
+end-if
+
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:read-resource
+  echo Removing eviction from hibernate entity cache and replacing with object-memory
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:remove
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/distributed-cache=local-query/eviction=EVICTION:read-resource
+  echo Removing eviction from hibernate local-query cache and replacing with object-memory
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:remove
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak realms cache and replacing with object-memory
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:remove
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak users cache and replacing with object-memory
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:remove
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak authorization cache and replacing with object-memory
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:remove
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak keys cache and replacing with object-memory
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:remove
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/memory=object:add(size=1000)
+  echo
+end-if
+
+if (outcome == success) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:read-resource
+  echo Changing JNDI reference in connectionsInfinispan SPI
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:undefine-attribute(name=properties)
+  /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:write-attribute(name=properties,value={cacheContainer=java:jboss/infinispan/container/keycloak})
+  echo
+end-if
+
+if (outcome == success) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FRAG2:read-resource
+  echo Upgrade jgroups protocol from FRAG2 to FRAG3 for tcp stack
+  /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FRAG2:remove
+  /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FRAG3:add()
+  echo
+end-if
+if (outcome == success) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FRAG2:read-resource
+  echo Upgrade jgroups protocol from FRAG2 to FRAG3 for udp stack
+  /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FRAG2:remove
+  /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FRAG3:add()
+  echo
+end-if
+if (outcome == success) of /profile=$clusteredProfile/subsystem=remoting/configuration=endpoint:read-resource
+  echo Remove endpoint from remoting configuration
+  /profile=$clusteredProfile/subsystem=remoting/configuration=endpoint:remove
+  echo
+end-if
+if (outcome == success) of /profile=$clusteredProfile/socket-binding-group=$clusteredProfile-sockets/socket-binding=jgroups-mping:read-attribute(name=port)
+  /profile=$clusteredProfile/socket-binding-group=$clusteredProfile-sockets/socket-binding=jgroups-mping:undefine-attribute(name=port)
+end-if
+if (outcome == success) of /socket-binding-group=$clusteredProfile-sockets/socket-binding=modcluster:read-attribute(name=port)
+  /profile=$clusteredProfile/socket-binding-group=$clusteredProfile-sockets/socket-binding=modcluster:undefine-attribute(name=port)
+end-if
+
+# Migrate from 4.5.0 to 4.6.0
+if (outcome == success) of /profile=$clusteredProfile/subsystem=elytron/http-authentication-factory=application-http-authentication/:read-resource
+    echo Removing application-http-authentication from elytron subsystem
+    /profile=$clusteredProfile/subsystem=elytron/http-authentication-factory=application-http-authentication:remove
+    echo
+end-if
+
+if (result == undefined) of /profile=$clusteredProfile/subsystem=transactions/:read-attribute(name=node-identifier,include-defaults=false)
+    echo Setting node-identifier attribute of core-environment element in transactions subsystem
+    /profile=$clusteredProfile/subsystem=transactions/:write-attribute(name=node-identifier,value=expression "${jboss.tx.node.id:1}")
+    echo
+end-if
+
+if (outcome == success) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/transport=UDP/property=port_range:read-attribute(name=value)
+    try
+        /profile=$clusteredProfile/subsystem=jgroups/stack=udp/transport=UDP/property=port_range:remove
+        echo Remove port_range property from UDP transport type of udp stack
+    catch
+        echo
+    end-try
+end-if
+
+if (outcome == success) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:read-attribute(name=value)
+    try
+        /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:remove
+        echo Remove port_range property from TCP transport type of tcp stack
+    catch
+        echo
+    end-try
+end-if
+
+# Migrate from 4.8.3 to 5.0.0
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=logging/logger=io.jaegertracing.Configuration/:read-resource
+    echo Adding io.jaegertracing.Configuration logger
+    /profile=$clusteredProfile/subsystem=logging/logger=io.jaegertracing.Configuration/:add(category=io.jaegertracing.Configuration,level=WARN)
+    echo
+end-if
+
+# Migrate from 5.0.0 to 6.0.0
+if (result == NON_XA) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:read-attribute(name=mode)
+    echo Removing NON_XA transaction mode from infinispan/hibernate/entity
+    /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:undefine-attribute(name=mode)
+    echo
+end-if
+
+if (result == false) of /profile=$clusteredProfile/subsystem=datasources/data-source=ExampleDS/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to ExampleDS datasource
+    /profile=$clusteredProfile/subsystem=datasources/data-source=ExampleDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /profile=$clusteredProfile/subsystem=datasources/data-source=KeycloakDS/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to KeycloakDS datasource
+    /profile=$clusteredProfile/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /profile=$clusteredProfile/subsystem=ejb3/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to ejb3 subsystem
+    /profile=$clusteredProfile/subsystem=ejb3/:write-attribute(name=statistics-enabled,value=${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /profile=$clusteredProfile/subsystem=transactions/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to transactions subsystem
+    /profile=$clusteredProfile/subsystem=transactions/:write-attribute(name=statistics-enabled,value=${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /profile=$clusteredProfile/subsystem=undertow/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to undertow subsystem
+    /profile=$clusteredProfile/subsystem=undertow/:write-attribute(name=statistics-enabled,value=${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /profile=$clusteredProfile/subsystem=webservices/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to webservices subsystem
+    /profile=$clusteredProfile/subsystem=webservices/:write-attribute(name=statistics-enabled,value=${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+# Migrate from 6.0.1 to 7.0.0
+if (outcome == success) of /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
+    echo Removing READ_TIMEOUT option from remote service from ejb3 subsystem
+    /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:remove
+    echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/distributed-cache=routing:read-resource
+    echo Adding distributed cache routing to web cache container to infinispan subsystem
+    /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/distributed-cache=routing/:add
+    echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/replicated-cache=sso:read-resource
+    echo Adding replicated cache sso to web cache container to infinispan subsystem
+    /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/replicated-cache=sso/:add
+    /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/replicated-cache=sso/component=locking/:add(isolation=REPEATABLE_READ)
+    /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/replicated-cache=sso/component=transaction/:add(mode=BATCH)
+    echo
+end-if
+
+if (outcome == failed) of /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:read-resource
+    echo Adding jgroups-tcp-fd socket binding to ha-sockets binding group
+    /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:add(interface=private,port=57600)
+    echo
+end-if
+
+if (outcome == failed) of /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:read-resource
+    echo Adding jgroups-udp-fd socket binding to ha-sockets binding group
+    /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:add(interface=private,port=54200)
+    echo
+end-if
+
+if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
+    echo Adding socket-binding for FD_SOCK protocol for tcp stack in jgroups subsystem
+    /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:write-attribute(name=socket-binding,value=jgroups-tcp-fd)
+    echo
+end-if
+
+if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
+    echo Adding socket-binding for FD_SOCK protocol for udp stack in jgroups subsystem
+    /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:write-attribute(name=socket-binding,value=jgroups-udp-fd)
+    echo
+end-if
+
+if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
+    echo Disabling Truststore Provider
+    /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
+    echo Removing deprecated option
+    /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
+    echo
+end-if
+
+# Migrate from 7.0.0 to 8.0.0
+
+if ((result.time == 100L) && (result.unit == MILLISECONDS)) of /profile=$clusteredProfile/subsystem=ejb3/thread-pool=default:read-attribute(name=keepalive-time)
+    echo Changing thread pool keepalive of ejb3 subsystem
+    /profile=$clusteredProfile/subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.time, value=60)
+    /profile=$clusteredProfile/subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.unit,value=SECONDS)
+    echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/provider=default/:read-resource
+    echo Adding default hostname provider
+    /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/provider=default/:add(properties={frontendUrl => "${keycloak.frontendUrl:}",forceBackendUrlToFrontendUrl => "false"},enabled=true)
+end-if
+
+if (result == request) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
+    echo Switching from request to default hostname provider
+
+    /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/:write-attribute(name=default-provider,value=default)
+end-if
+
+if (result != fixed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
+    try
+        /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/provider=fixed:remove
+        echo Removed config for unused fixed hostname provider
+    catch
+    end-try
+end-if
+
+# Migrate from 10.0.2 to 11.0.0 (migration changes for infinispan update from 9.4.18.Final to 10.1.8.Final)
+
+if (result != org.keycloak.keycloak-model-infinispan) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak:read-attribute(name=module)
+    echo Setting class loader for keycloak cache-container in auth-server-clustered profile so JBoss Marshalling works properly with Infinispan 10.x
+    /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak:write-attribute(name=module,value=org.keycloak.keycloak-model-infinispan)
+    echo
+end-if
+
+# Migrate from 12.0.0 to 13.0.0
+
+## Add ability to make use of automatically generated self-signed certificate with Elytron,
+## introduced by WFCORE-5095 in Wildfly Core 14.0.0.Final
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/key-store=applicationKS:read-resource
+    echo Adding key store for the feature of auto-generation of self-signed certificate to Elytron subsystem...
+    /profile=$clusteredProfile/subsystem=elytron/key-store=applicationKS:add(credential-reference={clear-text=password},type=JKS)
+    /profile=$clusteredProfile/subsystem=elytron/key-store=applicationKS:write-attribute(name=path,value=application.keystore)
+    /profile=$clusteredProfile/subsystem=elytron/key-store=applicationKS:write-attribute(name=relative-to,value=jboss.domain.config.dir)
+    echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/key-manager=applicationKM:read-resource
+    echo Adding key manager for the feature of auto-generation of self-signed certificate to Elytron subsystem...
+    /profile=$clusteredProfile/subsystem=elytron/key-manager=applicationKM:add(key-store=applicationKS, credential-reference={clear-text=password})
+    /profile=$clusteredProfile/subsystem=elytron/key-manager=applicationKM:write-attribute(name=generate-self-signed-certificate-host,value=localhost)
+    echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/server-ssl-context=applicationSSC:read-resource
+    echo Adding SSL context for the feature of auto-generation of self-signed certificate to Elytron subsystem...
+    /profile=$clusteredProfile/subsystem=elytron/server-ssl-context=applicationSSC:add(key-manager=applicationKM)
+    echo
+end-if
+
+## Convert type of 'hung-task-termination-period' attribute for 'managed-executor-service' from INT to LONG
+if (result == 0) of /profile=$clusteredProfile/subsystem=ee/managed-executor-service=default:read-attribute(name=hung-task-termination-period)
+    echo Setting period for automatic termination of hung tasks for managed executor service to default value (0 miliseconds)
+    /profile=$clusteredProfile/subsystem=ee/managed-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
+    echo
+end-if
+
+## Convert type of 'hung-task-termination-period' attribute for 'managed-scheduled-executor-service' from INT to LONG
+if (result == 0) of /profile=$clusteredProfile/subsystem=ee/managed-scheduled-executor-service=default:read-attribute(name=hung-task-termination-period)
+    echo Setting period for automatic termination of hung tasks for managed scheduled executor service to default value (0 miliseconds)
+    /profile=$clusteredProfile/subsystem=ee/managed-scheduled-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
+    echo
+end-if
+
+## Set value of JPA default-datasource from empty string to 'undefined'
+if (outcome == success) && (result == "") of /profile=$clusteredProfile/subsystem=jpa:read-attribute(name=default-datasource)
+    echo Setting value of to default-datasource attribute in JPA subsystem to 'undefined'
+    /profile=$clusteredProfile/subsystem=jpa:undefine-attribute(name=default-datasource)
+    echo
+end-if
+
+echo *** End Migration of /profile=$clusteredProfile ***
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-domain-standalone.cli b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-domain-standalone.cli
new file mode 100644
index 0000000000..8b98178988
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-domain-standalone.cli
@@ -0,0 +1,654 @@
+embed-host-controller --domain-config=domain.xml
+
+# Early versions of keycloak used "default" for the standalone profile name.
+# Yours maybe be something completely different.
+set standaloneProfile=auth-server-standalone
+
+# keycloak-server.json is not normally on this path.
+set pathToJson=../domain/configuration/keycloak-server.json
+
+
+echo *** Begin Migration of /profile=$standaloneProfile ***
+echo
+
+# Migrate from 1.8.1 to 1.9.1
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=work/:read-resource
+  echo Adding local-cache=work to keycloak cache container...
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=work/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+# realmVersions cache deprecated in 2.1.0
+#if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
+#  echo Adding local-cache=realmVersions to keycloak cache container...
+#  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:add(indexing=NONE,start=LAZY)
+#  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/component=transaction/:write-attribute(name=mode,value=BATCH)
+#  echo
+#end-if
+
+
+# Migrate from 1.9.1 to 1.9.2
+if (result == NONE) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:read-attribute(name=strategy)
+  echo Adding eviction strategy to keycloak users cache container...
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
+  echo
+end-if
+
+# Migrate from 1.9.2 to 1.9.8
+# NO CHANGES
+
+# Migrate from 1.9.8 to 2.0.0
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:read-resource
+  echo Adding local-cache=authorization to keycloak cache container...
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+if (result == undefined) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:read-attribute(name=strategy,include-defaults=false)
+  echo Updating authorization cache container..
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=100)
+  echo
+end-if
+
+# Migrate from 2.0.0 to 2.1.0
+if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
+  echo Removing deprecated cache 'realmVersions'
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:remove
+  echo
+end-if
+
+# Migrate kecloak-server.json (deprecated in 2.2.0)
+if (result == []) of /profile=$standaloneProfile/subsystem=keycloak-server/:read-children-names(child-type=spi)
+  echo Migrating keycloak-server.json to keycloak-server subsystem...
+  /profile=$standaloneProfile/subsystem=keycloak-server/:migrate-json(file=$pathToJson)
+  echo
+end-if
+if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /profile=$standaloneProfile/subsystem=keycloak-server/:read-attribute(name=providers)
+    echo Updating provider to default value
+    /profile=$standaloneProfile/subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*])
+    echo
+end-if
+if (result == keycloak) of /profile=$standaloneProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=default)
+    echo Undefining default theme...
+    /profile=$standaloneProfile/subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default)
+    echo
+end-if
+if (result == expression "${jboss.server.config.dir}/themes") of /profile=$standaloneProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=dir)
+    echo Updating theme dir to default value
+    /profile=$standaloneProfile/subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes)
+    echo
+end-if
+
+set persistenceProvider=jpa
+
+# Migrate from 2.1.0 to 2.2.0
+if (result == update) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema)
+  echo Updating connectionsJpa default properties...
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema)
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=initializeEmpty,value=true)
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationStrategy,value=update)
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationExport,value=${jboss.home.dir}/keycloak-database-update.sql)
+  echo
+end-if
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource
+  echo Adding spi=userFederatedStorage...
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=userFederatedStorage/:add(default-provider=$persistenceProvider)
+  echo
+end-if
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=jta-lookup/:read-resource
+  echo Adding spi=jta-lookup...
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=jta-lookup/:add(default-provider=${keycloak.jta.lookup.provider:jboss})
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=jta-lookup/provider=jboss/:add(enabled=true)
+  echo
+end-if
+
+# Migrate from 2.2.0 to 2.2.1
+# NO CHANGES
+
+# Migrate from 2.2.1 to 2.3.0
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:read-resource
+  echo Adding local-cache=keys to keycloak cache container...
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+if (result == undefined) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:read-attribute(name=strategy,include-defaults=false)
+  echo Updating eviction and expiration in local-cache=keys...
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=max-entries,value=1000)
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=expiration/:write-attribute(name=max-idle,value=3600000)
+  echo
+end-if
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=publicKeyStorage/:read-resource
+  echo Adding spi=publicKeyStorage...
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=publicKeyStorage/:add
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=publicKeyStorage/provider=infinispan/:add(properties={minTimeBetweenRequests => "10"},enabled=true)
+  echo
+end-if
+
+# Migrate from 2.3.0 to 2.4.0
+# NO CHANGES
+
+# Migrate from 2.4.0 to 2.5.0
+if (result == NONE) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:read-attribute(name=strategy)
+  echo Adding eviction strategy to keycloak realms cache...
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=max-entries,value=10000)
+  echo
+end-if
+
+# Migrate from 2.5.0 to 2.5.1
+# NO CHANGES
+
+# Migrate 2.5.1 to 2.5.4
+if (result != REPEATABLE_READ) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
+  echo Changing ejb cache locking to REPEATABLE_READ
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
+  echo
+end-if
+
+if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
+   echo Removing Hibernate immutable-entity cache
+   /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
+end-if
+
+
+# Migrate from 2.5.4 to 3.0.0
+if (result == jpa) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
+   echo Removing default provider for eventsStore
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=realm/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=user/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for userFederatedStorage SPI
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=userFederatedStorage/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for authorizationPersister SPI
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=authorizationPersister/:remove
+   echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=userCache/:read-resource
+   echo Adding userCache SPI
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=userCache/:add
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=realmCache/:read-resource
+   echo Adding realmCache SPI
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=realmCache/:add
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
+   echo Adding 'default' as default provider for connectionsInfinispan
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
+   echo
+end-if
+
+# Migrate from 3.0.0 to 3.1.0
+# NO CHANGES
+
+# Migrate from 3.1.0 to 3.2.0
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:read-resource
+  echo Adding local-cache=authenticationSessions to keycloak cache container...
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:read-resource
+  echo Adding local-cache=actionTokens to keycloak cache container...
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:add(indexing=NONE,start=LAZY)
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
+  echo
+end-if
+
+if (result == 100L) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:read-attribute(name=max-entries)
+    echo Updating eviction in local-cache=authorization...
+    /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000)
+    echo
+end-if
+
+# Migrate from 3.2.0 to 3.2.1
+# NO CHANGES
+
+# Migrate from 3.2.1 to 3.3.0
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=core-management/:read-resource
+    try
+        echo Trying to add core-management extension
+        /extension=org.wildfly.extension.core-management/:add
+        echo
+    catch
+        echo Wasn't able to add core-management extension, it should be already added by migrate-domain-standalone.cli
+        echo
+    end-try
+    echo Adding subsystem core-management
+    /profile=$standaloneProfile/subsystem=core-management/:add
+    echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/:read-resource
+    try
+        echo Trying to add elytron extension
+        /extension=org.wildfly.extension.elytron/:add
+        echo
+    catch
+        echo Wasn't able to add elytron extension, it should be already added by migrate-domain-standalone.cli
+        echo
+    end-try
+    echo Adding subsystem elytron
+    /profile=$standaloneProfile/subsystem=elytron/:add
+    /profile=$standaloneProfile/subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron)
+    /profile=$standaloneProfile/subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl)
+    /profile=$standaloneProfile/subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl])
+    /profile=$standaloneProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON)
+    /profile=$standaloneProfile/subsystem=elytron/identity-realm=local/:add(identity="$local")
+    /profile=$standaloneProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir})
+    /profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
+    /profile=$standaloneProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
+    /profile=$standaloneProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
+    /profile=$standaloneProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
+    /profile=$standaloneProfile/subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}])
+    /profile=$standaloneProfile/subsystem=elytron/provider-http-server-mechanism-factory=global/:add
+    /profile=$standaloneProfile/subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}])
+    /profile=$standaloneProfile/subsystem=elytron/provider-sasl-server-factory=global/:add
+    /profile=$standaloneProfile/subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}])
+    /profile=$standaloneProfile/subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"})
+    /profile=$standaloneProfile/subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}])
+    /profile=$standaloneProfile/subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers)
+    /profile=$standaloneProfile/subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto])
+    echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
+    echo Adding channel-creation-options READ_TIMEOUT to ejb3 remote
+    /profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio)
+    echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:read-resource
+    echo Adding channel-creation-options MAX_OUTBOUND_MESSAGES to ejb3 remote
+    /profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting)
+    echo
+end-if
+
+if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=persistent:read-resource
+    echo Removing local-cache persistent from web cache-container
+    /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=persistent:remove
+    echo
+end-if
+
+if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent:read-resource
+    echo Removing local-cache persistent from ejb cache-container
+    /profile=$standaloneProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent:remove
+    echo
+end-if
+
+if (result == local-query) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/:read-attribute(name=default-cache)
+    echo Removing default-cache from hibernate cache-container
+    /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/:undefine-attribute(name=default-cache)
+    echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource
+    echo Adding http-invoker to default-host
+    /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm)
+    echo
+end-if
+
+if (result == false) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2)
+    echo Enabling http2 for default http-listener
+    /profile=$standaloneProfile/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true)
+    echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/https-listener=https/:read-resource
+    echo Adding https-listener
+    /profile=$standaloneProfile/subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true)
+    echo
+end-if
+
+if (result == 224.0.1.105) of /socket-binding-group=ha-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address)
+    echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address
+    /socket-binding-group=ha-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105})
+    echo
+end-if
+
+# Migrate from 3.3.0 to 3.4.0
+if (outcome == success) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
+  echo Removing X-Powered-By and Server headers from Keycloak responses...
+  /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove
+  /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove
+  /profile=$standaloneProfile/subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove
+  /profile=$standaloneProfile/subsystem=undertow/configuration=filter/response-header=server-header/:remove
+  echo
+end-if
+
+if (outcome == success) of /profile=$standaloneProfile/subsystem=jdr/:read-resource
+    echo Removing jdr subsystem and extension
+    /profile=$standaloneProfile/subsystem=jdr/:remove
+    echo
+    try
+        echo Trying to remove jdr extension
+        /extension=org.jboss.as.jdr/:remove
+        echo
+    catch
+        echo Wasn't able to remove jdr extension, it should be removed by migrate-domain-standalone.cli
+        echo
+    end-try
+end-if
+
+if (outcome == success) of /profile=$standaloneProfile/subsystem=jsf/:read-resource
+    echo Removing jsf subsystem and extension
+    /profile=$standaloneProfile/subsystem=jsf/:remove
+    echo
+    try
+        echo Trying to remove jsf extension
+        /extension=org.jboss.as.jsf/:remove
+        echo
+    catch
+        echo Wasn't able to remove jsf extension, Should be removed by migrate-domain-standalone.cli
+        echo
+    end-try
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=clientSessions/:read-resource
+  echo Adding local-cache=clientSessions to keycloak cache container...
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=clientSessions/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=offlineClientSessions/:read-resource
+  echo Adding local-cache=offlineClientSessions to keycloak cache container...
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=offlineClientSessions/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=x509cert-lookup/:read-resource
+  echo Adding spi=x509cert-lookup...
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=x509cert-lookup/:add(default-provider=${keycloak.x509cert.lookup.provider:default})
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=x509cert-lookup/provider=default/:add(enabled=true)
+  echo
+end-if
+
+# Migrate from 4.2.0 to 4.3.0
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/:read-resource
+  echo Adding spi=hostname...
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/:add(default-provider=request)
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/provider=fixed/:add(properties={hostname => "localhost",httpPort => "-1",httpsPort => "-1"},enabled=true)
+  echo
+end-if
+
+# Migrate from 4.3.0 to 4.4.0
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/permission-set=login-permission/:read-resource
+  echo Adding permission-set=login-permission to elytron
+  /profile=$standaloneProfile/subsystem=elytron/permission-set=login-permission:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}])
+  /profile=$standaloneProfile/subsystem=elytron/permission-set=default-permissions/:add(permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
+  /profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:undefine-attribute(name=permission-mappings)
+  /profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper:write-attribute(name=permission-mappings,value=[{permission-sets=[{permission-set=login-permission},{permission-set=default-permissions}],match-all=true},{permission-sets=[{permission-set=default-permissions}],principals=[anonymous]}])
+  echo
+end-if
+
+if (result == org.hibernate.infinispan) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate:read-attribute(name=module)
+  echo Update hibernate cache module
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate:write-attribute(name=module, value=org.infinispan.hibernate-cache)
+  echo
+end-if
+if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:read-resource
+  echo Removing eviction from hibernate entity cache and replacing with object-memory
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:remove
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:read-resource
+  echo Removing eviction from hibernate local-query cache and replacing with object-memory
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:remove
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak realms cache and replacing with object-memory
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:remove
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak users cache and replacing with object-memory
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:remove
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak authorization cache and replacing with object-memory
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:remove
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak keys cache and replacing with object-memory
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:remove
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/memory=object:add(size=1000)
+  echo
+end-if
+
+if (outcome == success) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:read-resource
+  echo Changing JNDI reference in connectionsInfinispan SPI
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:undefine-attribute(name=properties)
+  /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:write-attribute(name=properties,value={cacheContainer=java:jboss/infinispan/container/keycloak})
+  echo
+end-if
+
+# Migrate from 4.5.0 to 4.6.0
+if (outcome == success) of /profile=$standaloneProfile/subsystem=elytron/http-authentication-factory=application-http-authentication/:read-resource
+    echo Removing application-http-authentication from elytron subsystem
+    /profile=$standaloneProfile/subsystem=elytron/http-authentication-factory=application-http-authentication:remove
+    echo
+end-if
+
+if (result == undefined) of /profile=$standaloneProfile/subsystem=transactions/:read-attribute(name=node-identifier,include-defaults=false)
+    echo Setting node-identifier attribute of core-environment element in transactions subsystem
+    /profile=$standaloneProfile/subsystem=transactions/:write-attribute(name=node-identifier,value=expression "${jboss.tx.node.id:1}")
+    echo
+end-if
+
+if (outcome == success) of /profile=$standaloneProfile/subsystem=jgroups/stack=udp/transport=UDP/property=port_range:read-attribute(name=value)
+    try
+        /profile=$standaloneProfile/subsystem=jgroups/stack=udp/transport=UDP/property=port_range:remove
+        echo Remove port_range property from UDP transport type of udp stack
+    catch
+        echo
+    end-try
+end-if
+
+if (outcome == success) of /profile=$standaloneProfile/subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:read-attribute(name=value)
+    try
+        /profile=$standaloneProfile/subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:remove
+        echo Remove port_range property from TCP transport type of tcp stack
+    catch
+        echo
+    end-try
+end-if
+
+# Migrate from 4.8.3 to 5.0.0
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=logging/logger=io.jaegertracing.Configuration/:read-resource
+    echo Adding io.jaegertracing.Configuration logger
+    /profile=$standaloneProfile/subsystem=logging/logger=io.jaegertracing.Configuration/:add(category=io.jaegertracing.Configuration,level=WARN)
+    echo
+end-if
+
+# Migrate from 5.0.0 to 6.0.0
+if (result == NON_XA) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:read-attribute(name=mode)
+    echo Removing NON_XA transaction mode from infinispan/hibernate/entity
+    /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:undefine-attribute(name=mode)
+    echo
+end-if
+
+if (result == false) of /profile=$standaloneProfile/subsystem=datasources/data-source=ExampleDS/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to ExampleDS datasource
+    /profile=$standaloneProfile/subsystem=datasources/data-source=ExampleDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /profile=$standaloneProfile/subsystem=datasources/data-source=KeycloakDS/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to KeycloakDS datasource
+    /profile=$standaloneProfile/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /profile=$standaloneProfile/subsystem=ejb3/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to ejb3 subsystem
+    /profile=$standaloneProfile/subsystem=ejb3/:write-attribute(name=statistics-enabled,value=${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /profile=$standaloneProfile/subsystem=transactions/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to transactions subsystem
+    /profile=$standaloneProfile/subsystem=transactions/:write-attribute(name=statistics-enabled,value=${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /profile=$standaloneProfile/subsystem=undertow/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to undertow subsystem
+    /profile=$standaloneProfile/subsystem=undertow/:write-attribute(name=statistics-enabled,value=${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /profile=$standaloneProfile/subsystem=webservices/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to webservices subsystem
+    /profile=$standaloneProfile/subsystem=webservices/:write-attribute(name=statistics-enabled,value=${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+# Migrate from 6.0.1 to 7.0.0
+if (outcome == success) of /profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
+    echo Removing READ_TIMEOUT option from remote service from ejb3 subsystem
+    /profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:remove
+    echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=routing:read-resource
+    echo Adding local cache routing to web cache container to infinispan subsystem
+    /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=routing/:add
+    echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=sso:read-resource
+    echo Adding local cache sso to web cache container to infinispan subsystem
+    /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=sso/:add
+    /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=sso/component=locking/:add(isolation=REPEATABLE_READ)
+    /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=sso/component=transaction/:add(mode=BATCH)
+    echo
+end-if
+
+if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
+    echo Disabling Truststore Provider
+    /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
+    echo Removing deprecated option
+    /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
+    echo
+end-if
+
+# Migrate from 7.0.0 to 8.0.0
+
+if ((result.time == 100L) && (result.unit == MILLISECONDS)) of /profile=$standaloneProfile/subsystem=ejb3/thread-pool=default:read-attribute(name=keepalive-time)
+    echo Changing thread pool keepalive of ejb3 subsystem
+    /profile=$standaloneProfile/subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.time, value=60)
+    /profile=$standaloneProfile/subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.unit,value=SECONDS)
+    echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/provider=default/:read-resource
+    echo Adding default hostname provider
+    /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/provider=default/:add(properties={frontendUrl => "${keycloak.frontendUrl:}",forceBackendUrlToFrontendUrl => "false"},enabled=true)
+end-if
+
+if (result == request) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
+    echo Switching from request to default hostname provider
+
+    /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/:write-attribute(name=default-provider,value=default)
+end-if
+
+if (result != fixed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
+    try
+        /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/provider=fixed:remove
+        echo Removed config for unused fixed hostname provider
+    catch
+    end-try
+end-if
+
+# Migrate from 10.0.2 to 11.0.0 (migration changes for infinispan update from 9.4.18.Final to 10.1.8.Final)
+
+if (result != org.keycloak.keycloak-model-infinispan) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak:read-attribute(name=module)
+    echo Setting class loader for keycloak cache-container so JBoss Marshalling works properly with Infinispan 10.x
+    /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak:write-attribute(name=module,value=org.keycloak.keycloak-model-infinispan)
+    echo
+end-if
+
+# Migrate from 12.0.0 to 13.0.0
+
+## Add ability to make use of automatically generated self-signed certificate with Elytron,
+## introduced by WFCORE-5095 in Wildfly Core 14.0.0.Final
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/key-store=applicationKS:read-resource
+    echo Adding key store for the feature of auto-generation of self-signed certificate to Elytron subsystem...
+    /profile=$standaloneProfile/subsystem=elytron/key-store=applicationKS:add(credential-reference={clear-text=password},type=JKS)
+    /profile=$standaloneProfile/subsystem=elytron/key-store=applicationKS:write-attribute(name=path,value=application.keystore)
+    /profile=$standaloneProfile/subsystem=elytron/key-store=applicationKS:write-attribute(name=relative-to,value=jboss.domain.config.dir)
+    echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/key-manager=applicationKM:read-resource
+    echo Adding key manager for the feature of auto-generation of self-signed certificate to Elytron subsystem...
+    /profile=$standaloneProfile/subsystem=elytron/key-manager=applicationKM:add(key-store=applicationKS, credential-reference={clear-text=password})
+    /profile=$standaloneProfile/subsystem=elytron/key-manager=applicationKM:write-attribute(name=generate-self-signed-certificate-host,value=localhost)
+    echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/server-ssl-context=applicationSSC:read-resource
+    echo Adding SSL context for the feature of auto-generation of self-signed certificate to Elytron subsystem...
+    /profile=$standaloneProfile/subsystem=elytron/server-ssl-context=applicationSSC:add(key-manager=applicationKM)
+    echo
+end-if
+
+## Convert type of 'hung-task-termination-period' attribute for 'managed-executor-service' from INT to LONG
+if (result == 0) of /profile=$standaloneProfile/subsystem=ee/managed-executor-service=default:read-attribute(name=hung-task-termination-period)
+    echo Setting period for automatic termination of hung tasks for managed executor service to default value (0 miliseconds)
+    /profile=$standaloneProfile/subsystem=ee/managed-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
+    echo
+end-if
+
+## Convert type of 'hung-task-termination-period' attribute for 'managed-scheduled-executor-service' from INT to LONG
+if (result == 0) of /profile=$standaloneProfile/subsystem=ee/managed-scheduled-executor-service=default:read-attribute(name=hung-task-termination-period)
+    echo Setting period for automatic termination of hung tasks for managed scheduled executor service to default value (0 miliseconds)
+    /profile=$standaloneProfile/subsystem=ee/managed-scheduled-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
+    echo
+end-if
+
+## Set value of JPA default-datasource from empty string to 'undefined'
+if (outcome == success) && (result == "") of /profile=$standaloneProfile/subsystem=jpa:read-attribute(name=default-datasource)
+    echo Setting value of to default-datasource attribute in JPA subsystem to 'undefined'
+    /profile=$standaloneProfile/subsystem=jpa:undefine-attribute(name=default-datasource)
+    echo
+end-if
+
+echo *** End Migration of /profile=$standaloneProfile ***
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-standalone-ha.cli b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-standalone-ha.cli
new file mode 100644
index 0000000000..ed1bae1735
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-standalone-ha.cli
@@ -0,0 +1,891 @@
+echo
+echo *** WARNING ***
+echo
+echo ** If the following embed-server command fails, manual intervention is needed.
+echo ** In such case, remove any <extension> and <subsystem> declarations referring
+echo ** to the removed smallrye modules from the standalone-ha.xml file and rerun this script.
+echo ** For details, see Migration Changes section in the Upgrading guide.
+echo ** We apologize for this inconvenience.
+echo
+
+embed-server --server-config=standalone-ha.xml
+
+echo *** Begin Migration ***
+echo
+
+# Migrate from 1.8.1 to 1.9.1
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:read-resource
+  echo Adding replicated-cache=work to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:add(mode=SYNC)
+  echo
+end-if
+# realmVersions cache deprecated in 2.1.0
+#if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
+#  echo Adding local-cache=realmVersions to keycloak cache container...
+#  /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:add(indexing=NONE,start=LAZY)
+#  /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/component=transaction/:write-attribute(name=mode,value=BATCH)
+#  echo
+#end-if
+
+# Migrate from 1.9.1 to 1.9.2
+if (result == NONE) of /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:read-attribute(name=strategy)
+  echo Adding eviction strategy to keycloak users cache container...
+  /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
+  echo
+end-if
+
+# Migrate from 1.9.2 to 2.0.0
+# NO CHANGES
+
+# Migrate from 2.0.0 to 2.1.0
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
+  echo Removing deprecated cache 'realmVersions'
+  /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:remove
+  echo
+end-if
+
+# Migrate kecloak-server.json (deprecated in 2.2.0)
+if (result == []) of /subsystem=keycloak-server/:read-children-names(child-type=spi)
+  echo Migrating keycloak-server.json to server cofig xml...
+  /subsystem=keycloak-server/:migrate-json
+  echo
+end-if
+
+set persistenceProvider=jpa
+if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /subsystem=keycloak-server/:read-attribute(name=providers)
+    echo Updating provider to default value
+    /subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*])
+    echo
+end-if
+if (result == keycloak) of /subsystem=keycloak-server/theme=defaults:read-attribute(name=default)
+    echo Undefining default theme...
+    /subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default)
+    echo
+end-if
+if (result == expression "${jboss.server.config.dir}/themes") of /subsystem=keycloak-server/theme=defaults:read-attribute(name=dir)
+    echo Updating theme dir to default value
+    /subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes)
+    echo
+end-if
+
+# Migrate from 2.1.0 to 2.2.0
+if (outcome == failed) of /extension=org.jboss.as.deployment-scanner/:read-resource
+  echo Adding deployment-scanner extension...
+  /extension=org.jboss.as.deployment-scanner/:add(module=org.jboss.as.deployment-scanner)
+  echo
+end-if
+if (outcome == failed) of /subsystem=deployment-scanner/:read-resource
+  echo Adding deployment-scanner...
+  /subsystem=deployment-scanner/:add
+  echo
+end-if
+if (outcome == failed) of /subsystem=deployment-scanner/scanner=default/:read-resource
+  echo Adding scanner=default
+  /subsystem=deployment-scanner/scanner=default/:add(path=deployments,relative-to=jboss.server.base.dir,runtime-failure-causes-rollback=${jboss.deployment.scanner.rollback.on.failure:false},scan-interval=5000)
+  echo
+end-if
+
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource
+    # In migration from 3.0.0 to 3.2.0 there is authorization distributed-cache replaced with local-cache
+    try
+        echo
+        /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:add(mode=SYNC,owners=1)
+        echo Added distributed-cache=authorization
+    catch
+    end-try
+end-if
+
+if (result == update) of /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema)
+  echo Updating connectionsJpa default properties...
+  /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema)
+  /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=initializeEmpty,value=true)
+  /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationStrategy,value=update)
+  /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationExport,value=${jboss.home.dir}/keycloak-database-update.sql)
+  echo
+end-if
+if (outcome == failed) of /subsystem=keycloak-server/spi=userFederatedStorage/:read-resource
+  echo Adding spi=userFederatedStorage...
+  /subsystem=keycloak-server/spi=userFederatedStorage/:add(default-provider=$persistenceProvider)
+  echo
+end-if
+if (outcome == failed) of /subsystem=keycloak-server/spi=jta-lookup/:read-resource
+  echo Adding spi=jta-lookup...
+  /subsystem=keycloak-server/spi=jta-lookup/:add(default-provider=${keycloak.jta.lookup.provider:jboss})
+  /subsystem=keycloak-server/spi=jta-lookup/provider=jboss/:add(enabled=true)
+  echo
+end-if
+
+# Migrate from 2.2.0 to 2.2.1
+# NO CHANGES
+
+# Migrate from 2.2.1 to 2.3.0
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/:read-resource
+  echo Adding local-cache=keys to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=keys/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:read-attribute(name=strategy,include-defaults=false)
+  echo Updating eviction and expiration in local-cache=keys...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=max-entries,value=1000)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=expiration/:write-attribute(name=max-idle,value=3600000)
+  echo
+end-if
+if (outcome == failed) of /subsystem=keycloak-server/spi=publicKeyStorage/:read-resource
+  echo Adding spi=publicKeyStorage...
+  /subsystem=keycloak-server/spi=publicKeyStorage/:add
+  /subsystem=keycloak-server/spi=publicKeyStorage/provider=infinispan/:add(properties={minTimeBetweenRequests => "10"},enabled=true)
+  echo
+end-if
+
+# Migrate from 2.3.0 to 2.4.0
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:read-resource
+  echo Replacing invalidation-cache=users with local-cache=users
+  /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:remove
+  /subsystem=infinispan/cache-container=keycloak/local-cache=users/:add
+  echo
+end-if
+if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:read-attribute(name=strategy,include-defaults=false)
+  echo Updating eviction in local-cache=users
+  /subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
+  echo
+end-if
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:read-resource
+  echo Replacing invalidation-cache=realms with local-cache=realms
+  /subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:remove
+  /subsystem=infinispan/cache-container=keycloak/local-cache=realms/:add
+  echo
+end-if
+
+
+# Migrate from 2.4.0 to 2.5.0
+if (result == NONE) of /subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:read-attribute(name=strategy)
+  echo Adding eviction strategy to keycloak realms cache...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=max-entries,value=10000)
+  echo
+end-if
+
+# Migrate from 2.5.0 to 2.5.1
+# NO CHANGES
+
+# Migrate 2.5.1 to 2.5.4
+if (result != REPEATABLE_READ) of /subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
+  echo Changing ejb cache locking to REPEATABLE_READ
+  /subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
+  echo
+end-if
+
+if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
+   echo Removing Hibernate immutable-entity cache
+   /subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
+end-if
+
+
+# Migrate from 2.5.4 to 3.0.0
+if (result == jpa) of /subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
+   echo Removing default provider for eventsStore
+   /subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /subsystem=keycloak-server/spi=realm/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /subsystem=keycloak-server/spi=user/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for userFederatedStorage SPI
+   /subsystem=keycloak-server/spi=userFederatedStorage/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for authorizationPersister SPI
+   /subsystem=keycloak-server/spi=authorizationPersister/:remove
+   echo
+end-if
+
+if (outcome == failed) of /subsystem=keycloak-server/spi=userCache/:read-resource
+   echo Adding userCache SPI
+   /subsystem=keycloak-server/spi=userCache/:add
+   /subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if (outcome == failed) of /subsystem=keycloak-server/spi=realmCache/:read-resource
+   echo Adding realmCache SPI
+   /subsystem=keycloak-server/spi=realmCache/:add
+   /subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
+   echo Adding 'default' as default provider for connectionsInfinispan
+   /subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
+   echo
+end-if
+
+# Migrate from 3.0.0 to 3.2.0
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:read-resource
+  echo Adding distributed-cache=authenticationSessions to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:add(mode=SYNC,owners=1)
+  echo
+end-if
+
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:read-resource
+  echo Adding distributed-cache=actionTokens to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:add(indexing=NONE,mode=SYNC,owners=2)
+  /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
+  /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
+  /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
+  /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
+  echo
+end-if
+
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource
+  echo Replacing distributed-cache=authorization with local-cache=authorization
+  /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:remove
+  /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add
+  /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000)
+  echo
+end-if
+
+# Migrate from 3.2.0 to 3.2.1
+# NO CHANGES
+
+# Migrate from 3.2.1 to 3.3.0
+if (outcome == failed) of /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:read-resource
+    echo Adding keystore to ApplicationRealm...
+    /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:add(keystore-path=application.keystore,keystore-relative-to=jboss.server.config.dir,keystore-password=password,alias=server,key-password=password,generate-self-signed-certificate-host=localhost)
+    echo
+end-if
+
+if (outcome == failed) of /extension=org.wildfly.extension.elytron/:read-resource
+    echo Adding elytron extension...
+    /extension=org.wildfly.extension.elytron/:add(module=org.wildfly.extension.elytron)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=elytron/:read-resource
+    echo Adding elytron subsystem
+    /subsystem=elytron:add
+    /subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron)
+    /subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl)
+    /subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl])
+    /subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON)
+    /subsystem=elytron/identity-realm=local/:add(identity="$local")
+    /subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir})
+    /subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir})
+    /subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
+    /subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
+    /subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
+    /subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
+    /subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}])
+    /subsystem=elytron/security-domain=ManagementDomain/:add(default-realm=ManagementRealm,permission-mapper=default-permission-mapper,realms=[{realm=ManagementRealm,role-decoder=groups-to-roles},{realm=local,role-mapper=super-user-mapper}])
+    /subsystem=elytron/provider-http-server-mechanism-factory=global/:add
+    /subsystem=elytron/http-authentication-factory=management-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=DIGEST,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}])
+    /subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}])
+    /subsystem=elytron/provider-sasl-server-factory=global/:add
+    /subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}])
+    /subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"})
+    /subsystem=elytron/sasl-authentication-factory=management-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}])
+    /subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}])
+    /subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers)
+    /subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto])
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
+    echo Adding channel-creation-options READ_TIMEOUT to ejb3 remote
+    /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:read-resource
+    echo Adding channel-creation-options MAX_OUTBOUND_MESSAGES to ejb3 remote
+    /subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting)
+    echo
+end-if
+
+if (result == ASYNC) of /subsystem=infinispan/cache-container=web/distributed-cache=dist:read-attribute(name=mode)
+    echo Setting SYNC mode for web cache-container
+    /subsystem=infinispan/cache-container=web/distributed-cache=dist:write-attribute(name=mode,value=SYNC)
+    echo
+end-if
+
+if (result == ASYNC) of /subsystem=infinispan/cache-container=ejb/distributed-cache=dist:read-attribute(name=mode)
+    echo Setting SYNC mode for ejb cache-container
+    /subsystem=infinispan/cache-container=ejb/distributed-cache=dist:write-attribute(name=mode,value=SYNC)
+    echo
+end-if
+
+if (result == undefined) of /subsystem=jgroups/channel=ee/:read-attribute(name=cluster)
+    echo Setting cluster attribute to ejb in jgroups subsystem
+    /subsystem=jgroups/channel=ee/:write-attribute(name=cluster,value=ejb)
+    echo
+end-if
+
+if (result != undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
+    echo Unsetting socket-binding from udp FD_SOCK protocol
+    # it has to be done via remove and add, because socket-binding is not writable attribute
+    /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:remove
+    /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:add
+    echo
+end-if
+
+if (outcome == success) of /subsystem=jgroups/stack=tcp/protocol=FD/:read-resource
+    echo Replacing tcp FD protocol with FD_ALL
+    /subsystem=jgroups/stack=tcp/protocol=FD/:remove
+    /subsystem=jgroups/stack=tcp/protocol=FD_ALL/:add
+    echo
+end-if
+
+if (result != undefined) of /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
+    echo Unsetting socket-binding from tcp FD_SOCK protocol
+    # it has to be done via remove and add, because socket-binding is not writable attribute
+    /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:remove
+    /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:add
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource
+    echo Adding http-invoker to default-host
+    /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm)
+    echo
+end-if
+
+if (result == false) of /subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2)
+    echo Enabling http2 for default http-listener
+    /subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=undertow/server=default-server/https-listener=https/:read-resource
+    echo Adding https-listener
+    /subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true)
+    echo
+end-if
+
+if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:read-resource
+    echo Removing socket-binding jgroups-tcp-fd
+    /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:remove
+    echo
+end-if
+
+if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:read-resource
+    echo Removing socket-binding jgroups-udp-fd
+    /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:remove
+    echo
+end-if
+
+if (result == 224.0.1.105) of /socket-binding-group=standard-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address)
+    echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address
+    /socket-binding-group=standard-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105})
+    echo
+end-if
+
+# Migrate from 3.3.0 to 3.4.0
+if (outcome == success) of /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
+  echo Removing X-Powered-By and Server headers from Keycloak responses...
+  /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove
+  /subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove
+  /subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove
+  /subsystem=undertow/configuration=filter/response-header=server-header/:remove
+  echo
+end-if
+
+if (outcome == success) of /subsystem=jdr/:read-resource
+    echo Removing jdr subsystem and extension
+    /subsystem=jdr/:remove
+    /extension=org.jboss.as.jdr/:remove
+    echo
+end-if
+
+if (outcome == success) of /subsystem=jsf/:read-resource
+    echo Removing jsf subsystem and extension
+    /subsystem=jsf/:remove
+    /extension=org.jboss.as.jsf/:remove
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/:read-resource
+  echo Adding distributed-cache=clientSessions to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/:add(mode=SYNC,owners=1)
+  echo
+end-if
+
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/:read-resource
+  echo Adding distributed-cache=offlineClientSessions to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/:add(mode=SYNC,owners=1)
+  echo
+end-if
+
+if (outcome == failed) of /subsystem=keycloak-server/spi=x509cert-lookup/:read-resource
+  echo Adding spi=x509cert-lookup...
+  /subsystem=keycloak-server/spi=x509cert-lookup/:add(default-provider=${keycloak.x509cert.lookup.provider:default})
+  /subsystem=keycloak-server/spi=x509cert-lookup/provider=default/:add(enabled=true)
+  echo
+end-if
+
+# Migrate from 4.2.0 to 4.3.0
+if (outcome == failed) of /subsystem=keycloak-server/spi=hostname/:read-resource
+  echo Adding spi=hostname...
+  /subsystem=keycloak-server/spi=hostname/:add(default-provider=request)
+  /subsystem=keycloak-server/spi=hostname/provider=fixed/:add(properties={hostname => "localhost",httpPort => "-1",httpsPort => "-1"},enabled=true)
+  echo
+end-if
+
+# Migrate from 4.3.0 to 4.4.0
+if (outcome == failed) of /subsystem=elytron/permission-set=login-permission/:read-resource
+  echo Adding permission-set=login-permission to elytron
+  /subsystem=elytron/permission-set=login-permission:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}])
+  /subsystem=elytron/permission-set=default-permissions/:add(permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
+  /subsystem=elytron/simple-permission-mapper=default-permission-mapper/:undefine-attribute(name=permission-mappings)
+  /subsystem=elytron/simple-permission-mapper=default-permission-mapper:write-attribute(name=permission-mappings,value=[{permission-sets=[{permission-set=login-permission},{permission-set=default-permissions}],match-all=true},{permission-sets=[{permission-set=default-permissions}],principals=[anonymous]}])
+  echo
+end-if
+
+
+if (result == org.hibernate.infinispan) of /subsystem=infinispan/cache-container=hibernate:read-attribute(name=module)
+  echo Update hibernate cache module
+  /subsystem=infinispan/cache-container=hibernate:write-attribute(name=module, value=org.infinispan.hibernate-cache)
+  echo
+end-if
+if (outcome == success) of /subsystem=infinispan/cache-container=hibernate:read-attribute(name=default-cache)
+  echo Remove default cache from hibernate cache
+  /subsystem=infinispan/cache-container=hibernate:undefine-attribute(name=default-cache)
+  echo
+end-if
+if (result == ASYNC) of /subsystem=infinispan/cache-container=hibernate/replicated-cache=timestamps:read-attribute(name=mode)
+  echo Switching mode for timestamps cache from ASYNC to SYNC
+  /subsystem=infinispan/cache-container=hibernate/replicated-cache=timestamps:write-attribute(name=mode, value=SYNC)
+  echo
+end-if
+
+if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:read-resource
+  echo Removing eviction from hibernate entity cache and replacing with object-memory
+  /subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:remove
+  /subsystem=infinispan/cache-container=hibernate/local-cache=entity/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/distributed-cache=local-query/eviction=EVICTION:read-resource
+  echo Removing eviction from hibernate local-query cache and replacing with object-memory
+  /subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:remove
+  /subsystem=infinispan/cache-container=hibernate/local-cache=local-query/memory=object:add(size=10000)
+  echo
+end-if
+
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak realms cache and replacing with object-memory
+  /subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:remove
+  /subsystem=infinispan/cache-container=keycloak/local-cache=realms/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak users cache and replacing with object-memory
+  /subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:remove
+  /subsystem=infinispan/cache-container=keycloak/local-cache=users/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak authorization cache and replacing with object-memory
+  /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:remove
+  /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak keys cache and replacing with object-memory
+  /subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:remove
+  /subsystem=infinispan/cache-container=keycloak/local-cache=keys/memory=object:add(size=1000)
+  echo
+end-if
+
+if (outcome == success) of /subsystem=jgroups/stack=tcp/protocol=FRAG2:read-resource
+  echo Upgrade jgroups protocol from FRAG2 to FRAG3 for tcp stack
+  /subsystem=jgroups/stack=tcp/protocol=FRAG2:remove
+  /subsystem=jgroups/stack=tcp/protocol=FRAG3:add()
+  echo
+end-if
+if (outcome == success) of /subsystem=jgroups/stack=udp/protocol=FRAG2:read-resource
+  echo Upgrade jgroups protocol from FRAG2 to FRAG3 for udp stack
+  /subsystem=jgroups/stack=udp/protocol=FRAG2:remove
+  /subsystem=jgroups/stack=udp/protocol=FRAG3:add()
+  echo
+end-if
+if (outcome == success) of /subsystem=remoting/configuration=endpoint:read-resource
+  echo Remove endpoint from remoting configuration
+  /subsystem=remoting/configuration=endpoint:remove
+  echo
+end-if
+if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-mping:read-attribute(name=port)
+  /socket-binding-group=standard-sockets/socket-binding=jgroups-mping:undefine-attribute(name=port)
+end-if
+if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=modcluster:read-attribute(name=port)
+  /socket-binding-group=standard-sockets/socket-binding=modcluster:undefine-attribute(name=port)
+end-if
+
+if (outcome == success) of /subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:read-resource
+  echo Changing JNDI reference in connectionsInfinispan SPI
+  /subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:undefine-attribute(name=properties)
+  /subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:write-attribute(name=properties,value={cacheContainer=java:jboss/infinispan/container/keycloak})
+  echo
+end-if
+
+# Migrate from 4.4.0 to 4.5.0
+if (outcome == failed) of /subsystem=core-management/:read-resource
+    echo Adding core-management extension
+    /extension=org.wildfly.extension.core-management/:add
+    echo Adding subsystem core-management
+    /subsystem=core-management/:add
+    echo
+end-if
+
+# Migrate from 4.5.0 to 4.6.0
+if (outcome == success) of /subsystem=elytron/http-authentication-factory=application-http-authentication/:read-resource
+    echo Removing application-http-authentication from elytron subsystem
+    /subsystem=elytron/http-authentication-factory=application-http-authentication:remove
+    echo
+end-if
+
+if (result == undefined) of /subsystem=transactions/:read-attribute(name=node-identifier,include-defaults=false)
+    echo Setting node-identifier attribute of core-environment element in transactions subsystem
+    /subsystem=transactions/:write-attribute(name=node-identifier,value=expression "${jboss.tx.node.id:1}")
+    echo
+end-if
+
+if (outcome == success) of /subsystem=jgroups/stack=udp/transport=UDP/property=port_range:read-attribute(name=value)
+    try
+        /subsystem=jgroups/stack=udp/transport=UDP/property=port_range:remove
+        echo Remove port_range property from UDP transport type of udp stack
+    catch
+        echo
+    end-try
+end-if
+
+if (outcome == success) of /subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:read-attribute(name=value)
+    try
+        /subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:remove
+        echo Remove port_range property from TCP transport type of tcp stack
+    catch
+        echo
+    end-try
+end-if
+
+# Migrate from 4.8.3 to 5.0.0
+if (outcome == failed) of /subsystem=logging/logger=io.jaegertracing.Configuration/:read-resource
+    echo Adding io.jaegertracing.Configuration logger
+    /subsystem=logging/logger=io.jaegertracing.Configuration/:add(category=io.jaegertracing.Configuration,level=WARN)
+    echo
+end-if
+
+# Migrate from 5.0.0 to 6.0.0
+if (result == NON_XA) of /subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:read-attribute(name=mode)
+    echo Removing NON_XA transaction mode from infinispan/hibernate/entity
+    /subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:undefine-attribute(name=mode)
+    echo
+end-if
+
+if (result == false) of /subsystem=datasources/data-source=ExampleDS/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to ExampleDS datasource
+    /subsystem=datasources/data-source=ExampleDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /subsystem=datasources/data-source=KeycloakDS/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to KeycloakDS datasource
+    /subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /subsystem=ejb3/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to ejb3 subsystem
+    /subsystem=ejb3/:write-attribute(name=statistics-enabled,value=${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /subsystem=transactions/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to transactions subsystem
+    /subsystem=transactions/:write-attribute(name=statistics-enabled,value=${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /subsystem=undertow/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to undertow subsystem
+    /subsystem=undertow/:write-attribute(name=statistics-enabled,value=${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /subsystem=webservices/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to webservices subsystem
+    /subsystem=webservices/:write-attribute(name=statistics-enabled,value=${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (outcome == failed) of /extension=org.jboss.as.weld/:read-resource
+    echo Adding weld extension
+    /extension=org.jboss.as.weld/:add
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=weld/:read-resource
+    echo Adding weld subsystem
+    /subsystem=weld/:add
+    echo
+end-if
+
+## KEYCLOAK-16723 / KEYCLOAK-16907:
+##
+## Loading of MicroProfile SmallRye config, health, and metrics extensions & subsystems got removed
+## as part of upgrading to Wildfly 22. See [WFLY-14203], [WFLY-14151], and [WFLY-14108] for details
+
+# Migrate from 6.0.1 to 7.0.0
+if (outcome == success) of /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
+    echo Removing READ_TIMEOUT option from remote service from ejb3 subsystem
+    /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:remove
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=infinispan/cache-container=web/distributed-cache=routing:read-resource
+    echo Adding distributed cache routing to web cache container to infinispan subsystem
+    /subsystem=infinispan/cache-container=web/distributed-cache=routing/:add
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=infinispan/cache-container=web/replicated-cache=sso:read-resource
+    echo Adding replicated cache sso to web cache container to infinispan subsystem
+    /subsystem=infinispan/cache-container=web/replicated-cache=sso/:add
+    /subsystem=infinispan/cache-container=web/replicated-cache=sso/component=locking/:add(isolation=REPEATABLE_READ)
+    /subsystem=infinispan/cache-container=web/replicated-cache=sso/component=transaction/:add(mode=BATCH)
+    echo
+end-if
+
+if (outcome == failed) of /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:read-resource
+    echo Adding jgroups-tcp-fd socket binding to socket binding group
+    /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:add(interface=private,port=57600)
+    echo
+end-if
+
+if (outcome == failed) of /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:read-resource
+    echo Adding jgroups-udp-fd socket binding to socket binding group
+    /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:add(interface=private,port=54200)
+    echo
+end-if
+
+if (result == undefined) of /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
+    echo Adding socket-binding for FD_SOCK protocol for tcp stack in jgroups subsystem
+    /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:write-attribute(name=socket-binding,value=jgroups-tcp-fd)
+    echo
+end-if
+
+if (result == undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
+    echo Adding socket-binding for FD_SOCK protocol for udp stack in jgroups subsystem
+    /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:write-attribute(name=socket-binding,value=jgroups-udp-fd)
+    echo
+end-if
+
+if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
+    echo Disabling Truststore Provider
+    /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
+    echo Removing deprecated option
+    /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
+    echo
+end-if
+
+# Migrate from 7.0.0 to 8.0.0
+
+if ((result.time == 100L) && (result.unit == MILLISECONDS)) of /subsystem=ejb3/thread-pool=default:read-attribute(name=keepalive-time)
+    echo Changing thread pool keepalive of ejb3 subsystem
+    /subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.time, value=60)
+    /subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.unit,value=SECONDS)
+    echo
+end-if
+
+if (result == UP) of /subsystem=microprofile-health-smallrye:read-attribute(name=empty-liveness-checks-status)
+    echo Adding empty-liveness-checks-status attribute to microprofile-health-smallrye subsystem
+    /subsystem=microprofile-health-smallrye:write-attribute(name=empty-liveness-checks-status, value=${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP})
+    echo
+end-if
+
+if (result == UP) of /subsystem=microprofile-health-smallrye:read-attribute(name=empty-readiness-checks-status)
+    echo Adding empty-readiness-checks-status attribute to microprofile-health-smallrye subsystem
+    /subsystem=microprofile-health-smallrye:write-attribute(name=empty-readiness-checks-status, value=${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP})
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=keycloak-server/spi=hostname/provider=default/:read-resource
+    echo Adding default hostname provider
+    /subsystem=keycloak-server/spi=hostname/provider=default/:add(properties={frontendUrl => "${keycloak.frontendUrl:}",forceBackendUrlToFrontendUrl => "false"},enabled=true)
+end-if
+
+if (result == request) of /subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
+    echo Switching from request to default hostname provider
+
+    /subsystem=keycloak-server/spi=hostname/:write-attribute(name=default-provider,value=default)
+end-if
+
+if (result != fixed) of /subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
+    try
+        /subsystem=keycloak-server/spi=hostname/provider=fixed:remove
+        echo Removed config for unused fixed hostname provider
+    catch
+    end-try
+end-if
+
+# Migrate from 10.0.2 to 11.0.0 (migration changes for infinispan update from 9.4.18.Final to 10.1.8.Final)
+
+if (result != org.keycloak.keycloak-model-infinispan) of /subsystem=infinispan/cache-container=keycloak:read-attribute(name=module)
+    echo Setting class loader for keycloak cache-container so JBoss Marshalling works properly with Infinispan 10.x
+    /subsystem=infinispan/cache-container=keycloak:write-attribute(name=module,value=org.keycloak.keycloak-model-infinispan)
+    echo
+end-if
+
+# Migrate from 11.0.0 to 12.0.0
+
+if (result != expression "${jboss.mail.server.host:localhost}") of /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:read-attribute(name=host)
+    echo Adding host expression to the SMTP configuration of a remote destination outbound socket binding in the mail subsystem
+    /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:write-attribute(name=host, value=expression "${jboss.mail.server.host:localhost}")
+    echo
+end-if
+
+if (result != expression "${jboss.mail.server.port:25}") of /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:read-attribute(name=port)
+    echo Adding port expression to the SMTP configuration of a remote destination outbound socket binding in the mail subsystem
+    /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:write-attribute(name=port, value=expression "${jboss.mail.server.port:25}")
+    echo
+end-if
+
+# Migrate from 12.0.0 to 13.0.0
+
+## KEYCLOAK-16723 / KEYCLOAK-16907:
+##
+## Based on [WFLY-14203], [WFLY-14151], and [WFLY-14108] remove MicroProfile SmallRye config, health, and metrics if present
+
+if (outcome == success) of /subsystem=microprofile-config-smallrye/:read-resource
+    echo Removing microprofile-config-smallrye subsystem...
+    /subsystem=microprofile-config-smallrye/:remove
+    echo
+end-if
+
+if (outcome == success) of /extension=org.wildfly.extension.microprofile.config-smallrye/:read-resource
+    echo Removing microprofile.config-smallrye extension...
+    /extension=org.wildfly.extension.microprofile.config-smallrye/:remove
+    echo
+end-if
+
+if (outcome == success) of /subsystem=microprofile-health-smallrye/:read-resource
+    echo Removing microprofile-health-smallrye subsystem...
+    /subsystem=microprofile-health-smallrye/:remove
+    echo
+end-if
+
+if (outcome == success) of /extension=org.wildfly.extension.microprofile.health-smallrye/:read-resource
+    echo Removing microprofile.health-smallrye extension...
+    /extension=org.wildfly.extension.microprofile.health-smallrye/:remove
+    echo
+end-if
+
+if (outcome == success) of /subsystem=microprofile-metrics-smallrye/:read-resource
+    echo Removing microprofile-metrics-smallrye subsystem...
+    /subsystem=microprofile-metrics-smallrye/:remove
+    echo
+end-if
+
+if (outcome == success) of /extension=org.wildfly.extension.microprofile.metrics-smallrye/:read-resource
+    echo Removing microprofile.metrics-smallrye extension...
+    /extension=org.wildfly.extension.microprofile.metrics-smallrye/:remove
+    echo
+end-if
+
+## Yet based on [WFLY-14203], [WFLY-14151], and [WFLY-14108] load
+## org.wildfly.extension.health/org.wildfly.extension.metrics extensions & subsystems instead
+
+if (outcome == failed) of /extension=org.wildfly.extension.health:read-resource
+    echo Adding WildFly extension for health...
+    /extension=org.wildfly.extension.health:add(module=org.wildfly.extension.health)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=health:read-resource
+    echo Adding Wildfly subsystem for health...
+    /subsystem=health:add(security-enabled=false)
+    echo
+end-if
+
+if (outcome == failed) of /extension=org.wildfly.extension.metrics:read-resource
+    echo Adding Wildfly extension for base metrics...
+    /extension=org.wildfly.extension.metrics:add(module=org.wildfly.extension.metrics)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=metrics:read-resource
+    echo Adding Wildfly subsystem for base metrics...
+    /subsystem=metrics:add(exposed-subsystems=[*],security-enabled=false)
+    echo
+end-if
+
+if (result == "Keycloak") of :read-attribute(name=product-name)
+    echo Adding base metrics subsystem prefix to Keycloak...
+    /subsystem=metrics:write-attribute(name=prefix,value=${wildfly.metrics.prefix:wildfly})
+    echo
+else
+    echo Adding base metrics subsystem prefix to RH-SSO...
+    /subsystem=metrics:write-attribute(name=prefix,value=${wildfly.metrics.prefix:jboss})
+    echo
+end-if
+
+## Add ability to make use of automatically generated self-signed certificate with Elytron,
+## introduced by WFCORE-5095 in Wildfly Core 14.0.0.Final
+
+if (outcome == failed) of /subsystem=elytron/key-store=applicationKS:read-resource
+    echo Adding key store for the feature of auto-generation of self-signed certificate to Elytron subsystem...
+    /subsystem=elytron/key-store=applicationKS:add(credential-reference={clear-text=password},type=JKS)
+    /subsystem=elytron/key-store=applicationKS:write-attribute(name=path,value=application.keystore)
+    /subsystem=elytron/key-store=applicationKS:write-attribute(name=relative-to,value=jboss.server.config.dir)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=elytron/key-manager=applicationKM:read-resource
+    echo Adding key manager for the feature of auto-generation of self-signed certificate to Elytron subsystem...
+    /subsystem=elytron/key-manager=applicationKM:add(key-store=applicationKS, credential-reference={clear-text=password})
+    /subsystem=elytron/key-manager=applicationKM:write-attribute(name=generate-self-signed-certificate-host,value=localhost)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=elytron/server-ssl-context=applicationSSC:read-resource
+    echo Adding SSL context for the feature of auto-generation of self-signed certificate to Elytron subsystem...
+    /subsystem=elytron/server-ssl-context=applicationSSC:add(key-manager=applicationKM)
+    echo
+end-if
+
+## Convert type of 'hung-task-termination-period' attribute for 'managed-executor-service' from INT to LONG
+if (result == 0) of /subsystem=ee/managed-executor-service=default:read-attribute(name=hung-task-termination-period)
+    echo Setting period for automatic termination of hung tasks for managed executor service to default value (0 miliseconds)
+    /subsystem=ee/managed-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
+    echo
+end-if
+
+## Convert type of 'hung-task-termination-period' attribute for 'managed-scheduled-executor-service' from INT to LONG
+if (result == 0) of /subsystem=ee/managed-scheduled-executor-service=default:read-attribute(name=hung-task-termination-period)
+    echo Setting period for automatic termination of hung tasks for managed scheduled executor service to default value (0 miliseconds)
+    /subsystem=ee/managed-scheduled-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
+    echo
+end-if
+
+## Set value of JPA default-datasource from empty string to 'undefined'
+if (outcome == success) && (result == "") of /subsystem=jpa:read-attribute(name=default-datasource)
+    echo Setting value of to default-datasource attribute in JPA subsystem to 'undefined'
+    /subsystem=jpa:undefine-attribute(name=default-datasource)
+    echo
+end-if
+
+echo *** End Migration ***
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-standalone.cli b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-standalone.cli
new file mode 100644
index 0000000000..d614898d43
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/bin/migrate-standalone.cli
@@ -0,0 +1,744 @@
+echo
+echo *** WARNING ***
+echo
+echo ** If the following embed-server command fails, manual intervention is needed.
+echo ** In such case, remove any <extension> and <subsystem> declarations referring
+echo ** to the removed smallrye modules from the standalone.xml file and rerun this script.
+echo ** For details, see Migration Changes section in the Upgrading guide.
+echo ** We apologize for this inconvenience.
+echo
+
+embed-server --server-config=standalone.xml
+
+echo *** Begin Migration ***
+echo
+
+# Migrate from 1.8.1 to 1.9.1
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=work/:read-resource
+  echo Adding local-cache=work to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=work/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+# realmVersions cache deprecated in 2.1.0
+#if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
+#  echo Adding local-cache=realmVersions to keycloak cache container...
+#  /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:add(indexing=NONE,start=LAZY)
+#  /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/component=transaction/:write-attribute(name=mode,value=BATCH)
+#  echo
+#end-if
+
+
+# Migrate from 1.9.1 to 1.9.2
+if (result == NONE) of /subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:read-attribute(name=strategy)
+  echo Adding eviction strategy to keycloak users cache container...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
+  echo
+end-if
+
+# Migrate from 1.9.2 to 1.9.8
+# NO CHANGES
+
+# Migrate from 1.9.8 to 2.0.0
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:read-resource
+  echo Adding local-cache=authorization to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:read-attribute(name=strategy,include-defaults=false)
+  echo Updating authorization cache container..
+  /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=100)
+  echo
+end-if
+
+# Migrate from 2.0.0 to 2.1.0
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
+  echo Removing deprecated cache 'realmVersions'
+  /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:remove
+  echo
+end-if
+
+# Migrate kecloak-server.json (deprecated in 2.2.0)
+if (result == []) of /subsystem=keycloak-server/:read-children-names(child-type=spi)
+  echo Migrating keycloak-server.json to server cofig xml...
+  /subsystem=keycloak-server/:migrate-json
+  echo
+end-if
+if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /subsystem=keycloak-server/:read-attribute(name=providers)
+    echo Updating provider to default value
+    /subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*])
+    echo
+end-if
+if (result == keycloak) of /subsystem=keycloak-server/theme=defaults:read-attribute(name=default)
+    echo Undefining default theme...
+    /subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default)
+    echo
+end-if
+if (result == expression "${jboss.server.config.dir}/themes") of /subsystem=keycloak-server/theme=defaults:read-attribute(name=dir)
+    echo Updating theme dir to default value
+    /subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes)
+    echo
+end-if
+
+set persistenceProvider=jpa
+
+# Migrate from 2.1.0 to 2.2.0
+if (outcome == failed) of /extension=org.jboss.as.deployment-scanner/:read-resource
+  echo Adding deployment-scanner extension...
+  /extension=org.jboss.as.deployment-scanner/:add(module=org.jboss.as.deployment-scanner)
+  echo
+end-if
+if (outcome == failed) of /subsystem=deployment-scanner/:read-resource
+  echo Adding deployment-scanner...
+  /subsystem=deployment-scanner/:add
+  echo
+end-if
+if (outcome == failed) of /subsystem=deployment-scanner/scanner=default/:read-resource
+  echo Adding scanner=default
+  /subsystem=deployment-scanner/scanner=default/:add(path=deployments,relative-to=jboss.server.base.dir,runtime-failure-causes-rollback=${jboss.deployment.scanner.rollback.on.failure:false},scan-interval=5000)
+  echo
+end-if
+if (result == update) of /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema)
+  echo Updating connectionsJpa default properties...
+  /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema)
+  /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=initializeEmpty,value=true)
+  /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationStrategy,value=update)
+  /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationExport,value=${jboss.home.dir}/keycloak-database-update.sql)
+  echo
+end-if
+if (outcome == failed) of /subsystem=keycloak-server/spi=userFederatedStorage/:read-resource
+  echo Adding spi=userFederatedStorage...
+  /subsystem=keycloak-server/spi=userFederatedStorage/:add(default-provider=$persistenceProvider)
+  echo
+end-if
+if (outcome == failed) of /subsystem=keycloak-server/spi=jta-lookup/:read-resource
+  echo Adding spi=jta-lookup...
+  /subsystem=keycloak-server/spi=jta-lookup/:add(default-provider=${keycloak.jta.lookup.provider:jboss})
+  /subsystem=keycloak-server/spi=jta-lookup/provider=jboss/:add(enabled=true)
+  echo
+end-if
+
+# Migrate from 2.2.0 to 2.2.1
+# NO CHANGES
+
+# Migrate from 2.2.1 to 2.3.0
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/:read-resource
+  echo Adding local-cache=keys to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=keys/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:read-attribute(name=strategy,include-defaults=false)
+  echo Updating eviction and expiration in local-cache=keys...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=max-entries,value=1000)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=expiration/:write-attribute(name=max-idle,value=3600000)
+  echo
+end-if
+if (outcome == failed) of /subsystem=keycloak-server/spi=publicKeyStorage/:read-resource
+  echo Adding spi=publicKeyStorage...
+  /subsystem=keycloak-server/spi=publicKeyStorage/:add
+  /subsystem=keycloak-server/spi=publicKeyStorage/provider=infinispan/:add(properties={minTimeBetweenRequests => "10"},enabled=true)
+  echo
+end-if
+
+# Migrate from 2.3.0 to 2.4.0
+# NO CHANGES
+
+# Migrate from 2.4.0 to 2.5.0
+if (result == NONE) of /subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:read-attribute(name=strategy)
+  echo Adding eviction strategy to keycloak realms cache...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=strategy,value=LRU)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=max-entries,value=10000)
+  echo
+end-if
+
+# Migrate from 2.5.0 to 2.5.1
+# NO CHANGES
+
+# Migrate 2.5.1 to 2.5.4
+if (result != REPEATABLE_READ) of /subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
+  echo Changing ejb cache locking to REPEATABLE_READ
+  /subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
+  echo
+end-if
+
+if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
+   echo Removing Hibernate immutable-entity cache
+   /subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
+end-if
+
+
+# Migrate from 2.5.4 to 3.0.0
+if (result == jpa) of /subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
+   echo Removing default provider for eventsStore
+   /subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /subsystem=keycloak-server/spi=realm/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /subsystem=keycloak-server/spi=user/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for userFederatedStorage SPI
+   /subsystem=keycloak-server/spi=userFederatedStorage/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for authorizationPersister SPI
+   /subsystem=keycloak-server/spi=authorizationPersister/:remove
+   echo
+end-if
+
+if (outcome == failed) of /subsystem=keycloak-server/spi=userCache/:read-resource
+   echo Adding userCache SPI
+   /subsystem=keycloak-server/spi=userCache/:add
+   /subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if (outcome == failed) of /subsystem=keycloak-server/spi=realmCache/:read-resource
+   echo Adding realmCache SPI
+   /subsystem=keycloak-server/spi=realmCache/:add
+   /subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
+   echo Adding 'default' as default provider for connectionsInfinispan
+   /subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
+   echo
+end-if
+
+# Migrate from 3.0.0 to 3.1.0
+# NO CHANGES
+
+# Migrate from 3.1.0 to 3.2.0
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:read-resource
+  echo Adding local-cache=authenticationSessions to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:read-resource
+  echo Adding local-cache=actionTokens to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:add(indexing=NONE,start=LAZY)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
+  /subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
+  echo
+end-if
+
+if (result == 100L) of /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:read-attribute(name=max-entries)
+    echo Updating eviction in local-cache=authorization...
+    /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000)
+    echo
+end-if
+
+# Migrate from 3.2.0 to 3.2.1
+# NO CHANGES
+
+# Migrate from 3.2.1 to 3.3.0
+if (outcome == failed) of /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:read-resource
+    echo Adding keystore to ApplicationRealm...
+    /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:add(keystore-path=application.keystore,keystore-relative-to=jboss.server.config.dir,keystore-password=password,alias=server,key-password=password,generate-self-signed-certificate-host=localhost)
+    echo
+end-if
+
+if (outcome == failed) of /extension=org.wildfly.extension.elytron/:read-resource
+    echo Adding elytron extension...
+    /extension=org.wildfly.extension.elytron/:add(module=org.wildfly.extension.elytron)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=elytron/:read-resource
+    echo Adding elytron subsystem
+    /subsystem=elytron:add
+    /subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron)
+    /subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl)
+    /subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl])
+    /subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON)
+    /subsystem=elytron/identity-realm=local/:add(identity="$local")
+    /subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir})
+    /subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir})
+    /subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
+    /subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
+    /subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
+    /subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
+    /subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}])
+    /subsystem=elytron/security-domain=ManagementDomain/:add(default-realm=ManagementRealm,permission-mapper=default-permission-mapper,realms=[{realm=ManagementRealm,role-decoder=groups-to-roles},{realm=local,role-mapper=super-user-mapper}])
+    /subsystem=elytron/provider-http-server-mechanism-factory=global/:add
+    /subsystem=elytron/http-authentication-factory=management-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=DIGEST,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}])
+    /subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}])
+    /subsystem=elytron/provider-sasl-server-factory=global/:add
+    /subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}])
+    /subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"})
+    /subsystem=elytron/sasl-authentication-factory=management-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}])
+    /subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}])
+    /subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers)
+    /subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto])
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
+    echo Adding channel-creation-options READ_TIMEOUT to ejb3 remote
+    /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:read-resource
+    echo Adding channel-creation-options MAX_OUTBOUND_MESSAGES to ejb3 remote
+    /subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting)
+    echo
+end-if
+
+if (outcome == success) of /subsystem=infinispan/cache-container=web/local-cache=persistent:read-resource
+    echo Removing local-cache persistent from web cache-container
+    /subsystem=infinispan/cache-container=web/local-cache=persistent:remove
+    echo
+end-if
+
+if (outcome == success) of /subsystem=infinispan/cache-container=ejb/local-cache=persistent:read-resource
+    echo Removing local-cache persistent from ejb cache-container
+    /subsystem=infinispan/cache-container=ejb/local-cache=persistent:remove
+    echo
+end-if
+
+if (result == local-query) of /subsystem=infinispan/cache-container=hibernate/:read-attribute(name=default-cache)
+    echo Removing default-cache from hibernate cache-container
+    /subsystem=infinispan/cache-container=hibernate/:undefine-attribute(name=default-cache)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource
+    echo Adding http-invoker to default-host
+    /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm)
+    echo
+end-if
+
+if (result == false) of /subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2)
+    echo Enabling http2 for default http-listener
+    /subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=undertow/server=default-server/https-listener=https/:read-resource
+    echo Adding https-listener
+    /subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true)
+    echo
+end-if
+
+# Migrate from 3.3.0 to 3.4.0
+if (outcome == success) of /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
+  echo Removing X-Powered-By and Server headers from Keycloak responses...
+  /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove
+  /subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove
+  /subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove
+  /subsystem=undertow/configuration=filter/response-header=server-header/:remove
+  echo
+end-if
+
+if (outcome == success) of /subsystem=jdr/:read-resource
+    echo Removing jdr subsystem and extension
+    /subsystem=jdr/:remove
+    /extension=org.jboss.as.jdr/:remove
+    echo
+end-if
+
+if (outcome == success) of /subsystem=jsf/:read-resource
+    echo Removing jsf subsystem and extension
+    /subsystem=jsf/:remove
+    /extension=org.jboss.as.jsf/:remove
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=offlineClientSessions/:read-resource
+  echo Adding local-cache=offlineClientSessions to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=offlineClientSessions/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+
+if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=clientSessions/:read-resource
+  echo Adding local-cache=clientSessions to keycloak cache container...
+  /subsystem=infinispan/cache-container=keycloak/local-cache=clientSessions/:add(indexing=NONE,start=LAZY)
+  echo
+end-if
+
+if (outcome == failed) of /subsystem=keycloak-server/spi=x509cert-lookup/:read-resource
+  echo Adding spi=x509cert-lookup...
+  /subsystem=keycloak-server/spi=x509cert-lookup/:add(default-provider=${keycloak.x509cert.lookup.provider:default})
+  /subsystem=keycloak-server/spi=x509cert-lookup/provider=default/:add(enabled=true)
+  echo
+end-if
+
+# Migrate from 4.2.0 to 4.3.0
+if (outcome == failed) of /subsystem=keycloak-server/spi=hostname/:read-resource
+  echo Adding spi=hostname...
+  /subsystem=keycloak-server/spi=hostname/:add(default-provider=request)
+  /subsystem=keycloak-server/spi=hostname/provider=fixed/:add(properties={hostname => "localhost",httpPort => "-1",httpsPort => "-1"},enabled=true)
+  echo
+end-if
+
+# Migrate from 4.3.0 to 4.4.0
+if (outcome == failed) of /subsystem=elytron/permission-set=login-permission/:read-resource
+  echo Adding permission-set=login-permission to elytron
+  /subsystem=elytron/permission-set=login-permission:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}])
+  /subsystem=elytron/permission-set=default-permissions/:add(permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
+  /subsystem=elytron/simple-permission-mapper=default-permission-mapper/:undefine-attribute(name=permission-mappings)
+  /subsystem=elytron/simple-permission-mapper=default-permission-mapper:write-attribute(name=permission-mappings,value=[{permission-sets=[{permission-set=login-permission},{permission-set=default-permissions}],match-all=true},{permission-sets=[{permission-set=default-permissions}],principals=[anonymous]}])
+  echo
+end-if
+
+if (result == org.hibernate.infinispan) of /subsystem=infinispan/cache-container=hibernate:read-attribute(name=module)
+  echo Update hibernate cache module
+  /subsystem=infinispan/cache-container=hibernate:write-attribute(name=module, value=org.infinispan.hibernate-cache)
+  echo
+end-if
+if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:read-resource
+  echo Removing eviction from hibernate entity cache and replacing with object-memory
+  /subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:remove
+  /subsystem=infinispan/cache-container=hibernate/local-cache=entity/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:read-resource
+  echo Removing eviction from hibernate local-query cache and replacing with object-memory
+  /subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:remove
+  /subsystem=infinispan/cache-container=hibernate/local-cache=local-query/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak realms cache and replacing with object-memory
+  /subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:remove
+  /subsystem=infinispan/cache-container=keycloak/local-cache=realms/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak users cache and replacing with object-memory
+  /subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:remove
+  /subsystem=infinispan/cache-container=keycloak/local-cache=users/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak authorization cache and replacing with object-memory
+  /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:remove
+  /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/memory=object:add(size=10000)
+  echo
+end-if
+if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:read-resource
+  echo Removing eviction from keycloak keys cache and replacing with object-memory
+  /subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:remove
+  /subsystem=infinispan/cache-container=keycloak/local-cache=keys/memory=object:add(size=1000)
+  echo
+end-if
+
+if (outcome == success) of /subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:read-resource
+  echo Changing JNDI reference in connectionsInfinispan SPI
+  /subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:undefine-attribute(name=properties)
+  /subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:write-attribute(name=properties,value={cacheContainer=java:jboss/infinispan/container/keycloak})
+  echo
+end-if
+
+# Migrate from 4.4.0 to 4.5.0
+if (outcome == failed) of /subsystem=core-management/:read-resource
+    echo Adding core-management extension
+    /extension=org.wildfly.extension.core-management/:add
+    echo Adding subsystem core-management
+    /subsystem=core-management/:add
+    echo
+end-if
+
+# Migrate from 4.5.0 to 4.6.0
+if (outcome == success) of /subsystem=elytron/http-authentication-factory=application-http-authentication/:read-resource
+    echo Removing application-http-authentication from elytron subsystem
+    /subsystem=elytron/http-authentication-factory=application-http-authentication:remove
+    echo
+end-if
+
+if (result == undefined) of /subsystem=transactions/:read-attribute(name=node-identifier,include-defaults=false)
+    echo Setting node-identifier attribute of core-environment element in transactions subsystem
+    /subsystem=transactions/:write-attribute(name=node-identifier,value=expression "${jboss.tx.node.id:1}")
+    echo
+end-if
+
+# Migrate from 4.8.3 to 5.0.0
+if (outcome == failed) of /subsystem=logging/logger=io.jaegertracing.Configuration/:read-resource
+    echo Adding io.jaegertracing.Configuration logger
+    /subsystem=logging/logger=io.jaegertracing.Configuration/:add(category=io.jaegertracing.Configuration,level=WARN)
+    echo
+end-if
+
+# Migrate from 5.0.0 to 6.0.0
+if (result == NON_XA) of /subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:read-attribute(name=mode)
+    echo Removing NON_XA transaction mode from infinispan/hibernate/entity
+    /subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:undefine-attribute(name=mode)
+    echo
+end-if
+
+if (result == false) of /subsystem=datasources/data-source=ExampleDS/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to ExampleDS datasource
+    /subsystem=datasources/data-source=ExampleDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /subsystem=datasources/data-source=KeycloakDS/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to KeycloakDS datasource
+    /subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /subsystem=ejb3/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to ejb3 subsystem
+    /subsystem=ejb3/:write-attribute(name=statistics-enabled,value=${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /subsystem=transactions/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to transactions subsystem
+    /subsystem=transactions/:write-attribute(name=statistics-enabled,value=${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /subsystem=undertow/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to undertow subsystem
+    /subsystem=undertow/:write-attribute(name=statistics-enabled,value=${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (result == false) of /subsystem=webservices/:read-attribute(name=statistics-enabled)
+    echo Adding statistics-enabled expression to webservices subsystem
+    /subsystem=webservices/:write-attribute(name=statistics-enabled,value=${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}})
+    echo
+end-if
+
+if (outcome == failed) of /extension=org.jboss.as.weld/:read-resource
+    echo Adding weld extension
+    /extension=org.jboss.as.weld/:add
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=weld/:read-resource
+    echo Adding weld subsystem
+    /subsystem=weld/:add
+    echo
+end-if
+
+## KEYCLOAK-16723 / KEYCLOAK-16907:
+##
+## Loading of MicroProfile SmallRye config, health, and metrics extensions & subsystems got removed
+## as part of upgrading to Wildfly 22. See [WFLY-14203], [WFLY-14151], and [WFLY-14108] for details
+
+# Migrate from 6.0.1 to 7.0.0
+if (outcome == success) of /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
+    echo Removing READ_TIMEOUT option from remote service from ejb3 subsystem
+    /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:remove
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=infinispan/cache-container=web/local-cache=routing:read-resource
+    echo Adding local cache routing to web cache container to infinispan subsystem
+    /subsystem=infinispan/cache-container=web/local-cache=routing/:add
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=infinispan/cache-container=web/local-cache=sso:read-resource
+    echo Adding local cache sso to web cache container to infinispan subsystem
+    /subsystem=infinispan/cache-container=web/local-cache=sso/:add
+    /subsystem=infinispan/cache-container=web/local-cache=sso/component=locking/:add(isolation=REPEATABLE_READ)
+    /subsystem=infinispan/cache-container=web/local-cache=sso/component=transaction/:add(mode=BATCH)
+    echo
+end-if
+
+if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
+    echo Disabling Truststore Provider
+    /subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
+    echo Removing deprecated option
+    /subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
+    echo
+end-if
+
+# Migrate from 7.0.0 to 8.0.0
+
+if ((result.time == 100L) && (result.unit == MILLISECONDS)) of /subsystem=ejb3/thread-pool=default:read-attribute(name=keepalive-time)
+    echo Changing thread pool keepalive of ejb3 subsystem
+    /subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.time, value=60)
+    /subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.unit,value=SECONDS)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=keycloak-server/spi=hostname/provider=default/:read-resource
+    echo Adding default hostname provider
+    /subsystem=keycloak-server/spi=hostname/provider=default/:add(properties={frontendUrl => "${keycloak.frontendUrl:}",forceBackendUrlToFrontendUrl => "false"},enabled=true)
+end-if
+
+if (result == request) of /subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
+    echo Switching from request to default hostname provider
+
+    /subsystem=keycloak-server/spi=hostname/:write-attribute(name=default-provider,value=default)
+end-if
+
+if (result != fixed) of /subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
+    try
+        /subsystem=keycloak-server/spi=hostname/provider=fixed:remove
+        echo Removed config for unused fixed hostname provider
+    catch
+    end-try
+end-if
+
+# Migrate from 10.0.2 to 11.0.0 (migration changes for infinispan update from 9.4.18.Final to 10.1.8.Final)
+
+if (result != org.keycloak.keycloak-model-infinispan) of /subsystem=infinispan/cache-container=keycloak:read-attribute(name=module)
+    echo Setting class loader for keycloak cache-container so JBoss Marshalling works properly with Infinispan 10.x
+    /subsystem=infinispan/cache-container=keycloak:write-attribute(name=module,value=org.keycloak.keycloak-model-infinispan)
+    echo
+end-if
+
+# Migrate from 11.0.0 to 12.0.0
+
+if (result != expression "${jboss.mail.server.host:localhost}") of /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:read-attribute(name=host)
+    echo Adding host expression to the SMTP configuration of a remote destination outbound socket binding in the mail subsystem
+    /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:write-attribute(name=host, value=expression "${jboss.mail.server.host:localhost}")
+    echo
+end-if
+
+if (result != expression "${jboss.mail.server.port:25}") of /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:read-attribute(name=port)
+    echo Adding port expression to the SMTP configuration of a remote destination outbound socket binding in the mail subsystem
+    /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:write-attribute(name=port, value=expression "${jboss.mail.server.port:25}")
+    echo
+end-if
+
+# Migrate from 12.0.0 to 13.0.0
+
+## KEYCLOAK-16723 / KEYCLOAK-16907:
+##
+## Based on [WFLY-14203], [WFLY-14151], and [WFLY-14108] remove MicroProfile SmallRye config, health, and metrics if present
+
+if (outcome == success) of /subsystem=microprofile-config-smallrye/:read-resource
+    echo Removing microprofile-config-smallrye subsystem...
+    /subsystem=microprofile-config-smallrye/:remove
+    echo
+end-if
+
+if (outcome == success) of /extension=org.wildfly.extension.microprofile.config-smallrye/:read-resource
+    echo Removing microprofile.config-smallrye extension...
+    /extension=org.wildfly.extension.microprofile.config-smallrye/:remove
+    echo
+end-if
+
+if (outcome == success) of /subsystem=microprofile-health-smallrye/:read-resource
+    echo Removing microprofile-health-smallrye subsystem...
+    /subsystem=microprofile-health-smallrye/:remove
+    echo
+end-if
+
+if (outcome == success) of /extension=org.wildfly.extension.microprofile.health-smallrye/:read-resource
+    echo Removing microprofile.health-smallrye extension...
+    /extension=org.wildfly.extension.microprofile.health-smallrye/:remove
+    echo
+end-if
+
+if (outcome == success) of /subsystem=microprofile-metrics-smallrye/:read-resource
+    echo Removing microprofile-metrics-smallrye subsystem...
+    /subsystem=microprofile-metrics-smallrye/:remove
+    echo
+end-if
+
+if (outcome == success) of /extension=org.wildfly.extension.microprofile.metrics-smallrye/:read-resource
+    echo Removing microprofile.metrics-smallrye extension...
+    /extension=org.wildfly.extension.microprofile.metrics-smallrye/:remove
+    echo
+end-if
+
+## Yet based on [WFLY-14203], [WFLY-14151], and [WFLY-14108] load
+## org.wildfly.extension.health/org.wildfly.extension.metrics extensions & subsystems instead
+
+if (outcome == failed) of /extension=org.wildfly.extension.health:read-resource
+    echo Adding WildFly extension for health...
+    /extension=org.wildfly.extension.health:add(module=org.wildfly.extension.health)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=health:read-resource
+    echo Adding Wildfly subsystem for health...
+    /subsystem=health:add(security-enabled=false)
+    echo
+end-if
+
+if (outcome == failed) of /extension=org.wildfly.extension.metrics:read-resource
+    echo Adding Wildfly extension for base metrics...
+    /extension=org.wildfly.extension.metrics:add(module=org.wildfly.extension.metrics)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=metrics:read-resource
+    echo Adding Wildfly subsystem for base metrics...
+    /subsystem=metrics:add(exposed-subsystems=[*],security-enabled=false)
+    echo
+end-if
+
+if (result == "Keycloak") of :read-attribute(name=product-name)
+    echo Adding base metrics subsystem prefix to Keycloak...
+    /subsystem=metrics:write-attribute(name=prefix,value=${wildfly.metrics.prefix:wildfly})
+    echo
+else
+    echo Adding base metrics subsystem prefix to RH-SSO...
+    /subsystem=metrics:write-attribute(name=prefix,value=${wildfly.metrics.prefix:jboss})
+    echo
+end-if
+
+## Add ability to make use of automatically generated self-signed certificate with Elytron,
+## introduced by WFCORE-5095 in Wildfly Core 14.0.0.Final
+
+if (outcome == failed) of /subsystem=elytron/key-store=applicationKS:read-resource
+    echo Adding key store for the feature of auto-generation of self-signed certificate to Elytron subsystem...
+    /subsystem=elytron/key-store=applicationKS:add(credential-reference={clear-text=password},type=JKS)
+    /subsystem=elytron/key-store=applicationKS:write-attribute(name=path,value=application.keystore)
+    /subsystem=elytron/key-store=applicationKS:write-attribute(name=relative-to,value=jboss.server.config.dir)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=elytron/key-manager=applicationKM:read-resource
+    echo Adding key manager for the feature of auto-generation of self-signed certificate to Elytron subsystem...
+    /subsystem=elytron/key-manager=applicationKM:add(key-store=applicationKS, credential-reference={clear-text=password})
+    /subsystem=elytron/key-manager=applicationKM:write-attribute(name=generate-self-signed-certificate-host,value=localhost)
+    echo
+end-if
+
+if (outcome == failed) of /subsystem=elytron/server-ssl-context=applicationSSC:read-resource
+    echo Adding SSL context for the feature of auto-generation of self-signed certificate to Elytron subsystem...
+    /subsystem=elytron/server-ssl-context=applicationSSC:add(key-manager=applicationKM)
+    echo
+end-if
+
+## Convert type of 'hung-task-termination-period' attribute for 'managed-executor-service' from INT to LONG
+if (result == 0) of /subsystem=ee/managed-executor-service=default:read-attribute(name=hung-task-termination-period)
+    echo Setting period for automatic termination of hung tasks for managed executor service to default value (0 miliseconds)
+    /subsystem=ee/managed-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
+    echo
+end-if
+
+## Convert type of 'hung-task-termination-period' attribute for 'managed-scheduled-executor-service' from INT to LONG
+if (result == 0) of /subsystem=ee/managed-scheduled-executor-service=default:read-attribute(name=hung-task-termination-period)
+    echo Setting period for automatic termination of hung tasks for managed scheduled executor service to default value (0 miliseconds)
+    /subsystem=ee/managed-scheduled-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
+    echo
+end-if
+
+## Set value of JPA default-datasource from empty string to 'undefined'
+if (outcome == success) && (result == "") of /subsystem=jpa:read-attribute(name=default-datasource)
+    echo Setting value of to default-datasource attribute in JPA subsystem to 'undefined'
+    /subsystem=jpa:undefine-attribute(name=default-datasource)
+    echo
+end-if
+
+echo *** End Migration ***
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/docs/licenses/apache license 2.0.txt b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/docs/licenses/apache license 2.0.txt
new file mode 100644
index 0000000000..d645695673
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/docs/licenses/apache license 2.0.txt	
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/docs/licenses/licenses.css b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/docs/licenses/licenses.css
new file mode 100644
index 0000000000..566d3c9ba0
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/docs/licenses/licenses.css
@@ -0,0 +1,22 @@
+table {
+    border-collapse: collapse;
+}
+
+table, th, td {
+    border: 1px solid navy;
+}
+
+th {
+    text-align: left;
+    background-color: #BCC6CC;
+
+}
+
+th, td {
+    padding: 2px;
+    text-align: left;
+}
+
+tr:nth-child(even) {
+    background-color: #f2f2f2;
+}
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/docs/licenses/licenses.xsl b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/docs/licenses/licenses.xsl
new file mode 100644
index 0000000000..cdd1a0e184
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/content/docs/licenses/licenses.xsl
@@ -0,0 +1,71 @@
+<?xml version="1.0"?>
+<xsl:stylesheet version="1.0"
+                xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+
+    <xsl:output method="html" encoding="utf-8" standalone="no" media-type="text/html" />
+    <xsl:param name="version"/>
+    <xsl:param name="product.release.name"/>
+    <xsl:variable name="lowercase" select="'abcdefghijklmnopqrstuvwxyz '" />
+    <xsl:variable name="uppercase" select="'ABCDEFGHIJKLMNOPQRSTUVWXYZ!'" />
+    
+    <xsl:template match="/">
+        <html>
+            <head>
+                <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+                <link rel="stylesheet" type="text/css" href="licenses.css"/>
+            </head>
+            <body>
+                <h2><xsl:value-of select="$product.release.name"/><xsl:text> </xsl:text><xsl:value-of select="substring-before($version, '-')"/> - Servlet Feature Pack</h2>
+                <p>The following material has been provided for informational purposes only, and should not be relied upon or construed as a legal opinion or legal advice.</p>
+                <!-- Read matching templates -->
+                <table>
+                    <tr>
+                        <th>Package Group</th>
+                        <th>Package Artifact</th>
+                        <th>Package Version</th>
+                        <th>Remote Licenses</th>
+                        <th>Local Licenses</th>
+                    </tr>
+                    <xsl:for-each select="licenseSummary/dependencies/dependency">
+                        <xsl:sort select="concat(groupId, '.', artifactId)"/>
+                        <tr>
+                            <td><xsl:value-of select="groupId"/></td>
+                            <td><xsl:value-of select="artifactId"/></td>
+                            <td><xsl:value-of select="version"/></td>
+                            <td>
+                                <xsl:for-each select="licenses/license">
+                                    <a href="{./url}"><xsl:value-of select="name"/></a><br/>
+                                </xsl:for-each>
+                            </td>
+                            <td>
+                                <xsl:for-each select="licenses/license">
+                                    <xsl:variable name="filename">
+                                        <xsl:call-template name="remap-local-filename">
+                                            <xsl:with-param name="name" select="name" />
+                                        </xsl:call-template>
+                                    </xsl:variable>
+                                    <a href="{$filename}"><xsl:value-of select="$filename"/></a><br/>
+                                </xsl:for-each>
+                            </td>
+                        </tr>
+                    </xsl:for-each>
+                </table>
+            </body>
+        </html>
+    </xsl:template>
+
+    <xsl:template name="remap-local-filename">
+        <xsl:param name="name"/>
+        <xsl:choose>
+            <xsl:when test="$name = 'GNU General Public License v2.0 only'">
+                <xsl:text>gnu general public license v2.0 only.html</xsl:text>
+            </xsl:when>
+            <xsl:when test="$name = ''">
+                <xsl:text>.html</xsl:text>
+            </xsl:when>
+            <xsl:otherwise>
+                <xsl:value-of select="concat(translate($name, $uppercase, $lowercase), '.txt')"/>
+            </xsl:otherwise>
+        </xsl:choose>
+    </xsl:template>
+</xsl:stylesheet>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/domain-keycloak-clustered.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/domain-keycloak-clustered.xml
new file mode 100644
index 0000000000..db5dbea1f3
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/domain-keycloak-clustered.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="domain-keycloak-clustered" xmlns="urn:jboss:galleon:feature-group:1.0">
+
+    <feature-group name="domain-interfaces">
+        <exclude feature-id="domain.interface:interface=unsecure"/>
+    </feature-group>
+
+    <feature spec="domain.socket-binding-group">
+        <param name="socket-binding-group" value="ha-sockets"/>
+        <param name="default-interface" value="public" />
+        <feature-group name="domain-sockets"/>
+        <feature-group name="domain-ha-sockets"/>
+        <feature-group name="domain-mail-sockets"/>
+        <feature-group name="domain-transactions-sockets"/>
+        <feature-group name="domain-server-groups"/>
+    </feature>
+
+    <feature spec="profile">
+        <param name="profile" value="auth-server-clustered"/>
+        <feature-group name="domain-ha-profile">
+            <exclude spec="subsystem.sar"/>
+            <exclude spec="subsystem.jdr"/>
+            <exclude spec="subsystem.jsf"/>
+            <exclude spec="subsystem.pojo"/>
+            <exclude spec="subsystem.webservices"/>
+            <exclude spec="subsystem.batch-jberet"/>
+            <exclude spec="subsystem.distributable-web"/>
+            <exclude spec="subsystem.discovery"/>
+            <exclude spec="subsystem.ee-security"/>
+            <exclude spec="subsystem.resource-adapters"/>
+            <exclude spec="subsystem.singleton"/>
+            <exclude spec="subsystem.weld"/>
+        </feature-group>
+        <feature-group name="keycloak-server-subsystem"/>
+        <feature-group name="datasources">
+            <feature-group name="keycloak-datasource"/>
+        </feature-group>
+        <feature-group name="infinispan-dist-keycloak"/>
+    </feature>
+
+    <feature spec="domain.system-property">
+        <param name="system-property" value="java.net.preferIPv4Stack"/>
+        <param name="value" value="true"/>
+    </feature>
+    <feature-group name="access-control"/>
+
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/domain-keycloak-standalone.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/domain-keycloak-standalone.xml
new file mode 100644
index 0000000000..0b97ec948c
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/domain-keycloak-standalone.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="domain-keycloak-standalone" xmlns="urn:jboss:galleon:feature-group:1.0">
+
+    <feature-group name="domain-interfaces">
+        <exclude feature-id="domain.interface:interface=unsecure"/>
+    </feature-group>
+
+    <feature spec="domain.interface">
+        <param name="interface" value="private"/>
+        <param name="inet-address" value="${jboss.bind.address.private:127.0.0.1}"/>
+    </feature>
+    <feature spec="domain.socket-binding-group">
+        <param name="socket-binding-group" value="standard-sockets" />
+        <param name="default-interface" value="public" />
+        <feature-group name="domain-sockets"/>
+        <feature-group name="domain-transactions-sockets"/>
+        <feature-group name="domain-mail-sockets"/>
+    </feature>
+
+    <feature spec="profile">
+        <param name="profile" value="auth-server-standalone"/>
+        <feature-group name="domain-profile">
+            <exclude spec="subsystem.sar"/>
+            <exclude spec="subsystem.jdr"/>
+            <exclude spec="subsystem.jsf"/>
+            <exclude spec="subsystem.pojo"/>
+            <exclude spec="subsystem.webservices"/>
+            <exclude spec="subsystem.batch-jberet"/>
+            <exclude spec="subsystem.distributable-web"/>
+            <exclude spec="subsystem.discovery"/>
+            <exclude spec="subsystem.ee-security"/>
+            <exclude spec="subsystem.resource-adapters"/>
+            <exclude spec="subsystem.weld"/>
+        </feature-group>
+        <feature-group name="keycloak-server-subsystem"/>
+        <feature-group name="datasources">
+            <feature-group name="keycloak-datasource"/>
+        </feature-group>
+        <feature-group name="infinispan-local"/>
+    </feature>
+
+    <feature spec="domain.system-property">
+        <param name="system-property" value="java.net.preferIPv4Stack"/>
+        <param name="value" value="true"/>
+    </feature>
+    <feature-group name="access-control"/>
+
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/domain-server-groups-keycloak.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/domain-server-groups-keycloak.xml
new file mode 100644
index 0000000000..a83bf02018
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/domain-server-groups-keycloak.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="domain-server-groups-keycloak" xmlns="urn:jboss:galleon:feature-group:1.0">
+
+    <feature spec="domain.server-group">
+        <param name="server-group" value="auth-server-group"/>
+        <param name="profile" value="auth-server-standalone" />
+        <param name="socket-binding-group" value="standard-sockets" />
+        <param name="socket-binding-default-interface" value="public"/>
+        <feature spec="domain.server-group.jvm">
+            <param name="jvm" value="default"/>
+            <param name="heap-size" value="64m"/>
+            <param name="max-heap-size" value="512m"/>
+        </feature>
+    </feature>
+    <feature spec="domain.server-group">
+        <param name="server-group" value="auth-server-group"/>
+        <param name="profile" value="auth-server-clustered" />
+        <param name="socket-binding-group" value="ha-sockets" />
+        <param name="socket-binding-default-interface" value="public"/>
+        <feature spec="domain.server-group.jvm">
+            <param name="jvm" value="default"/>
+            <param name="heap-size" value="64m"/>
+            <param name="max-heap-size" value="512m"/>
+        </feature>
+    </feature>
+    <feature spec="domain.server-group">
+        <param name="server-group" value="load-balancer-group"/>
+        <param name="profile" value="load-balancer" />
+        <param name="socket-binding-group" value="load-balancer-sockets" />
+        <param name="socket-binding-default-interface" value="public"/>
+        <feature spec="domain.server-group.jvm">
+            <param name="jvm" value="default"/>
+            <param name="heap-size" value="64m"/>
+            <param name="max-heap-size" value="512m"/>
+        </feature>
+    </feature>
+
+</feature-group-spec>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/host-master.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/host-master.xml
new file mode 100644
index 0000000000..952707618d
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/host-master.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="host-master" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature-group name="servlet-host-master">
+        <exclude spec="host.server-config"/>
+
+    </feature-group>
+    <feature spec="host">
+        <param name="host" value="master"/>
+        <feature spec="host.interface">
+            <param name="interface" value="public"/>
+            <param name="inet-address" value="${jboss.bind.address:127.0.0.1}"/>
+        </feature>
+        <feature spec="host.jvm">
+            <param name="jvm" value="default"/>
+            <param name="jvm-options" value="[&quot;-server&quot;,&quot;-XX:MetaspaceSize=96m&quot;,&quot;-XX:MaxMetaspaceSize=256m&quot;]"/>
+        </feature>
+        <feature spec="host.server-config">
+            <param name="server-config" value="load-balancer"/>
+            <param name="group" value="load-balancer-group"/>
+            <feature spec="host.server-config.jvm">
+                <param name="jvm" value="default"/>
+            </feature>
+        </feature>
+        <feature spec="host.server-config">
+            <param name="server-config" value="server-one"/>
+            <param name="group" value="auth-server-group"/>
+            <param name="auto-start" value="true"/>
+            <param name="socket-binding-port-offset" value="150"/>
+            <feature spec="host.server-config.jvm">
+                <param name="jvm" value="default"/>
+            </feature>
+        </feature>
+    </feature>
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/host-slave.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/host-slave.xml
new file mode 100644
index 0000000000..482aeefa32
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/host-slave.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="host-slave" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature-group name="servlet-host-slave">
+        <exclude feature-id="host.interface:host=slave,interface=unsecure"/>
+        <exclude feature-id="host.interface:host=slave,interface=private"/>
+        <exclude spec="host.server-config"/>
+    </feature-group>
+    <feature spec="host">
+        <param name="host" value="slave"/>
+        <feature spec="host.interface">
+            <param name="interface" value="public"/>
+            <param name="inet-address" value="${jboss.bind.address:127.0.0.1}"/>
+        </feature>
+        <feature spec="host.jvm">
+            <param name="jvm" value="default"/>
+            <param name="jvm-options" value="[&quot;-server&quot;,&quot;-XX:MetaspaceSize=96m&quot;,&quot;-XX:MaxMetaspaceSize=256m&quot;]"/>
+        </feature>
+        <feature spec="host.server-config">
+            <param name="server-config" value="server-two"/>
+            <param name="group" value="auth-server-group"/>
+            <param name="auto-start" value="true"/>
+            <param name="socket-binding-port-offset" value="250"/>
+            <feature spec="host.server-config.jvm">
+                <param name="jvm" value="default"/>
+            </feature>
+        </feature>
+    </feature>
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/host.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/host.xml
new file mode 100644
index 0000000000..b5285037e9
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/host.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="host" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature-group name="servlet-host">
+        <exclude feature-id="host.interface:host=master,interface=unsecure"/>
+        <exclude feature-id="host.interface:host=master,interface=private"/>
+        <exclude spec="host.server-config"/>
+    </feature-group>
+    <feature spec="host">
+        <param name="host" value="master"/>
+        <feature spec="host.interface">
+            <param name="interface" value="public"/>
+            <param name="inet-address" value="${jboss.bind.address:127.0.0.1}"/>
+        </feature>
+        <feature spec="host.jvm">
+            <param name="jvm" value="default"/>
+            <param name="jvm-options" value="[&quot;-server&quot;,&quot;-XX:MetaspaceSize=96m&quot;,&quot;-XX:MaxMetaspaceSize=256m&quot;]"/>
+        </feature>
+        <feature spec="host.server-config">
+            <param name="server-config" value="load-balancer"/>
+            <param name="group" value="load-balancer-group"/>
+            <feature spec="host.server-config.jvm">
+                <param name="jvm" value="default"/>
+            </feature>
+        </feature>
+        <feature spec="host.server-config">
+            <param name="server-config" value="server-one"/>
+            <param name="group" value="auth-server-group"/>
+            <param name="auto-start" value="true"/>
+            <param name="socket-binding-port-offset" value="150"/>
+            <feature spec="host.server-config.jvm">
+                <param name="jvm" value="default"/>
+            </feature>
+        </feature>
+    </feature>
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-ejb.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-ejb.xml
new file mode 100644
index 0000000000..2cb9495d65
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-ejb.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="infinispan-dist-ejb" xmlns="urn:jboss:galleon:feature-group:1.0">
+
+    <feature spec="subsystem.infinispan">
+
+        <feature spec="subsystem.infinispan.cache-container">
+            <param name="cache-container" value="ejb"/>
+            <param name="modules" value="[org.wildfly.clustering.ejb.infinispan]"/>
+            <param name="default-cache" value="dist"/>
+            <param name="aliases" value="[sfsb]"/>
+            <feature spec="subsystem.infinispan.cache-container.transport.jgroups">
+                <param name="lock-timeout" value="60000"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.distributed-cache">
+                <param name="distributed-cache" value="dist"/>
+                <feature spec="subsystem.infinispan.cache-container.distributed-cache.component.locking">
+                    <param name="isolation" value="REPEATABLE_READ"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.distributed-cache.component.transaction">
+                    <param name="mode" value="BATCH"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.distributed-cache.store.file">
+                    <unset param="relative-to"/>
+                </feature>
+            </feature>
+        </feature>
+
+    </feature>
+
+</feature-group-spec>
+
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-hibernate.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-hibernate.xml
new file mode 100644
index 0000000000..72c5179797
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-hibernate.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="infinispan-dist-hibernate" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature spec="subsystem.infinispan">
+
+        <feature spec="subsystem.infinispan.cache-container">
+            <param name="cache-container" value="hibernate"/>
+            <param name="modules" value="[org.infinispan.hibernate-cache]"/>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="local-query"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.expiration">
+                    <param name="max-idle" value="100000"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
+                    <param name="size" value="10000"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.transport.jgroups">
+                <param name="lock-timeout" value="60000"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.replicated-cache">
+                <param name="replicated-cache" value="timestamps"/>
+                <param name="mode" value="ASYNC"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.invalidation-cache">
+                <param name="invalidation-cache" value="entity"/>
+                <feature spec="subsystem.infinispan.cache-container.invalidation-cache.component.transaction">
+                    <param name="mode" value="NON_XA"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.invalidation-cache.component.expiration">
+                    <param name="max-idle" value="100000"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.invalidation-cache.memory.heap">
+                    <param name="size" value="10000"/>
+                </feature>
+            </feature>
+        </feature>
+
+    </feature>
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-keycloak.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-keycloak.xml
new file mode 100644
index 0000000000..d382a08099
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-keycloak.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="infinispan-dist-keycloak" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature spec="subsystem.infinispan">
+        <feature spec="subsystem.infinispan.cache-container">
+            <param name="cache-container" value="keycloak"/>
+            <param name="modules" value="[org.keycloak.keycloak-model-infinispan]"/>
+            <feature spec="subsystem.infinispan.cache-container.transport.jgroups">
+                <param name="lock-timeout" value="60000"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="realms"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
+                    <param name="size" value="10000"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="users"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
+                    <param name="size" value="10000"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.distributed-cache">
+                <param name="distributed-cache" value="sessions"/>
+                <param name="owners" value="1"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.distributed-cache">
+                <param name="distributed-cache" value="authenticationSessions"/>
+                <param name="owners" value="1"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.distributed-cache">
+                <param name="distributed-cache" value="offlineSessions"/>
+                <param name="owners" value="1"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.distributed-cache">
+                <param name="distributed-cache" value="clientSessions"/>
+                <param name="owners" value="1"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.distributed-cache">
+                <param name="distributed-cache" value="offlineClientSessions"/>
+                <param name="owners" value="1"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.distributed-cache">
+                <param name="distributed-cache" value="loginFailures"/>
+                <param name="owners" value="1"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="authorization"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
+                    <param name="size" value="10000"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.replicated-cache">
+                <param name="replicated-cache" value="work"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="keys"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
+                    <param name="size" value="1000"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.expiration">
+                    <param name="max-idle" value="3600000"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.distributed-cache">
+                <param name="distributed-cache" value="actionTokens"/>
+                <param name="owners" value="2"/>
+                <feature spec="subsystem.infinispan.cache-container.distributed-cache.memory.heap">
+                    <param name="size" value="-1"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.distributed-cache.component.expiration">
+                    <param name="max-idle" value="-1"/>
+                    <param name="interval" value="300000"/>
+                </feature>
+            </feature>
+        </feature>
+    </feature>
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-server.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-server.xml
new file mode 100644
index 0000000000..ae020a87ba
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-server.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="infinispan-dist-server" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature spec="subsystem.infinispan">
+
+        <feature spec="subsystem.infinispan.cache-container">
+            <param name="cache-container" value="server"/>
+            <param name="modules" value="[org.wildfly.clustering.server]"/>
+            <param name="default-cache" value="default"/>
+            <param name="aliases" value="[singleton, cluster]"/>
+            <feature spec="subsystem.infinispan.cache-container.transport.jgroups">
+                <param name="lock-timeout" value="60000"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.replicated-cache">
+                <param name="replicated-cache" value="default"/>
+                <feature spec="subsystem.infinispan.cache-container.replicated-cache.component.transaction">
+                    <param name="mode" value="BATCH"/>
+                </feature>
+            </feature>
+        </feature>
+    </feature>
+
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-web.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-web.xml
new file mode 100644
index 0000000000..57a1d53888
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist-web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="infinispan-dist-web" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature spec="subsystem.infinispan">
+
+        <feature spec="subsystem.infinispan.cache-container">
+            <param name="cache-container" value="web"/>
+            <param name="modules" value="[org.wildfly.clustering.web.infinispan]"/>
+            <param name="default-cache" value="dist"/>
+            <feature spec="subsystem.infinispan.cache-container.transport.jgroups">
+                <param name="transport" value="jgroups"/>
+                <param name="lock-timeout" value="60000"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.distributed-cache">
+                <param name="distributed-cache" value="dist"/>
+                <feature spec="subsystem.infinispan.cache-container.distributed-cache.component.locking">
+                    <param name="isolation" value="REPEATABLE_READ"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.distributed-cache.component.transaction">
+                    <param name="mode" value="BATCH"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.distributed-cache.store.file">
+                    <unset param="relative-to"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.replicated-cache">
+                <param name="replicated-cache" value="sso"/>
+                <feature spec="subsystem.infinispan.cache-container.replicated-cache.component.locking">
+                    <param name="isolation" value="REPEATABLE_READ"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.replicated-cache.component.transaction">
+                    <param name="mode" value="BATCH"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.distributed-cache">
+                <param name="distributed-cache" value="routing"/>
+            </feature>
+        </feature>
+
+    </feature>
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist.xml
new file mode 100644
index 0000000000..38ca1d3ee5
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-dist.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="infinispan-dist" xmlns="urn:jboss:galleon:feature-group:1.0">
+
+    <feature-group name="infinispan-dist-keycloak"/>
+
+    <feature-group name="infinispan-dist-server"/>
+
+    <feature-group name="infinispan-dist-web"/>
+
+    <feature-group name="infinispan-dist-ejb"/>
+
+    <feature-group name="infinispan-dist-hibernate"/>
+
+</feature-group-spec>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-ejb.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-ejb.xml
new file mode 100644
index 0000000000..542512c762
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-ejb.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="infinispan-local-ejb" xmlns="urn:jboss:galleon:feature-group:1.0">
+
+    <feature spec="subsystem.infinispan">
+
+        <feature spec="subsystem.infinispan.cache-container">
+            <param name="cache-container" value="ejb"/>
+            <param name="modules" value="[org.wildfly.clustering.ejb.infinispan]"/>
+            <param name="aliases" value="[sfsb]"/>
+            <param name="default-cache" value="passivation"/>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="passivation"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.locking">
+                    <param name="isolation" value="REPEATABLE_READ"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.transaction">
+                    <param name="mode" value="BATCH"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.store.file">
+                    <param name="passivation" value="true"/>
+                    <param name="purge" value="false"/>
+                    <unset param="relative-to"/>
+                </feature>
+            </feature>
+        </feature>
+    </feature>
+
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-hibernate.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-hibernate.xml
new file mode 100644
index 0000000000..a0b44bb299
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-hibernate.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="infinispan-local-hibernate" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature spec="subsystem.infinispan">
+        <feature spec="subsystem.infinispan.cache-container">
+            <param name="cache-container" value="hibernate"/>
+            <param name="modules" value="[org.infinispan.hibernate-cache]"/>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="entity"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.expiration">
+                    <param name="max-idle" value="100000"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
+                    <param name="size" value="10000"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="local-query"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.expiration">
+                    <param name="max-idle" value="100000"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
+                    <param name="size" value="10000"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="timestamps"/>
+            </feature>
+        </feature>
+    </feature>
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-keycloak.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-keycloak.xml
new file mode 100644
index 0000000000..b0d91c53f8
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-keycloak.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="infinispan-local-keycloak" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature spec="subsystem.infinispan">
+        <feature spec="subsystem.infinispan.cache-container">
+            <param name="cache-container" value="keycloak"/>
+            <param name="modules" value="[org.keycloak.keycloak-model-infinispan]"/>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="realms"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
+                    <param name="size" value="10000"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="users"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
+                    <param name="size" value="10000"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="sessions"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="authenticationSessions"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="offlineSessions"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="clientSessions"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="offlineClientSessions"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="loginFailures"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="work"/>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="authorization"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
+                    <param name="size" value="10000"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="keys"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
+                    <param name="size" value="1000"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.expiration">
+                    <param name="max-idle" value="3600000"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="actionTokens"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
+                    <param name="size" value="-1"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.expiration">
+                    <param name="max-idle" value="-1"/>
+                    <param name="interval" value="300000"/>
+                </feature>
+            </feature>
+        </feature>
+    </feature>
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-server.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-server.xml
new file mode 100644
index 0000000000..a72d3551ee
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-server.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="infinispan-local-server" xmlns="urn:jboss:galleon:feature-group:1.0">
+
+    <feature spec="subsystem.infinispan">
+
+        <feature spec="subsystem.infinispan.cache-container">
+            <param name="cache-container" value="server"/>
+            <param name="modules" value="[org.wildfly.clustering.server]"/>
+            <param name="default-cache" value="default"/>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="default"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.transaction">
+                    <param name="mode" value="BATCH"/>
+                </feature>
+            </feature>
+        </feature>
+    </feature>
+
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-web.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-web.xml
new file mode 100644
index 0000000000..4bd54f4e4b
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local-web.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="infinispan-local-web" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature spec="subsystem.infinispan">
+
+        <feature spec="subsystem.infinispan.cache-container">
+            <param name="cache-container" value="web"/>
+            <param name="modules" value="[org.wildfly.clustering.web.infinispan]"/>
+            <param name="default-cache" value="passivation"/>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="passivation"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.locking">
+                    <param name="isolation" value="REPEATABLE_READ"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.transaction">
+                    <param name="mode" value="BATCH"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.store.file">
+                    <param name="passivation" value="true"/>
+                    <param name="purge" value="false"/>
+                    <unset param="relative-to"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="sso"/>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.locking">
+                    <param name="isolation" value="REPEATABLE_READ"/>
+                </feature>
+                <feature spec="subsystem.infinispan.cache-container.local-cache.component.transaction">
+                    <param name="mode" value="BATCH"/>
+                </feature>
+            </feature>
+            <feature spec="subsystem.infinispan.cache-container.local-cache">
+                <param name="local-cache" value="routing"/>
+            </feature>
+        </feature>
+    </feature>
+</feature-group-spec>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local.xml
new file mode 100644
index 0000000000..1b8434bffb
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/infinispan-local.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="infinispan-local" xmlns="urn:jboss:galleon:feature-group:1.0">
+
+    <feature-group name="infinispan-local-keycloak"/>
+
+    <feature-group name="infinispan-local-server"/>
+
+    <feature-group name="infinispan-local-web"/>
+
+    <feature-group name="infinispan-local-ejb"/>
+
+    <feature-group name="infinispan-local-hibernate"/>
+
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/keycloak-datasource.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/keycloak-datasource.xml
new file mode 100644
index 0000000000..fddf52630a
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/keycloak-datasource.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="keycloak-datasource" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature spec="subsystem.datasources">
+        <feature spec="subsystem.datasources.data-source">
+            <param name="data-source" value="KeycloakDS"/>
+            <param name="enabled" value="true"/>
+            <param name="use-java-context" value="true"/>
+            <param name="jndi-name" value="java:jboss/datasources/KeycloakDS"/>
+            <param name="data-source" value="KeycloakDS"/>
+            <param name="connection-url" value="&quot;jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE&quot;"/>
+            <param name="driver-name" value="h2"/>
+            <param name="user-name" value="sa"/>
+            <param name="password" value="sa"/>
+            <param name="statistics-enabled" value="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}" />
+        </feature>
+    </feature>
+</feature-group-spec>
+
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/keycloak-server-subsystem.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/keycloak-server-subsystem.xml
new file mode 100644
index 0000000000..d882204d5d
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/keycloak-server-subsystem.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2021 Red Hat, Inc.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<!--
+    IMPORTANT NOTE: Content of this file is based on wildfly/server-subsystem/src/main/config/default-server-subsys-config.properties
+                    !!! Both of them need to be in sync !!!
+-->
+<feature-group-spec name="keycloak-server-subsystem" xmlns="urn:jboss:galleon:feature-group:1.0">
+
+    <feature spec="subsystem.keycloak-server">
+        <param name="web-context" value="auth"/>
+        <param name="providers" value="[classpath:${jboss.home.dir}/providers/*]"/>
+        <param name="master-realm-name" value="master"/>
+        <param name="scheduled-task-interval" value="900"/>
+        <feature spec="subsystem.keycloak-server.theme">
+            <param name="theme" value="defaults"/>
+            <param name="staticMaxAge" value="2592000"/>
+            <param name="cacheThemes" value="true"/>
+            <param name="cacheTemplates" value="true"/>
+            <param name="dir" value="${jboss.home.dir}/themes"/>
+        </feature>
+        <feature spec="subsystem.keycloak-server.spi">
+            <param name="spi" value="eventsStore"/>
+            <feature spec="subsystem.keycloak-server.spi.provider">
+                <param name="provider" value="jpa"/>
+                <param name="enabled" value="true"/>
+                <param name="properties" value="{exclude-events=&quot;[\&quot;REFRESH_TOKEN\&quot;]&quot;}"/>
+            </feature>
+        </feature>
+        <feature spec="subsystem.keycloak-server.spi">
+            <param name="spi" value="userCache"/>
+            <feature spec="subsystem.keycloak-server.spi.provider">
+                <param name="provider" value="default"/>
+                <param name="enabled" value="true"/>
+            </feature>
+        </feature>
+        <feature spec="subsystem.keycloak-server.spi">
+            <param name="spi" value="userSessionPersister"/>
+            <param name="default-provider" value="jpa"/>
+        </feature>
+        <feature spec="subsystem.keycloak-server.spi">
+            <param name="spi" value="timer"/>
+            <param name="default-provider" value="basic"/>
+        </feature>
+        <feature spec="subsystem.keycloak-server.spi">
+            <param name="spi" value="connectionsHttpClient"/>
+            <feature spec="subsystem.keycloak-server.spi.provider">
+                <param name="provider" value="default"/>
+                <param name="enabled" value="true"/>
+            </feature>
+        </feature>
+        <feature spec="subsystem.keycloak-server.spi">
+            <param name="spi" value="connectionsJpa"/>
+            <feature spec="subsystem.keycloak-server.spi.provider">
+                <param name="provider" value="default"/>
+                <param name="enabled" value="true"/>
+                <param name="properties" value="{[dataSource=&quot;java:jboss/datasources/KeycloakDS&quot;,initializeEmpty=&quot;true&quot;,migrationStrategy=&quot;update&quot;,migrationExport=&quot;${jboss.home.dir}/keycloak-database-update.sql&quot;]}"/>
+            </feature>
+        </feature>
+        <feature spec="subsystem.keycloak-server.spi">
+            <param name="spi" value="realmCache"/>
+            <feature spec="subsystem.keycloak-server.spi.provider">
+                <param name="provider" value="default"/>
+                <param name="enabled" value="true"/>
+            </feature>
+        </feature>
+        <feature spec="subsystem.keycloak-server.spi">
+            <param name="spi" value="connectionsInfinispan"/>
+            <param name="default-provider" value="default"/>
+            <feature spec="subsystem.keycloak-server.spi.provider">
+                <param name="provider" value="default"/>
+                <param name="enabled" value="true"/>
+                <param name="properties" value="{cacheContainer=&quot;java:jboss/infinispan/container/keycloak&quot;}"/>
+            </feature>
+        </feature>
+        <feature spec="subsystem.keycloak-server.spi">
+            <param name="spi" value="jta-lookup"/>
+            <param name="default-provider" value="${keycloak.jta.lookup.provider:jboss}"/>
+            <feature spec="subsystem.keycloak-server.spi.provider">
+                <param name="provider" value="jboss"/>
+                <param name="enabled" value="true"/>
+            </feature>
+        </feature>
+        <feature spec="subsystem.keycloak-server.spi">
+            <param name="spi" value="publicKeyStorage"/>
+            <feature spec="subsystem.keycloak-server.spi.provider">
+                <param name="provider" value="infinispan"/>
+                <param name="enabled" value="true"/>
+                <param name="properties" value="{minTimeBetweenRequests=&quot;10&quot;}"/>
+            </feature>
+        </feature>
+        <feature spec="subsystem.keycloak-server.spi">
+            <param name="spi" value="x509cert-lookup"/>
+            <param name="default-provider" value="${keycloak.x509cert.lookup.provider:default}"/>
+            <feature spec="subsystem.keycloak-server.spi.provider">
+                <param name="provider" value="default"/>
+                <param name="enabled" value="true"/>
+            </feature>
+        </feature>
+        <feature spec="subsystem.keycloak-server.spi">
+            <param name="spi" value="hostname"/>
+            <param name="default-provider" value="default"/>
+            <feature spec="subsystem.keycloak-server.spi.provider">
+                <param name="provider" value="default"/>
+                <param name="enabled" value="true"/>
+                <param name="properties" value="{[frontendUrl=&quot;${keycloak.frontendUrl:}&quot;,forceBackendUrlToFrontendUrl=&quot;false&quot;]}"/>
+            </feature>
+        </feature>
+    </feature>
+
+</feature-group-spec>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/standalone-ha.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/standalone-ha.xml
new file mode 100644
index 0000000000..f5a2dabff5
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/standalone-ha.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="standalone-ha" xmlns="urn:jboss:galleon:feature-group:1.0">
+
+    <origin name="org.wildfly:wildfly-ee-galleon-pack">
+        <feature-group name="standalone-ha">
+            <exclude spec="subsystem.sar"/>
+            <exclude spec="subsystem.jdr"/>
+            <exclude spec="subsystem.jsf"/>
+            <exclude spec="subsystem.pojo"/>
+            <exclude spec="subsystem.webservices"/>
+            <exclude spec="subsystem.batch-jberet"/>
+            <exclude spec="subsystem.distributable-web"/>
+            <exclude spec="subsystem.discovery"/>
+            <exclude spec="subsystem.ee-security"/>
+            <exclude spec="subsystem.resource-adapters"/>
+            <exclude spec="subsystem.infinispan"/>
+            <exclude spec="subsystem.singleton"/>
+        </feature-group>
+        <feature-group name="deployment-scanner"/>
+        <feature-group name="ee">
+            <feature spec="subsystem.ee">
+                <feature spec="subsystem.ee.context-service">
+                    <param name="context-service" value="default"/>
+                    <param name="jndi-name" value="java:jboss/ee/concurrency/context/default"/>
+                    <param name="use-transaction-setup-provider" value="true"/>
+                </feature>
+            </feature>
+        </feature-group>
+        <feature-group name="ejb3"/>
+        <feature-group name="health"/>
+        <feature-group name="io"/>
+        <feature-group name="jaxrs"/>
+        <feature-group name="jca"/>
+        <feature-group name="logging"/>
+        <feature-group name="jgroups"/>
+    </origin>
+    <feature-group name="keycloak-server-subsystem"/>
+    <feature-group name="datasources">
+        <feature-group name="keycloak-datasource"/>
+    </feature-group>
+    <feature-group name="infinispan-dist"/>
+
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/standalone.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/standalone.xml
new file mode 100644
index 0000000000..276e71c645
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/standalone.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="standalone" xmlns="urn:jboss:galleon:feature-group:1.0">
+
+    <origin name="org.wildfly:wildfly-ee-galleon-pack">
+        <feature-group name="standalone">
+            <exclude spec="subsystem.sar"/>
+            <exclude spec="subsystem.jdr"/>
+            <exclude spec="subsystem.jsf"/>
+            <exclude spec="subsystem.pojo"/>
+            <exclude spec="subsystem.webservices"/>
+            <exclude spec="subsystem.batch-jberet"/>
+            <exclude spec="subsystem.distributable-web"/>
+            <exclude spec="subsystem.discovery"/>
+            <exclude spec="subsystem.ee-security"/>
+            <exclude spec="subsystem.resource-adapters"/>
+            <exclude spec="subsystem.infinispan"/>
+        </feature-group>
+        <feature-group name="deployment-scanner"/>
+        <feature-group name="ee">
+            <feature spec="subsystem.ee">
+                <feature spec="subsystem.ee.context-service">
+                    <param name="context-service" value="default"/>
+                    <param name="jndi-name" value="java:jboss/ee/concurrency/context/default"/>
+                    <param name="use-transaction-setup-provider" value="true"/>
+                </feature>
+            </feature>
+        </feature-group>
+        <feature-group name="ejb3"/>
+        <feature-group name="health"/>
+        <feature-group name="io"/>
+        <feature-group name="jaxrs"/>
+        <feature-group name="jca"/>
+        <feature-group name="logging"/>
+    </origin>
+
+    <feature-group name="keycloak-server-subsystem"/>
+    <feature-group name="datasources">
+        <feature-group name="keycloak-datasource"/>
+    </feature-group>
+    <feature-group name="infinispan-local"/>
+
+</feature-group-spec>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/layers/standalone/keycloak/layer-spec.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/layers/standalone/keycloak/layer-spec.xml
new file mode 100644
index 0000000000..55f3120743
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/layers/standalone/keycloak/layer-spec.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2021 Red Hat, Inc.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<layer-spec xmlns="urn:jboss:galleon:layer-spec:1.0" name="keycloak">
+    <feature spec="subsystem.keycloak-server"/>
+</layer-spec>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/layers.conf b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/layers.conf
new file mode 100644
index 0000000000..a05b793748
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/layers.conf
@@ -0,0 +1 @@
+layers=keycloak
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/main/module.xml
new file mode 100644
index 0000000000..26b0c3bfd1
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/main/module.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2019 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="com.fasterxml.jackson.dataformat.jackson-dataformat-cbor">
+    <resources>
+        <artifact name="${com.fasterxml.jackson.dataformat:jackson-dataformat-cbor}"/>
+    </resources>
+
+    <dependencies>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
+        <module name="com.fasterxml.jackson.core.jackson-annotations"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/github/ua-parser/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/github/ua-parser/main/module.xml
new file mode 100644
index 0000000000..1cc14b728c
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/github/ua-parser/main/module.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="com.github.ua-parser">
+    <resources>
+        <artifact name="${com.github.ua-parser:uap-java}"/>
+    </resources>
+    <dependencies>
+        <module name="org.yaml.snakeyaml"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/google/zxing/core/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/google/zxing/core/main/module.xml
new file mode 100644
index 0000000000..460d1ab400
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/google/zxing/core/main/module.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="com.google.zxing.core">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${com.google.zxing:core}"/>
+    </resources>
+
+    <dependencies>
+        <module name="javax.api"/>
+    </dependencies>
+</module>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/google/zxing/javase/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/google/zxing/javase/main/module.xml
new file mode 100644
index 0000000000..ec43b82343
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/google/zxing/javase/main/module.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="com.google.zxing.javase">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${com.google.zxing:javase}"/>
+    </resources>
+
+    <dependencies>
+        <module name="com.google.zxing.core"/>
+        <module name="javax.api"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/googlecode/owasp-java-html-sanitizer/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/googlecode/owasp-java-html-sanitizer/main/module.xml
new file mode 100644
index 0000000000..4a1bbbe5d7
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/googlecode/owasp-java-html-sanitizer/main/module.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2018 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="com.googlecode.owasp-java-html-sanitizer">
+    <resources>
+        <artifact name="${com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer}"/>
+    </resources>
+    
+    <dependencies>
+        <module name="com.google.guava"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/openshift/openshift-restclient-java/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/openshift/openshift-restclient-java/main/module.xml
new file mode 100644
index 0000000000..7b1ffe138c
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/openshift/openshift-restclient-java/main/module.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ * Copyright 2018 Red Hat, Inc. and/or its affiliates
+  ~ * and other contributors as indicated by the @author tags.
+  ~ *
+  ~ * Licensed under the Apache License, Version 2.0 (the "License");
+  ~ * you may not use this file except in compliance with the License.
+  ~ * You may obtain a copy of the License at
+  ~ *
+  ~ * http://www.apache.org/licenses/LICENSE-2.0
+  ~ *
+  ~ * Unless required by applicable law or agreed to in writing, software
+  ~ * distributed under the License is distributed on an "AS IS" BASIS,
+  ~ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ * See the License for the specific language governing permissions and
+  ~ * limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="com.openshift.openshift-restclient-java">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${com.openshift:openshift-restclient-java}"/>
+    </resources>
+
+    <dependencies>
+        <module name="com.squareup.okhttp3"/>
+        <module name="org.apache.commons.lang"/>
+        <module name="org.jboss.dmr"/>
+        <module name="org.apache.log4j"/>
+        <module name="org.slf4j"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/webauthn4j/webauthn4j-core/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/webauthn4j/webauthn4j-core/main/module.xml
new file mode 100644
index 0000000000..7588fd2423
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/webauthn4j/webauthn4j-core/main/module.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2019 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="com.webauthn4j.webauthn4j-core">
+    <resources>
+        <artifact name="${com.webauthn4j:webauthn4j-core}"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.slf4j"/>
+        <module name="org.apache.kerby.kerby-asn1"/>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
+        <module name="com.fasterxml.jackson.core.jackson-annotations"/>
+        <module name="com.fasterxml.jackson.dataformat.jackson-dataformat-cbor"/>
+        <module name="com.webauthn4j.webauthn4j-util"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/webauthn4j/webauthn4j-util/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/webauthn4j/webauthn4j-util/main/module.xml
new file mode 100644
index 0000000000..983db6552f
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/com/webauthn4j/webauthn4j-util/main/module.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2019 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="com.webauthn4j.webauthn4j-util">
+    <resources>
+        <artifact name="${com.webauthn4j:webauthn4j-util}"/>
+    </resources>
+
+    <dependencies>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
+        <module name="com.fasterxml.jackson.core.jackson-annotations"/>
+        <module name="com.fasterxml.jackson.dataformat.jackson-dataformat-cbor"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/apache/commons/lang/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/apache/commons/lang/main/module.xml
new file mode 100644
index 0000000000..3f80945d51
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/apache/commons/lang/main/module.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2019 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<module xmlns="urn:jboss:module:1.3" name="org.apache.commons.lang">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${commons-lang:commons-lang}"/>
+    </resources>
+
+    <dependencies>
+    </dependencies>
+</module>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/apache/commons/lang3/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/apache/commons/lang3/main/module.xml
new file mode 100644
index 0000000000..019af8ab15
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/apache/commons/lang3/main/module.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2019 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<module xmlns="urn:jboss:module:1.3" name="org.apache.commons.lang3">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.apache.commons:commons-lang3}"/>
+    </resources>
+
+    <dependencies>
+    </dependencies>
+</module>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/apache/kerby/kerby-asn1/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/apache/kerby/kerby-asn1/main/module.xml
new file mode 100644
index 0000000000..e38d6bdc94
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/apache/kerby/kerby-asn1/main/module.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2019 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.apache.kerby.kerby-asn1">
+    <resources>
+        <artifact name="${org.apache.kerby:kerby-asn1}"/>
+    </resources>
+
+</module>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/freemarker/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/freemarker/main/module.xml
new file mode 100644
index 0000000000..ea4990c561
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/freemarker/main/module.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.freemarker">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.freemarker:freemarker}"/>
+    </resources>
+
+    <dependencies>
+        <module name="javax.api"/>
+        <module name="org.apache.log4j"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/infinispan/jboss-marshalling/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/infinispan/jboss-marshalling/main/module.xml
new file mode 100644
index 0000000000..ed45338727
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/infinispan/jboss-marshalling/main/module.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2020 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  ~
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.infinispan.jboss-marshalling">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.infinispan:infinispan-jboss-marshalling}"/>
+    </resources>
+
+    <dependencies>
+        <module name="javax.api"/>
+        <module name="com.github.ben-manes.caffeine"/>
+        <module name="org.infinispan"/>
+        <module name="org.infinispan.commons"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.jboss.marshalling"/>
+        <module name="org.jboss.marshalling.river"/>
+    </dependencies>
+</module>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/jboss/marshalling/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/jboss/marshalling/main/module.xml
new file mode 100644
index 0000000000..eeb46e7003
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/jboss/marshalling/main/module.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2021 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  ~
+  -->
+<module name="org.jboss.marshalling" xmlns="urn:jboss:module:1.9">
+    <resources>
+        <artifact name="${org.jboss.marshalling:jboss-marshalling}"/>
+    </resources>
+
+    <dependencies>
+        <module name="jdk.unsupported"/>
+        <module name="org.jboss.modules"/>
+        <module name="org.jboss.marshalling.river" services="import"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/jboss/marshalling/river/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/jboss/marshalling/river/main/module.xml
new file mode 100644
index 0000000000..73f0fe72b2
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/jboss/marshalling/river/main/module.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2021 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  ~
+  -->
+<module name="org.jboss.marshalling.river" xmlns="urn:jboss:module:1.9">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.jboss.marshalling:jboss-marshalling-river}"/>
+    </resources>
+
+    <dependencies>
+        <module name="jdk.unsupported"/>
+        <module name="org.jboss.marshalling"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-authz-policy-common/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-authz-policy-common/main/module.xml
new file mode 100644
index 0000000000..a8ab099035
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-authz-policy-common/main/module.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~  Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~  and other contributors as indicated by the @author tags.
+  ~
+  ~  Licensed under the Apache License, Version 2.0 (the "License");
+  ~  you may not use this file except in compliance with the License.
+  ~  You may obtain a copy of the License at
+  ~
+  ~  http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~  Unless required by applicable law or agreed to in writing, software
+  ~  distributed under the License is distributed on an "AS IS" BASIS,
+  ~  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~  See the License for the specific language governing permissions and
+  ~  limitations under the License.
+  ~
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-authz-policy-common">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+    <resources>
+        <artifact name="${org.keycloak:keycloak-authz-policy-common}"/>
+    </resources>
+    <dependencies>
+        <module name="javax.api"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-server-spi"/>
+        <module name="org.keycloak.keycloak-server-spi-private"/>
+        <module name="org.keycloak.keycloak-services"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-common/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-common/main/module.xml
new file mode 100755
index 0000000000..ee73fde207
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-common/main/module.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-common">
+    <resources>
+        <artifact name="${org.keycloak:keycloak-common}"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.bouncycastle" />
+        <module name="javax.api"/>
+        <module name="javax.activation.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="sun.jdk" optional="true" />
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-core/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-core/main/module.xml
new file mode 100755
index 0000000000..9682ff71cf
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-core/main/module.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-core">
+    <resources>
+        <artifact name="${org.keycloak:keycloak-core}"/>
+    </resources>
+
+    <dependencies>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.fasterxml.jackson.core.jackson-annotations"/>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
+        <module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.bouncycastle" />
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+        <module name="javax.activation.api"/>
+        <module name="sun.jdk" optional="true" />
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-js-adapter/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-js-adapter/main/module.xml
new file mode 100644
index 0000000000..1b5fb5c6d9
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-js-adapter/main/module.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-js-adapter">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-js-adapter}"/>
+    </resources>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-kerberos-federation/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-kerberos-federation/main/module.xml
new file mode 100755
index 0000000000..ebb263c714
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-kerberos-federation/main/module.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-kerberos-federation">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-kerberos-federation}"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-server-spi"/>
+        <module name="org.keycloak.keycloak-server-spi-private"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+</module>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml
new file mode 100755
index 0000000000..dcca1bfd2e
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-ldap-federation">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-ldap-federation}"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-server-spi"/>
+        <module name="org.keycloak.keycloak-server-spi-private"/>
+        <module name="org.keycloak.keycloak-kerberos-federation"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-infinispan/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-infinispan/main/module.xml
new file mode 100755
index 0000000000..8216a0c265
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-infinispan/main/module.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-model-infinispan">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-model-infinispan}"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-server-spi"/>
+        <module name="org.keycloak.keycloak-server-spi-private"/>
+        <module name="org.keycloak.keycloak-wildfly-extensions" export="true" services="import"/>
+        <module name="org.infinispan"/>
+        <module name="org.infinispan.commons"/>
+        <module name="org.infinispan.persistence.remote"/>
+        <module name="org.infinispan.client.hotrod"/>
+        <module name="org.infinispan.jboss-marshalling"/>
+        <module name="org.jgroups"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.wildfly.clustering.marshalling.api"/>
+        <module name="io.netty"/>
+        <module name="javax.api"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-jpa/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-jpa/main/module.xml
new file mode 100755
index 0000000000..88cae4fee5
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-jpa/main/module.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-model-jpa">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-model-jpa}"/>
+    </resources>
+
+    <dependencies>
+        <module name="javax.transaction.api"/>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-server-spi"/>
+        <module name="org.keycloak.keycloak-server-spi-private"/>
+        <module name="javax.persistence.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.liquibase"/>
+        <module name="org.javassist"/>
+        <module name="org.hibernate" services="import"/>
+        <module name="org.bouncycastle" />
+        <module name="javax.api"/>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.fasterxml.jackson.core.jackson-annotations"/>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
+        <module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-map/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-map/main/module.xml
new file mode 100755
index 0000000000..41ee706f06
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-map/main/module.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2021 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-model-map">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-model-map}"/>
+    </resources>
+
+    <dependencies>
+        <module name="javax.transaction.api"/>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-server-spi"/>
+        <module name="org.keycloak.keycloak-server-spi-private"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.javassist"/>
+        <module name="javax.api"/>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.fasterxml.jackson.core.jackson-annotations"/>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
+        <module name="com.fasterxml.jackson.datatype.jackson-datatype-jdk8"/>
+        <module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-saml-core-public/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-saml-core-public/main/module.xml
new file mode 100755
index 0000000000..0b888dd1e7
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-saml-core-public/main/module.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-saml-core-public">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-saml-core-public}"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.apache.santuario.xmlsec">
+            <imports>
+                <exclude path="javax/*"/>
+            </imports>
+        </module>
+        <module name="javax.api"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-saml-core/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-saml-core/main/module.xml
new file mode 100755
index 0000000000..3eef1c5cbf
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-saml-core/main/module.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-saml-core">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-saml-core}"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-saml-core-public"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.apache.santuario.xmlsec">
+            <imports>
+                <exclude path="javax/*"/>
+            </imports>
+        </module>
+        <module name="javax.api"/>
+        <module name="javax.xml.bind.api"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi-private/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi-private/main/module.xml
new file mode 100755
index 0000000000..fbc61bb816
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi-private/main/module.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-server-spi-private">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-server-spi-private}"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.jboss.logging"/>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-server-spi"/>
+        <module name="org.bouncycastle" />
+        <module name="javax.api"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.apache.httpcomponents"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="javax.transaction.api"/>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.google.guava"/>
+        <module name="com.github.ua-parser" export="true"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi/main/module.xml
new file mode 100755
index 0000000000..5592d6fd1a
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-spi/main/module.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-server-spi">
+    <resources>
+        <artifact name="${org.keycloak:keycloak-server-spi}"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.jboss.logging"/>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.bouncycastle" />
+        <module name="javax.api"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.apache.httpcomponents"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="javax.transaction.api"/>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.fasterxml.jackson.core.jackson-annotations"/>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
+        <module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/dependencies/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/dependencies/main/module.xml
new file mode 100755
index 0000000000..5161617bcf
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/dependencies/main/module.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-server-subsystem.dependencies">
+    <resources>
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-services" export="true"/>
+        <module name="org.jboss.msc"/>
+        <module name="org.infinispan" export="true"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/module.xml
new file mode 100644
index 0000000000..92b6d10511
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/module.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-server-subsystem">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <resource-root path="."/>
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-wildfly-server-subsystem" services="export" export="true"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/jboss-deployment-structure.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/jboss-deployment-structure.xml
new file mode 100755
index 0000000000..79f3aef1e0
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/jboss-deployment-structure.xml
@@ -0,0 +1,27 @@
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<jboss-deployment-structure>
+    <deployment>
+        <dependencies>
+            <module name="org.keycloak.keycloak-server-subsystem.dependencies"/>
+        </dependencies>
+        <exclude-subsystems>
+            <subsystem name="webservices"/>
+            <subsystem name="weld"/>
+        </exclude-subsystems>
+    </deployment>
+</jboss-deployment-structure>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/web.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/web.xml
new file mode 100755
index 0000000000..5b8d4a61db
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-server-subsystem/main/server-war/WEB-INF/web.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+      version="3.0">
+
+	<module-name>auth</module-name>
+
+    <servlet>
+        <servlet-name>Keycloak REST Interface</servlet-name>
+        <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServlet30Dispatcher</servlet-class>
+        <init-param>
+            <param-name>javax.ws.rs.Application</param-name>
+            <param-value>org.keycloak.services.resources.KeycloakApplication</param-value>
+        </init-param>
+        <init-param>
+            <param-name>resteasy.servlet.mapping.prefix</param-name>
+            <param-value>/</param-value>
+        </init-param>
+        <load-on-startup>1</load-on-startup>
+        <async-supported>true</async-supported>
+    </servlet>
+
+    <context-param>
+       <param-name>resteasy.disable.html.sanitizer</param-name>
+       <param-value>true</param-value>
+    </context-param>
+
+    <listener>
+        <listener-class>org.keycloak.provider.wildfly.WildflyLifecycleListener</listener-class>
+    </listener>
+
+    <filter>
+        <filter-name>Client Connection Filter</filter-name>
+        <filter-class>org.keycloak.provider.wildfly.WildFlyRequestFilter</filter-class>
+        <async-supported>true</async-supported>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>Client Connection Filter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <servlet-mapping>
+        <servlet-name>Keycloak REST Interface</servlet-name>
+        <url-pattern>/*</url-pattern>
+    </servlet-mapping>
+
+    <resource-env-ref>
+        <resource-env-ref-name>infinispan/Keycloak</resource-env-ref-name>
+        <resource-env-ref-type>org.infinispan.manager.EmbeddedCacheManager</resource-env-ref-type>
+        <lookup-name>java:jboss/infinispan/container/keycloak</lookup-name>
+    </resource-env-ref>
+</web-app>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml
new file mode 100755
index 0000000000..5577e7c7ee
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-services">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-services}"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-common" services="import"/>
+        <module name="org.keycloak.keycloak-core" services="import"/>
+        <module name="org.keycloak.keycloak-js-adapter" services="import"/>
+        <module name="org.keycloak.keycloak-kerberos-federation" services="import"/>
+        <module name="org.keycloak.keycloak-ldap-federation" services="import"/>
+        <module name="org.keycloak.keycloak-sssd-federation" optional="true" services="import"/>
+        <module name="org.keycloak.keycloak-server-spi" services="import"/>
+        <module name="org.keycloak.keycloak-server-spi-private" services="import"/>
+        <module name="org.keycloak.keycloak-model-jpa" services="import"/>
+        <module name="org.keycloak.keycloak-model-map" services="import"/>
+        <module name="org.keycloak.keycloak-model-infinispan" services="import"/>
+        <module name="org.keycloak.keycloak-saml-core-public" services="import"/>
+        <module name="org.keycloak.keycloak-saml-core" services="import"/>
+        <module name="org.keycloak.keycloak-services" export="true" services="import"/>
+        <module name="org.keycloak.keycloak-wildfly-extensions" export="true" services="import"/>
+
+        <!-- Authorization -->
+        <module name="org.keycloak.keycloak-authz-policy-common" services="import"/>
+
+        <!-- Openshift Client Storage -->
+        <module name="com.openshift.openshift-restclient-java" services="import"/>
+
+        <module name="com.googlecode.owasp-java-html-sanitizer"/>
+        <module name="com.google.guava"/>
+        <module name="org.freemarker"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="javax.mail.api"/>
+        <module name="javax.xml.soap.api"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="org.jboss.resteasy.resteasy-multipart-provider"/>
+        <module name="org.jboss.dmr"/>
+        <module name="javax.servlet.api"/>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.fasterxml.jackson.core.jackson-annotations"/>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
+        <module name="com.fasterxml.jackson.datatype.jackson-datatype-jdk8"/>
+        <module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
+        <module name="com.google.zxing.core"/>
+        <module name="com.google.zxing.javase"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.bouncycastle" />
+        <module name="javax.api"/>
+        <module name="javax.activation.api"/>
+        <module name="javax.json.api"/>
+        <module name="org.apache.commons.io"/>
+        <module name="org.apache.httpcomponents"/>
+        <module name="org.twitter4j"/>
+        <module name="javax.transaction.api"/>
+        <module name="sun.jdk"/>
+        <module name="com.webauthn4j.webauthn4j-core"/>
+        <module name="com.webauthn4j.webauthn4j-util"/>
+        <module name="javax.persistence.api"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-sssd-federation/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-sssd-federation/main/module.xml
new file mode 100644
index 0000000000..6d56d6e995
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-sssd-federation/main/module.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-sssd-federation">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-sssd-federation}"/>
+        <resource-root path="/usr/share/java/jna.jar"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.jboss.logging"/>
+        <module name="org.keycloak.keycloak-core" />
+        <module name="org.keycloak.keycloak-server-spi" />
+        <module name="org.keycloak.keycloak-server-spi-private"/>
+    </dependencies>
+</module>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-adduser/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-adduser/main/module.xml
new file mode 100755
index 0000000000..8854801656
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-adduser/main/module.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.6" name="org.keycloak.keycloak-wildfly-adduser">
+    <main-class name="org.keycloak.wildfly.adduser.AddUser"/>
+
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-wildfly-adduser}"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-server-spi" services="import"/>
+        <module name="org.keycloak.keycloak-server-spi-private" services="import"/>
+        <module name="org.keycloak.keycloak-services" services="import"/>
+        <module name="org.aesh"/>
+        <module name="org.jboss.as.domain-management"/>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.fasterxml.jackson.core.jackson-annotations"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-extensions/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-extensions/main/module.xml
new file mode 100755
index 0000000000..a1540ddcff
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-extensions/main/module.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-wildfly-extensions">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-wildfly-extensions}"/>
+    </resources>
+
+    <dependencies>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
+        <module name="javax.servlet.api"/>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-server-spi"/>
+        <module name="org.keycloak.keycloak-server-spi-private"/>
+        <module name="org.keycloak.keycloak-services"/>
+        <module name="org.jboss.dmr"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.jboss.modules"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="org.wildfly.security.elytron"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-server-subsystem/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-server-subsystem/main/module.xml
new file mode 100644
index 0000000000..f0c4947dc1
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-wildfly-server-subsystem/main/module.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-wildfly-server-subsystem">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <resource-root path="."/>
+        <artifact name="${org.keycloak:keycloak-wildfly-server-subsystem}"/>
+    </resources>
+
+    <dependencies>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
+        <module name="javax.api"/>
+        <module name="org.jboss.staxmapper"/>
+        <module name="org.jboss.as.controller"/>
+        <module name="org.jboss.as.ee"/>
+        <module name="org.jboss.as.server"/>
+        <module name="org.jboss.modules"/>
+        <module name="org.jboss.msc"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.jboss.vfs"/>
+        <module name="org.jboss.as.web-common" optional="true"/>
+        <module name="org.jboss.as.web" optional="true"/>
+        <module name="org.jboss.as.version" optional="true"/>
+        <module name="org.keycloak.keycloak-services"/>
+        <module name="org.keycloak.keycloak-server-spi-private"/>
+        <module name="org.keycloak.keycloak-wildfly-adapter" optional="true"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-server-spi"/>
+        <module name="org.keycloak.keycloak-authz-policy-common"/>
+        <module name="org.jboss.metadata.common"/>
+        <module name="org.jboss.metadata.web"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/liquibase/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/liquibase/main/module.xml
new file mode 100644
index 0000000000..ff712061f8
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/liquibase/main/module.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.liquibase">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.liquibase:liquibase-core}"/>
+    </resources>
+
+    <dependencies>
+        <module name="org.apache.commons.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/twitter4j/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/twitter4j/main/module.xml
new file mode 100644
index 0000000000..5ecdf97900
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/twitter4j/main/module.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.twitter4j">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.twitter4j:twitter4j-core}"/>
+    </resources>
+
+    <dependencies>
+        <module name="javax.api"/>
+    </dependencies>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/client-cli/package.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/client-cli/package.xml
new file mode 100644
index 0000000000..6d6b9beae2
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/client-cli/package.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" ?>
+<!-- actual content of this package comes from artifact=org.keycloak:keycloak-client-cli-dist:zip
+     See pom.xml execution/id: unpack-cli.
+-->
+<package-spec xmlns="urn:jboss:galleon:package:2.0" name="client-cli">
+</package-spec>
\ No newline at end of file
diff --git a/distribution/server-dist/src/main/docs/examples/map-storage-concurrenthashmap.cli b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/docs-examples/content/docs/examples/map-storage-concurrenthashmap.cli
similarity index 100%
rename from distribution/server-dist/src/main/docs/examples/map-storage-concurrenthashmap.cli
rename to distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/docs-examples/content/docs/examples/map-storage-concurrenthashmap.cli
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/docs-examples/package.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/docs-examples/package.xml
new file mode 100644
index 0000000000..f8798ab2c2
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/docs-examples/package.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" ?>
+<package-spec xmlns="urn:jboss:galleon:package:2.0" name="docs-examples"/>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/content/bin/product.conf b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/content/bin/product.conf
new file mode 100644
index 0000000000..7b1d3141d5
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/content/bin/product.conf
@@ -0,0 +1 @@
+// placeholder file: content copied by tasks.xml from src/main/resources/packages/identity/pm/wildfly/resources/bin/product.conf
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/content/modules/system/layers/keycloak/org/jboss/as/product/keycloak/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/content/modules/system/layers/keycloak/org/jboss/as/product/keycloak/module.xml
new file mode 100644
index 0000000000..a4a1c287db
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/content/modules/system/layers/keycloak/org/jboss/as/product/keycloak/module.xml
@@ -0,0 +1 @@
+// placeholder file: content copied by tasks.xml from src/main/resources/packages/identity/pm/wildfly/resources/modules/system/layers/keycloak/org/jboss/as/product/keycloak/module.xml
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/package.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/package.xml
new file mode 100644
index 0000000000..4fa2127514
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/package.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" ?>
+
+<package-spec xmlns="urn:jboss:galleon:package:2.0" name="identity">
+</package-spec>
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/resources/bin/product.conf b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/resources/bin/product.conf
new file mode 100644
index 0000000000..523592f81b
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/resources/bin/product.conf
@@ -0,0 +1 @@
+slot=${product.slot}
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/resources/modules/system/layers/keycloak/org/jboss/as/product/keycloak/dir/META-INF/MANIFEST.MF b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/resources/modules/system/layers/keycloak/org/jboss/as/product/keycloak/dir/META-INF/MANIFEST.MF
new file mode 100644
index 0000000000..a467c06b87
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/resources/modules/system/layers/keycloak/org/jboss/as/product/keycloak/dir/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+JBoss-Product-Release-Name: ${product.name.full}
+JBoss-Product-Release-Version: ${product.version}
+JBoss-Product-Console-Slot: ${product.wildfly.console.slot}
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/resources/modules/system/layers/keycloak/org/jboss/as/product/keycloak/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/resources/modules/system/layers/keycloak/org/jboss/as/product/keycloak/module.xml
new file mode 100644
index 0000000000..272eb54de5
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/resources/modules/system/layers/keycloak/org/jboss/as/product/keycloak/module.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.jboss.as.product" slot="${product.slot}">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <resource-root path="dir"/>
+    </resources>
+</module>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/tasks.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/tasks.xml
new file mode 100644
index 0000000000..8e354e87a4
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/identity/pm/wildfly/tasks.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" ?>
+
+<tasks xmlns="urn:wildfly:wildfly-feature-pack-tasks:2.0">
+    <copy-path src="resources" replace-props="true"/>
+</tasks>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/content/LICENSE.txt b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/content/LICENSE.txt
new file mode 100644
index 0000000000..d645695673
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/content/LICENSE.txt
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/package.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/package.xml
new file mode 100644
index 0000000000..e256e1d542
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/package.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" ?>
+<!-- actual content of this package comes from artifact=org.keycloak:keycloak-themes
+     See pom.xml execution/id: unpack-theme.
+-->
+<package-spec xmlns="urn:jboss:galleon:package:2.0" name="root">
+</package-spec>
\ No newline at end of file
diff --git a/distribution/server-dist/src/main/version.txt b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/pm/wildfly/resources/version.txt
similarity index 100%
rename from distribution/server-dist/src/main/version.txt
rename to distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/pm/wildfly/resources/version.txt
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/pm/wildfly/tasks.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/pm/wildfly/tasks.xml
new file mode 100644
index 0000000000..3f83ed535f
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/root/pm/wildfly/tasks.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" ?>
+
+<tasks xmlns="urn:wildfly:wildfly-feature-pack-tasks:2.0">
+    <copy-path src="resources/version.txt" relative-to="resources" target="version.txt" replace-props="true"/>
+</tasks>
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/themes/content/themes/README.txt b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/themes/content/themes/README.txt
new file mode 100644
index 0000000000..475b957466
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/themes/content/themes/README.txt
@@ -0,0 +1,3 @@
+Themes are used to configure the look and feel of login pages and the account management console. It is not recommended to
+modify the existing built-in themes, instead you should create a new theme that extends a built-in theme. See the theme
+section in the documentation for more details.
\ No newline at end of file
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/themes/package.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/themes/package.xml
new file mode 100644
index 0000000000..672a0ceb33
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/themes/package.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" ?>
+<!-- actual content of this package comes from artifact=org.keycloak:keycloak-themes
+     See pom.xml execution/id: unpack-theme.
+-->
+<package-spec xmlns="urn:jboss:galleon:package:2.0" name="themes">
+</package-spec>
\ No newline at end of file
diff --git a/distribution/server-dist/src/main/welcome-content/index.html b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/welcome-content-keycloak/content/welcome-content/index.html
similarity index 100%
rename from distribution/server-dist/src/main/welcome-content/index.html
rename to distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/welcome-content-keycloak/content/welcome-content/index.html
diff --git a/distribution/server-dist/src/main/welcome-content/robots.txt b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/welcome-content-keycloak/content/welcome-content/robots.txt
similarity index 100%
rename from distribution/server-dist/src/main/welcome-content/robots.txt
rename to distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/welcome-content-keycloak/content/welcome-content/robots.txt
diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/welcome-content-keycloak/package.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/welcome-content-keycloak/package.xml
new file mode 100644
index 0000000000..642dd7acd8
--- /dev/null
+++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/packages/welcome-content-keycloak/package.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" ?>
+<package-spec xmlns="urn:jboss:galleon:package:2.0" name="welcome-content-keycloak">
+</package-spec>
\ No newline at end of file
diff --git a/distribution/pom.xml b/distribution/pom.xml
index 5dd35a4753..dfceac0baf 100755
--- a/distribution/pom.xml
+++ b/distribution/pom.xml
@@ -56,9 +56,27 @@
                 <enabled>false</enabled>
             </snapshots>
         </repository>
+        <repository>
+            <id>jboss</id>
+            <url>https://repository.jboss.org/nexus/content/groups/public/</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
     </repositories>
 
     <profiles>
+        <profile>
+            <id>legacy-dist</id>
+            <activation>
+                <property>
+                    <name>legacy-dist</name>
+                </property>
+            </activation>
+            <modules>
+                <module>server-legacy-dist</module>
+            </modules>
+        </profile>
         <profile>
             <id>community</id>
             <activation>
diff --git a/distribution/server-dist/assembly.xml b/distribution/server-dist/assembly.xml
old mode 100755
new mode 100644
index f6550de907..d3554d8ae8
--- a/distribution/server-dist/assembly.xml
+++ b/distribution/server-dist/assembly.xml
@@ -1,138 +1,19 @@
-<!--
-  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-  ~ and other contributors as indicated by the @author tags.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~ http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<assembly>
-    <id>server-dist</id>
-
+<?xml version="1.0" encoding="UTF-8"?>
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
+    <id>thin-server</id>
     <formats>
-        <format>zip</format>
+       <format>zip</format>
         <format>tar.gz</format>
     </formats>
-
-    <includeBaseDirectory>true</includeBaseDirectory>
-
+    <includeBaseDirectory>false</includeBaseDirectory>
     <fileSets>
         <fileSet>
-            <directory>target/${project.build.finalName}</directory>
-            <outputDirectory/>
-            <filtered>true</filtered>
-            <includes>
-                <include>**/module.xml</include>
-            </includes>
-            <!-- unused resteasy providers eat up memory, can't remove them as it my effect RH-SSO patching
-            <excludes>
-                <exclude>**/jose-jwt/**</exclude>
-                <exclude>**/resteasy-atom-provider/**</exclude>
-                <exclude>**/resteasy-crypto/**</exclude>
-                <exclude>**/resteasy-jettison-provider/**</exclude>
-                <exclude>**/resteasy-json-p-provider/**</exclude>
-                <exclude>**/resteasy-jsapi/**</exclude>
-                <exclude>**/resteasy-spring/**</exclude>
-                <exclude>**/resteasy-yaml-provider/**</exclude>
-                <exclude>**/jettison/**</exclude>
-            </excludes>
-            -->
-        </fileSet>
-        <fileSet>
-            <directory>target/${project.build.finalName}</directory>
-            <outputDirectory/>
-            <filtered>false</filtered>
-            <excludes>
-                <exclude>.installation</exclude>
-                <exclude>bin/*.sh</exclude>
-                <!-- jboss-client.jar unused  Unfortunately, this may screw up our patch process so it can't be removed.
-                <exclude>bin/client/README-EJB-JMS.txt</exclude>
-                <exclude>bin/client/jboss-client.jar</exclude>
-                 -->
-                <exclude>module.xml</exclude>
-                <exclude>welcome-content/**</exclude>
-                <exclude>appclient/**</exclude>
-                <exclude>bin/appclient.*</exclude>
-                <exclude>copyright.txt</exclude>
-                <exclude>README.txt</exclude>
-                <exclude>version.txt</exclude>
-                <exclude>${profileExcludes}</exclude>
-                <exclude>docs/licenses-${product.slot}/**</exclude>
-                <!-- unused resteasy providers eat up memory can't remove them as it my effect RH-SSO patching
-                <exclude>**/jose-jwt/**</exclude>
-                <exclude>**/resteasy-atom-provider/**</exclude>
-                <exclude>**/resteasy-crypto/**</exclude>
-                <exclude>**/resteasy-jettison-provider/**</exclude>
-                <exclude>**/resteasy-json-p-provider/**</exclude>
-                <exclude>**/resteasy-jsapi/**</exclude>
-                <exclude>**/resteasy-spring/**</exclude>
-                <exclude>**/resteasy-yaml-provider/**</exclude>
-                <exclude>**/jettison/**</exclude>
-                 -->
-            </excludes>
-        </fileSet>
-
-        <fileSet>
-            <directory>target/${project.build.finalName}</directory>
+            <directory>target</directory>
             <outputDirectory/>
             <includes>
-                <include>bin/*.sh</include>
-            </includes>
-            <fileMode>0755</fileMode>
-        </fileSet>
-        <fileSet>
-            <directory>target/${project.build.finalName}</directory>
-            <outputDirectory/>
-            <includes>
-                <include>.installation</include>
-            </includes>
-            <directoryMode>0700</directoryMode>
-        </fileSet>
-        <fileSet>
-            <directory>src/main/welcome-content</directory>
-            <outputDirectory>welcome-content</outputDirectory>
-            <includes>
-                <include>*.*</include>
-            </includes>
-        </fileSet>
-        <fileSet>
-            <directory>src/main/modules</directory>
-            <outputDirectory>modules</outputDirectory>
-            <includes>
-                <include>layers.conf</include>
-            </includes>
-        </fileSet>
-        <fileSet>
-            <directory>target/licenses/content/docs</directory>
-            <outputDirectory>docs</outputDirectory>
-            <includes>
-                <include>licenses-${product.slot}/**</include>
-            </includes>
-        </fileSet>
-        <fileSet>
-            <directory>src/main/docs</directory>
-            <outputDirectory>docs</outputDirectory>
-            <includes>
-                <include>**</include>
+                <include>${server.output.dir.prefix}-${server.output.dir.version}/**</include>
             </includes>
         </fileSet>
     </fileSets>
-
-    <files>
-        <file>
-            <source>src/main/version.txt</source>
-            <outputDirectory/>
-            <filtered>true</filtered>
-        </file>
-    </files>
-
 </assembly>
diff --git a/distribution/server-dist/pom.xml b/distribution/server-dist/pom.xml
old mode 100755
new mode 100644
index 6f5ccd596d..17d0826890
--- a/distribution/server-dist/pom.xml
+++ b/distribution/server-dist/pom.xml
@@ -1,23 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
 <!--
-  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-  ~ and other contributors as indicated by the @author tags.
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2021, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
   ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
   ~
-  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
   ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
   -->
 
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
+
     <parent>
         <artifactId>keycloak-distribution-parent</artifactId>
         <groupId>org.keycloak</groupId>
@@ -25,24 +34,22 @@
     </parent>
 
     <artifactId>keycloak-server-dist</artifactId>
-    <packaging>pom</packaging>
-    <name>Keycloak Server Distribution</name>
+
+    <name>Keycloak Server Galleon Based Distribution</name>
     <description/>
 
-    <repositories>
-        <repository>
-            <id>jboss</id>
-            <url>https://repository.jboss.org/nexus/content/groups/public/</url>
-            <snapshots>
-                <enabled>false</enabled>
-            </snapshots>
-        </repository>
-    </repositories>
+    <packaging>pom</packaging>
 
     <dependencies>
         <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-server-feature-pack</artifactId>
+            <groupId>org.wildfly</groupId>
+            <artifactId>wildfly-galleon-pack</artifactId>
+            <type>pom</type>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.wildfly</groupId>
+            <artifactId>wildfly-galleon-pack</artifactId>
             <type>zip</type>
             <exclusions>
                 <exclusion>
@@ -51,47 +58,187 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-server-galleon-pack</artifactId>
+            <type>pom</type>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-server-galleon-pack</artifactId>
+            <type>zip</type>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
     </dependencies>
 
     <build>
+        <finalName>${server.output.dir.prefix}-${server.output.dir.version}</finalName>
         <plugins>
             <plugin>
-                <groupId>org.wildfly.build</groupId>
-                <artifactId>wildfly-server-provisioning-maven-plugin</artifactId>
-                <version>${wildfly.build-tools.version}</version>
+                <groupId>org.jboss.galleon</groupId>
+                <artifactId>galleon-maven-plugin</artifactId>
                 <executions>
                     <execution>
                         <id>server-provisioning</id>
                         <goals>
-                            <goal>build</goal>
+                            <goal>provision</goal>
                         </goals>
                         <phase>compile</phase>
                         <configuration>
-                            <config-file>../${keycloak.provisioning.xml}</config-file>
+                            <install-dir>${basedir}/target/${project.build.finalName}</install-dir>
+                            <record-state>false</record-state>
+                            <log-time>${galleon.log.time}</log-time>
+                            <offline>${galleon.offline}</offline>
+                            <plugin-options>
+                                <jboss-fork-embedded>${galleon.fork.embedded}</jboss-fork-embedded>
+                            </plugin-options>
+                            <feature-packs>
+                                <feature-pack>
+                                    <transitive>true</transitive>
+                                    <groupId>${ee.maven.groupId}</groupId>
+                                    <artifactId>wildfly-ee-galleon-pack</artifactId>
+                                    <version>${ee.maven.version}</version>
+                                    <included-packages>
+                                        <name>welcome-content</name>
+                                    </included-packages>
+                                    <excluded-packages>
+                                        <name>product.conf</name>
+                                        <name>appclient</name>
+                                        <name>bin.appclient</name>
+                                    </excluded-packages>
+                                </feature-pack>
+                                <feature-pack>
+                                    <transitive>true</transitive>
+                                    <groupId>org.wildfly</groupId>
+                                    <artifactId>wildfly-galleon-pack</artifactId>
+                                    <version>${wildfly.version}</version>
+                                    <included-packages>
+                                        <name>bin</name>
+                                        <name>bin.domain</name>
+                                        <name>docs.examples.configs</name>
+                                    </included-packages>
+                                    <excluded-packages>
+                                        <name>product.conf</name>
+                                        <name>appclient</name>
+                                        <name>bin.appclient</name>
+                                    </excluded-packages>
+                                </feature-pack>
+                                <feature-pack>
+                                    <groupId>org.keycloak</groupId>
+                                    <artifactId>keycloak-server-galleon-pack</artifactId>
+                                    <version>${project.version}</version>
+                                    <included-packages>
+                                        <name>identity</name>
+                                        <name>client-cli</name>
+                                        <name>core-tools</name>
+                                        <name>themes</name>
+                                        <name>welcome-content-keycloak</name>
+                                    </included-packages>
+                                    <excluded-packages>
+                                    </excluded-packages>
+                                </feature-pack>
+                            </feature-packs>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin> <!-- TODO: remove this in favour of proper Galleon Licenses Generation -->
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>unpack-and-inject-keycloak-server-feature-pack-licenses</id>
+                        <phase>process-classes</phase>
+                        <goals>
+                            <goal>unpack</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.keycloak</groupId>
+                                    <artifactId>keycloak-server-feature-pack</artifactId>
+                                    <type>zip</type>
+                                    <outputDirectory>${basedir}/target/${project.build.finalName}/docs</outputDirectory>
+                                    <includes>content/docs/licenses-${product.slot}/**</includes>
+                                    <fileMappers>
+                                        <org.codehaus.plexus.components.io.filemappers.RegExpFileMapper>
+                                            <pattern>^\Qcontent/docs/\E</pattern>
+                                            <replacement>./</replacement>
+                                        </org.codehaus.plexus.components.io.filemappers.RegExpFileMapper>
+                                    </fileMappers>
+                                </artifactItem>
+                            </artifactItems>
                         </configuration>
                     </execution>
                 </executions>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-dependency-plugin</artifactId>
+                <artifactId>maven-clean-plugin</artifactId>
                 <executions>
                     <execution>
-                        <id>unpack-server-feature-pack-licenses</id>
-                        <phase>prepare-package</phase>
+                        <!-- remove unwanted files from wildfly distribution (too complicated/not possible via galleon packages) -->
+                        <id>post-provision-cleanup</id>
+                        <phase>process-classes</phase>
                         <goals>
-                            <goal>unpack-dependencies</goal>
+                            <goal>clean</goal>
                         </goals>
                         <configuration>
-                            <includeGroupIds>org.keycloak</includeGroupIds>
-                            <includeArtifactIds>keycloak-server-feature-pack</includeArtifactIds>
-                            <includeTypes>zip</includeTypes>
-                            <includes>content/docs/licenses-${product.slot}/**</includes>
-                            <outputDirectory>${project.build.directory}/licenses</outputDirectory>
+                            <excludeDefaultDirectories>true</excludeDefaultDirectories>
+                            <filesets>
+                                <fileset>
+                                    <directory>${basedir}/target/${project.build.finalName}</directory>
+                                    <includes>
+                                        <include>README.txt</include>
+                                        <include>copyright.txt</include>
+                                    </includes>
+                                </fileset>
+                                <fileset>
+                                    <directory>${basedir}/target/${project.build.finalName}/welcome-content</directory>
+                                    <excludes>
+                                        <exclude>robots.txt</exclude>
+                                        <exclude>index.html</exclude>
+                                    </excludes>
+                                </fileset>
+                            </filesets>
                         </configuration>
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>verifications-configuration</id>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <phase>process-classes</phase>
+                        <configuration>
+                            <overwrite>true</overwrite>
+                            <outputDirectory>${basedir}/target/verifier</outputDirectory>
+                            <resources>
+                                <resource>
+                                    <directory>src/verifier</directory>
+                                    <filtering>true</filtering>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-verifier-plugin</artifactId>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-assembly-plugin</artifactId>
@@ -104,51 +251,18 @@
                         </goals>
                         <configuration>
                             <descriptors>
-                                <descriptor>${assemblyFile}</descriptor>
+                                <descriptor>assembly.xml</descriptor>
                             </descriptors>
                             <recompressZippedFiles>true</recompressZippedFiles>
                             <finalName>${project.build.finalName}</finalName>
                             <appendAssemblyId>false</appendAssemblyId>
                             <outputDirectory>${project.build.directory}</outputDirectory>
                             <workDirectory>${project.build.directory}/assembly/work</workDirectory>
+                            <tarLongFileMode>gnu</tarLongFileMode>
                         </configuration>
                     </execution>
                 </executions>
             </plugin>
         </plugins>
     </build>
-
-    <profiles>
-        <profile>
-            <id>community</id>
-            <activation>
-                <property>
-                    <name>!product</name>
-                </property>
-            </activation>
-            <properties>
-                <assemblyFile>assembly.xml</assemblyFile>
-            </properties>
-            <build>
-                <finalName>keycloak-${project.version}</finalName>
-            </build>
-        </profile>
-
-        <profile>
-            <id>product</id>
-            <activation>
-                <property>
-                    <name>product</name>
-                </property>
-            </activation>
-            <properties>
-                <assemblyFile>assembly.xml</assemblyFile>
-                <profileExcludes>%regex[(docs/contrib.*)|(docs/examples.*)|(docs/schema.*)]</profileExcludes>
-            </properties>
-            <build>
-                <finalName>${product.name}-${product.filename.version}</finalName>
-            </build>
-        </profile>
-    </profiles>
-
 </project>
diff --git a/distribution/server-dist/src/verifier/verifications.xml b/distribution/server-dist/src/verifier/verifications.xml
new file mode 100644
index 0000000000..cd83cb8218
--- /dev/null
+++ b/distribution/server-dist/src/verifier/verifications.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Copyright 2021 Red Hat, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<verifications xmlns="http://maven.apache.org/verifications/1.0.0"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://maven.apache.org/verifications/1.0.0 http://maven.apache.org/xsd/verifications-1.0.0.xsd">
+<!--
+    1) bin/product.conf exists
+    2) bin/product.conf has a slot property with a value equal to the value of the
+       'full.dist.product.slot' property
+    3) jboss-modules.jar must exist
+    4) standalone/configuration/standalone.xml must exist
+    5) modules/system/layers/base/org/jboss/as/product/${full.dist.product.slot}/dir/META-INF/MANIFEST.MF exists
+    6) JBoss-Product-Release-Name key in manifest.mf above has value equal to the value of the
+       'full.dist.product.release.name' property
+    7) JBoss-Product-Release-Version key in manifest.mf has value starting with the value of the
+       'verifier.product.release.version' property
+    8) JBossEULA.txt exists
+    8) version.txt exists
+    9) copyright.txt does not exist
+    10) README.txt does not exist
+    11) docs/contrib does not exist
+-->
+  <files>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/bin/product.conf</location>
+      <exists>true</exists>
+    </file>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/bin/product.conf</location>
+      <contains>slot=${product.slot}</contains>
+    </file>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/modules/system/layers/keycloak/org/jboss/as/product/${product.slot}/dir/META-INF/MANIFEST.MF</location>
+      <contains>JBoss-Product-Release-Name: ${product.name.full}</contains>
+    </file>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/modules/system/layers/keycloak/org/jboss/as/product/${product.slot}/dir/META-INF/MANIFEST.MF</location>
+      <contains>JBoss-Product-Release-Version: ${product.version}</contains>
+    </file>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/modules/system/layers/keycloak/org/jboss/as/product/${product.slot}/dir/META-INF/MANIFEST.MF</location>
+      <contains>JBoss-Product-Console-Slot: ${product.wildfly.console.slot}</contains>
+    </file>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/modules/system/layers/keycloak/org/jboss/as/product/${product.slot}/dir/META-INF/MANIFEST.MF</location>
+      <exists>true</exists>
+    </file>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/jboss-modules.jar</location>
+      <exists>true</exists>
+    </file>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/standalone/configuration/standalone.xml</location>
+      <exists>true</exists>
+    </file>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/standalone/configuration/standalone-ha.xml</location>
+      <exists>true</exists>
+    </file>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/domain/configuration/domain.xml</location>
+      <exists>true</exists>
+    </file>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/domain/configuration/host.xml</location>
+      <exists>true</exists>
+    </file>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/domain/configuration/host-master.xml</location>
+      <exists>true</exists>
+    </file>
+    <file>
+      <location>target/${server.output.dir.prefix}-${server.output.dir.version}/domain/configuration/host-slave.xml</location>
+      <exists>true</exists>
+    </file>
+  </files>
+</verifications>
diff --git a/distribution/server-legacy-dist/assembly.xml b/distribution/server-legacy-dist/assembly.xml
new file mode 100755
index 0000000000..f6550de907
--- /dev/null
+++ b/distribution/server-legacy-dist/assembly.xml
@@ -0,0 +1,138 @@
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<assembly>
+    <id>server-dist</id>
+
+    <formats>
+        <format>zip</format>
+        <format>tar.gz</format>
+    </formats>
+
+    <includeBaseDirectory>true</includeBaseDirectory>
+
+    <fileSets>
+        <fileSet>
+            <directory>target/${project.build.finalName}</directory>
+            <outputDirectory/>
+            <filtered>true</filtered>
+            <includes>
+                <include>**/module.xml</include>
+            </includes>
+            <!-- unused resteasy providers eat up memory, can't remove them as it my effect RH-SSO patching
+            <excludes>
+                <exclude>**/jose-jwt/**</exclude>
+                <exclude>**/resteasy-atom-provider/**</exclude>
+                <exclude>**/resteasy-crypto/**</exclude>
+                <exclude>**/resteasy-jettison-provider/**</exclude>
+                <exclude>**/resteasy-json-p-provider/**</exclude>
+                <exclude>**/resteasy-jsapi/**</exclude>
+                <exclude>**/resteasy-spring/**</exclude>
+                <exclude>**/resteasy-yaml-provider/**</exclude>
+                <exclude>**/jettison/**</exclude>
+            </excludes>
+            -->
+        </fileSet>
+        <fileSet>
+            <directory>target/${project.build.finalName}</directory>
+            <outputDirectory/>
+            <filtered>false</filtered>
+            <excludes>
+                <exclude>.installation</exclude>
+                <exclude>bin/*.sh</exclude>
+                <!-- jboss-client.jar unused  Unfortunately, this may screw up our patch process so it can't be removed.
+                <exclude>bin/client/README-EJB-JMS.txt</exclude>
+                <exclude>bin/client/jboss-client.jar</exclude>
+                 -->
+                <exclude>module.xml</exclude>
+                <exclude>welcome-content/**</exclude>
+                <exclude>appclient/**</exclude>
+                <exclude>bin/appclient.*</exclude>
+                <exclude>copyright.txt</exclude>
+                <exclude>README.txt</exclude>
+                <exclude>version.txt</exclude>
+                <exclude>${profileExcludes}</exclude>
+                <exclude>docs/licenses-${product.slot}/**</exclude>
+                <!-- unused resteasy providers eat up memory can't remove them as it my effect RH-SSO patching
+                <exclude>**/jose-jwt/**</exclude>
+                <exclude>**/resteasy-atom-provider/**</exclude>
+                <exclude>**/resteasy-crypto/**</exclude>
+                <exclude>**/resteasy-jettison-provider/**</exclude>
+                <exclude>**/resteasy-json-p-provider/**</exclude>
+                <exclude>**/resteasy-jsapi/**</exclude>
+                <exclude>**/resteasy-spring/**</exclude>
+                <exclude>**/resteasy-yaml-provider/**</exclude>
+                <exclude>**/jettison/**</exclude>
+                 -->
+            </excludes>
+        </fileSet>
+
+        <fileSet>
+            <directory>target/${project.build.finalName}</directory>
+            <outputDirectory/>
+            <includes>
+                <include>bin/*.sh</include>
+            </includes>
+            <fileMode>0755</fileMode>
+        </fileSet>
+        <fileSet>
+            <directory>target/${project.build.finalName}</directory>
+            <outputDirectory/>
+            <includes>
+                <include>.installation</include>
+            </includes>
+            <directoryMode>0700</directoryMode>
+        </fileSet>
+        <fileSet>
+            <directory>src/main/welcome-content</directory>
+            <outputDirectory>welcome-content</outputDirectory>
+            <includes>
+                <include>*.*</include>
+            </includes>
+        </fileSet>
+        <fileSet>
+            <directory>src/main/modules</directory>
+            <outputDirectory>modules</outputDirectory>
+            <includes>
+                <include>layers.conf</include>
+            </includes>
+        </fileSet>
+        <fileSet>
+            <directory>target/licenses/content/docs</directory>
+            <outputDirectory>docs</outputDirectory>
+            <includes>
+                <include>licenses-${product.slot}/**</include>
+            </includes>
+        </fileSet>
+        <fileSet>
+            <directory>src/main/docs</directory>
+            <outputDirectory>docs</outputDirectory>
+            <includes>
+                <include>**</include>
+            </includes>
+        </fileSet>
+    </fileSets>
+
+    <files>
+        <file>
+            <source>src/main/version.txt</source>
+            <outputDirectory/>
+            <filtered>true</filtered>
+        </file>
+    </files>
+
+</assembly>
diff --git a/distribution/server-legacy-dist/pom.xml b/distribution/server-legacy-dist/pom.xml
new file mode 100755
index 0000000000..40e3edc7c6
--- /dev/null
+++ b/distribution/server-legacy-dist/pom.xml
@@ -0,0 +1,144 @@
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <artifactId>keycloak-distribution-parent</artifactId>
+        <groupId>org.keycloak</groupId>
+        <version>14.0.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>keycloak-server-legacy-dist</artifactId>
+    <packaging>pom</packaging>
+    <name>Keycloak Server Legacy Distribution</name>
+    <description/>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-server-feature-pack</artifactId>
+            <type>zip</type>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.wildfly.build</groupId>
+                <artifactId>wildfly-server-provisioning-maven-plugin</artifactId>
+                <version>${wildfly.build-tools.version}</version>
+                <executions>
+                    <execution>
+                        <id>server-provisioning</id>
+                        <goals>
+                            <goal>build</goal>
+                        </goals>
+                        <phase>compile</phase>
+                        <configuration>
+                            <config-file>../${keycloak.provisioning.xml}</config-file>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>unpack-server-feature-pack-licenses</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>unpack-dependencies</goal>
+                        </goals>
+                        <configuration>
+                            <includeGroupIds>org.keycloak</includeGroupIds>
+                            <includeArtifactIds>keycloak-server-feature-pack</includeArtifactIds>
+                            <includeTypes>zip</includeTypes>
+                            <includes>content/docs/licenses-${product.slot}/**</includes>
+                            <outputDirectory>${project.build.directory}/licenses</outputDirectory>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>assemble</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                        <configuration>
+                            <descriptors>
+                                <descriptor>${assemblyFile}</descriptor>
+                            </descriptors>
+                            <recompressZippedFiles>true</recompressZippedFiles>
+                            <finalName>${project.build.finalName}</finalName>
+                            <appendAssemblyId>false</appendAssemblyId>
+                            <outputDirectory>${project.build.directory}</outputDirectory>
+                            <workDirectory>${project.build.directory}/assembly/work</workDirectory>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+    <profiles>
+        <profile>
+            <id>community</id>
+            <activation>
+                <property>
+                    <name>!product</name>
+                </property>
+            </activation>
+            <properties>
+                <assemblyFile>assembly.xml</assemblyFile>
+            </properties>
+            <build>
+                <finalName>keycloak-${project.version}</finalName>
+            </build>
+        </profile>
+
+        <profile>
+            <id>product</id>
+            <activation>
+                <property>
+                    <name>product</name>
+                </property>
+            </activation>
+            <properties>
+                <assemblyFile>assembly.xml</assemblyFile>
+                <profileExcludes>%regex[(docs/contrib.*)|(docs/examples.*)|(docs/schema.*)]</profileExcludes>
+            </properties>
+            <build>
+                <finalName>${product.name}-${product.filename.version}</finalName>
+            </build>
+        </profile>
+    </profiles>
+
+</project>
diff --git a/distribution/server-legacy-dist/src/main/docs/examples/map-storage-concurrenthashmap.cli b/distribution/server-legacy-dist/src/main/docs/examples/map-storage-concurrenthashmap.cli
new file mode 100644
index 0000000000..7620591249
--- /dev/null
+++ b/distribution/server-legacy-dist/src/main/docs/examples/map-storage-concurrenthashmap.cli
@@ -0,0 +1,38 @@
+##
+## CLI script to set Keycloak to use map storage rather than the standard JPA.
+## The backend database is at this moment a ConcurrentHashMap-based storage
+## which is suitable for dev and testing in standalone node. It does not
+## support clustered deployments.
+##
+## Apply this file using the following command from the Keycloak root directory:
+##
+##   bin/jboss-cli.sh --file=docs/examples/map-storage-concurrenthashmap.cli
+##
+## This will modify standalone/configuration/standalone.xml
+##
+
+embed-server
+
+/system-property=keycloak.profile.feature.map_storage:add(value=enabled)
+
+/subsystem=keycloak-server/spi=authorizationPersister:add(default-provider=map)
+/subsystem=keycloak-server/spi=client:add(default-provider=map)
+/subsystem=keycloak-server/spi=clientScope:add(default-provider=map)
+/subsystem=keycloak-server/spi=group:add(default-provider=map)
+/subsystem=keycloak-server/spi=realm:add(default-provider=map)
+/subsystem=keycloak-server/spi=role:add(default-provider=map)
+/subsystem=keycloak-server/spi=deploymentState:add(default-provider=map)
+/subsystem=keycloak-server/spi=deploymentState/provider=map:add(enabled=true,properties={resourcesVersionSeed=1JZ379bzyOCFA})
+/subsystem=keycloak-server/spi=user:add(default-provider=map)
+/subsystem=keycloak-server/spi=dblock:add(default-provider=none)
+
+## For dev and single-node purposes, these are set to "map".
+## For clustered deployments, these should be "infinispan" as map storage does not support distributed storage yet
+/subsystem=keycloak-server/spi=authenticationSessions:add(default-provider=map)
+/subsystem=keycloak-server/spi=loginFailure:add(default-provider=map)
+/subsystem=keycloak-server/spi=userSessions:add(default-provider=map)
+
+/subsystem=keycloak-server/spi=mapStorage:add(default-provider=concurrenthashmap)
+/subsystem=keycloak-server/spi=mapStorage/provider=concurrenthashmap:add(properties={dir="${jboss.server.data.dir}/map",keyType.realms=string,keyType.authz-resource-servers=string},enabled=true)
+
+quit
\ No newline at end of file
diff --git a/distribution/server-dist/src/main/modules/layers.conf b/distribution/server-legacy-dist/src/main/modules/layers.conf
similarity index 100%
rename from distribution/server-dist/src/main/modules/layers.conf
rename to distribution/server-legacy-dist/src/main/modules/layers.conf
diff --git a/distribution/server-legacy-dist/src/main/version.txt b/distribution/server-legacy-dist/src/main/version.txt
new file mode 100644
index 0000000000..c9db8ca50e
--- /dev/null
+++ b/distribution/server-legacy-dist/src/main/version.txt
@@ -0,0 +1 @@
+${product.name.full} - Version ${product.version}
diff --git a/distribution/server-legacy-dist/src/main/welcome-content/index.html b/distribution/server-legacy-dist/src/main/welcome-content/index.html
new file mode 100644
index 0000000000..762ad2be4c
--- /dev/null
+++ b/distribution/server-legacy-dist/src/main/welcome-content/index.html
@@ -0,0 +1,30 @@
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+<head>
+    <meta http-equiv="refresh" content="0; url=/auth/" />
+    <meta name="robots" content="noindex, nofollow">
+    <script type="text/javascript">
+        window.location.href = "/auth/"
+    </script>
+</head>
+<body>
+    If you are not redirected automatically, follow this <a href='/auth'>link</a>.
+</body>
+</html>
diff --git a/distribution/server-legacy-dist/src/main/welcome-content/robots.txt b/distribution/server-legacy-dist/src/main/welcome-content/robots.txt
new file mode 100644
index 0000000000..77470cb39f
--- /dev/null
+++ b/distribution/server-legacy-dist/src/main/welcome-content/robots.txt
@@ -0,0 +1,2 @@
+User-agent: *
+Disallow: /
\ No newline at end of file
diff --git a/distribution/server-overlay/pom.xml b/distribution/server-overlay/pom.xml
index f48e18d897..b9283aaa0b 100755
--- a/distribution/server-overlay/pom.xml
+++ b/distribution/server-overlay/pom.xml
@@ -29,16 +29,6 @@
     <name>Keycloak Server Overlay Distribution</name>
     <description/>
 
-    <repositories>
-        <repository>
-            <id>jboss</id>
-            <url>https://repository.jboss.org/nexus/content/groups/public/</url>
-            <snapshots>
-                <enabled>false</enabled>
-            </snapshots>
-        </repository>
-    </repositories>
-
     <dependencies>
         <dependency>
             <groupId>org.keycloak</groupId>
diff --git a/pom.xml b/pom.xml
index 259fa6ea12..3697a2ff1d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -171,6 +171,7 @@
         <nexus.staging.plugin.version>1.6.5</nexus.staging.plugin.version>
         <frontend.plugin.version>1.8.0</frontend.plugin.version>
         <docker.maven.plugin.version>0.28.0</docker.maven.plugin.version>
+        <verifier.plugin.version>1.1</verifier.plugin.version>
 
         <!-- Surefire Settings -->
         <surefire.memory.Xms>512m</surefire.memory.Xms>
@@ -194,6 +195,21 @@
         <webauthn4j.version>0.12.0.RELEASE</webauthn4j.version>
         <org.apache.kerby.kerby-asn1.version>2.0.0</org.apache.kerby.kerby-asn1.version>
 
+        <!-- WildFly Galleon Build related properties -->
+        <ee.maven.groupId>org.wildfly</ee.maven.groupId>
+        <ee.maven.version>${wildfly.version}</ee.maven.version>
+        <org.wildfly.galleon-plugins.version>5.1.3.Final</org.wildfly.galleon-plugins.version>
+
+        <!-- Galleon -->
+        <galleon.fork.embedded>true</galleon.fork.embedded>
+        <galleon.log.time>true</galleon.log.time>
+        <galleon.offline>true</galleon.offline>
+
+        <!-- Properties that drive the names of various directories produced by and used in the build -->
+        <server.output.dir.prefix>keycloak</server.output.dir.prefix>
+        <!-- Version suffix that is appended to directories. Default is the maven GAV version but this can be edited to use a short form version -->
+        <server.output.dir.version>${project.version}</server.output.dir.version>
+
     </properties>
 
     <url>http://keycloak.org</url>
@@ -745,6 +761,30 @@
                 <version>${wildfly.version}</version>
                 <type>zip</type>
             </dependency>
+            <dependency>
+                <groupId>org.wildfly</groupId>
+                <artifactId>wildfly-galleon-pack</artifactId>
+                <version>${wildfly.version}</version>
+                <type>zip</type>
+            </dependency>
+            <dependency>
+                <groupId>org.wildfly</groupId>
+                <artifactId>wildfly-galleon-pack</artifactId>
+                <version>${wildfly.version}</version>
+                <type>pom</type>
+            </dependency>
+            <dependency>
+                <groupId>org.wildfly</groupId>
+                <artifactId>wildfly-ee-galleon-pack</artifactId>
+                <version>${wildfly.version}</version>
+                <type>zip</type>
+            </dependency>
+            <dependency>
+                <groupId>org.wildfly</groupId>
+                <artifactId>wildfly-servlet-galleon-pack</artifactId>
+                <version>${wildfly.version}</version>
+                <type>zip</type>
+            </dependency>
             <dependency>
                 <groupId>org.wildfly</groupId>
                 <artifactId>wildfly-web-feature-pack</artifactId>
@@ -776,6 +816,30 @@
                 <version>${wildfly.core.version}</version>
                 <scope>test</scope>
             </dependency>
+            <dependency>
+                <groupId>org.wildfly.core</groupId>
+                <artifactId>wildfly-core-feature-pack-common</artifactId>
+                <type>pom</type>
+                <version>${wildfly.core.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.wildfly.core</groupId>
+                <artifactId>wildfly-core-feature-pack-ee-8-api</artifactId>
+                <type>pom</type>
+                <version>${wildfly.core.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.wildfly.core</groupId>
+                <artifactId>wildfly-core-feature-pack-galleon-common</artifactId>
+                <type>pom</type>
+                <version>${wildfly.core.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.wildfly.core</groupId>
+                <artifactId>wildfly-core-feature-pack-galleon-pruned</artifactId>
+                <type>pom</type>
+                <version>${wildfly.core.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.wildfly.core</groupId>
                 <artifactId>wildfly-core-feature-pack</artifactId>
@@ -788,6 +852,18 @@
                 <type>zip</type>
                 <version>${wildfly.core.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.wildfly.core</groupId>
+                <artifactId>wildfly-core-galleon-pack</artifactId>
+                <type>pom</type>
+                <version>${wildfly.core.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.wildfly.core</groupId>
+                <artifactId>wildfly-core-galleon-pack</artifactId>
+                <type>zip</type>
+                <version>${wildfly.core.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.wildfly.core</groupId>
                 <artifactId>wildfly-version</artifactId>
@@ -1575,6 +1651,59 @@
                     </exclusion>
                 </exclusions>
             </dependency>
+
+            <!-- used in server-dist build while provisioning the distribution -->
+            <dependency>
+                <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-server-galleon-pack</artifactId>
+                <version>${project.version}</version>
+                <type>zip</type>
+            </dependency>
+
+            <dependency>
+                <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-server-galleon-pack</artifactId>
+                <version>${project.version}</version>
+                <type>pom</type>
+            </dependency>
+
+            <!-- WildFly Galleon Plugins -->
+            <dependency>
+                <groupId>org.wildfly.galleon-plugins</groupId>
+                <artifactId>wildfly-galleon-plugins</artifactId>
+                <version>${org.wildfly.galleon-plugins.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.jboss.galleon</groupId>
+                        <artifactId>*</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+
+            <dependency>
+                <groupId>org.wildfly.galleon-plugins</groupId>
+                <artifactId>wildfly-config-gen</artifactId>
+                <version>${org.wildfly.galleon-plugins.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>*</groupId>
+                        <artifactId>*</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+
+            <dependency>
+                <groupId>org.wildfly.galleon-plugins</groupId>
+                <artifactId>transformer</artifactId>
+                <version>${org.wildfly.galleon-plugins.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>*</groupId>
+                        <artifactId>*</artifactId>
+                    </exclusion>
+                </exclusions>
+            </dependency>
+
         </dependencies>
     </dependencyManagement>
 
@@ -1598,6 +1727,11 @@
                         <tarLongFileMode>posix</tarLongFileMode>
                     </configuration>
                 </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-dependency-plugin</artifactId>
+                    <version>3.1.2</version>
+                </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-release-plugin</artifactId>
@@ -1673,6 +1807,42 @@
                     <artifactId>wildfly-server-provisioning-maven-plugin</artifactId>
                     <version>${wildfly.build-tools.version}</version>
                 </plugin>
+                <plugin>
+                    <groupId>org.wildfly.galleon-plugins</groupId>
+                    <artifactId>wildfly-galleon-maven-plugin</artifactId>
+                    <version>${org.wildfly.galleon-plugins.version}</version>
+                    <dependencies>
+                        <!-- feature-spec-gen uses wildfly-embedded to generate the feature specs, hence the designated wildfly-embedded version must match the pack one -->
+                        <dependency>
+                            <groupId>org.wildfly.core</groupId>
+                            <artifactId>wildfly-embedded</artifactId>
+                            <version>${wildfly.core.version}</version>
+                        </dependency>
+                        <!-- If you add a dependency on wildfly-embedded you need to bring your own transitives -->
+                        <dependency>
+                            <groupId>org.wildfly.common</groupId>
+                            <artifactId>wildfly-common</artifactId>
+                            <version>${wildfly.common.version}</version>
+                        </dependency>
+                    </dependencies>
+                </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-verifier-plugin</artifactId>
+                    <version>${verifier.plugin.version}</version>
+                    <executions>
+                        <execution>
+                            <id>main</id>
+                            <phase>verify</phase>
+                            <goals>
+                                <goal>verify</goal>
+                            </goals>
+                        </execution>
+                    </executions>
+                    <configuration>
+                        <verificationFile>target/verifier/verifications.xml</verificationFile>
+                    </configuration>
+                </plugin>
                 <plugin>
                     <groupId>org.apache.felix</groupId>
                     <artifactId>maven-bundle-plugin</artifactId>
diff --git a/wildfly/server-subsystem/src/main/config/default-server-subsys-config.properties b/wildfly/server-subsystem/src/main/config/default-server-subsys-config.properties
index a710d9c9f7..08defc2311 100644
--- a/wildfly/server-subsystem/src/main/config/default-server-subsys-config.properties
+++ b/wildfly/server-subsystem/src/main/config/default-server-subsys-config.properties
@@ -2,6 +2,8 @@
 # to src/main/resources/cli/default-keycloak-subsys-config.cli
 # The CLI file is packaged with the subsystem and extracted by the overlay distribution.
 #
+# !!! This file has to be in sync with distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/feature_groups/keycloak-server-subsystem.xml
+#
 # Also, you should update the migrate-*.cli scripts in
 # <keycloak>/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin
 #