diff --git a/distribution/appliance-dist/assembly.xml b/distribution/appliance-dist/assembly.xml
index acaa91fa78..0e788d8c34 100755
--- a/distribution/appliance-dist/assembly.xml
+++ b/distribution/appliance-dist/assembly.xml
@@ -48,7 +48,7 @@
         </fileSet>
         <fileSet>
             <directory>${project.build.directory}/unpacked/deployments/auth-server.war/WEB-INF/classes/META-INF</directory>
-            <outputDirectory>keycloak/modules/system/layers/base/org/keycloak/keycloak-wildfly-subsystem/main/overlays</outputDirectory>
+            <outputDirectory>keycloak/standalone/configuration</outputDirectory>
             <includes>
                 <include>keycloak-server.json</include>
             </includes>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-wildfly-subsystem/main/module.xml b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-wildfly-subsystem/main/module.xml
index 476147922a..636909dd99 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-wildfly-subsystem/main/module.xml
+++ b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-wildfly-subsystem/main/module.xml
@@ -2,7 +2,7 @@
 
 <!--
   ~ JBoss, Home of Professional Open Source.
-  ~ Copyright 2010, Red Hat, Inc., and individual contributors
+  ~ Copyright 2014, Red Hat, Inc., and individual contributors
   ~ as indicated by the @author tags. See the copyright.txt file in the
   ~ distribution for a full listing of individual contributors.
   ~
@@ -25,11 +25,11 @@
 <module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-wildfly-subsystem">
     <properties>
         <property name="keycloak-version" value="${project.version}"/>
+        <property name="auth-server-exploded" value="false"/>
     </properties>
 
     <resources>
-        <resource-root path="auth-server"/>
-        <resource-root path="overlays"/>
+        <resource-root path="."/>
         <!-- Insert resources here -->
     </resources>
 
diff --git a/integration/keycloak-feature-pack/pom.xml b/integration/keycloak-feature-pack/pom.xml
deleted file mode 100644
index b2560302b8..0000000000
--- a/integration/keycloak-feature-pack/pom.xml
+++ /dev/null
@@ -1,83 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-~ Copyright 2013 JBoss Inc
-~
-~ Licensed under the Apache License, Version 2.0 (the "License");
-~ you may not use this file except in compliance with the License.
-~ You may obtain a copy of the License at
-~
-~       http://www.apache.org/licenses/LICENSE-2.0
-~
-~ Unless required by applicable law or agreed to in writing, software
-~ distributed under the License is distributed on an "AS IS" BASIS,
-~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-~ See the License for the specific language governing permissions and
-~ limitations under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-
-    <parent>
-        <groupId>org.keycloak</groupId>
-        <artifactId>keycloak-parent</artifactId>
-        <version>1.1.0-Alpha1-SNAPSHOT</version>
-        <relativePath>../../pom.xml</relativePath>
-    </parent>
-
-    <artifactId>keycloak-feature-pack</artifactId>
-    <name>Keycloak Feature Pack</name>
-    <description/>
-    <packaging>jar</packaging>
-
-    
-    <dependencies>
-        <!-- feature pack dependencies -->
-        <dependency>
-            <groupId>org.wildfly.core</groupId>
-            <artifactId>wildfly-core-feature-pack</artifactId>
-            <type>zip</type>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        
-        <!-- module and copy artifact dependencies -->
-    </dependencies>
-    
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <configuration>
-                    <source>${maven.compiler.source}</source>
-                    <target>${maven.compiler.target}</target>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-plugin</artifactId>
-                <version>2.8.1</version>
-                <configuration>
-                    <redirectTestOutputToFile>false</redirectTestOutputToFile>
-                    <enableAssertions>true</enableAssertions>
-                    <argLine>-Xmx512m</argLine>
-                    <systemProperties>
-                        <property>
-                            <name>jboss.home</name>
-                            <value>${jboss.home}</value>
-                        </property>
-                    </systemProperties>
-                    <includes>
-                        <include>**/*TestCase.java</include>
-                    </includes>
-                    <forkMode>once</forkMode>
-                </configuration>
-            </plugin>
-        </plugins>
-    </build>
-
-</project>
diff --git a/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-adapter-core/main/module.xml b/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-adapter-core/main/module.xml
deleted file mode 100644
index 0def6052f1..0000000000
--- a/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-adapter-core/main/module.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-  ~ JBoss, Home of Professional Open Source.
-  ~ Copyright 2010, Red Hat, Inc., and individual contributors
-  ~ as indicated by the @author tags. See the copyright.txt file in the
-  ~ distribution for a full listing of individual contributors.
-  ~
-  ~ This is free software; you can redistribute it and/or modify it
-  ~ under the terms of the GNU Lesser General Public License as
-  ~ published by the Free Software Foundation; either version 2.1 of
-  ~ the License, or (at your option) any later version.
-  ~
-  ~ This software is distributed in the hope that it will be useful,
-  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
-  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  ~ Lesser General Public License for more details.
-  ~
-  ~ You should have received a copy of the GNU Lesser General Public
-  ~ License along with this software; if not, write to the Free
-  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-  -->
-
-<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-adapter-core">
-    <resources>
-        <artifact name="${org.keycloak:keycloak-adapter-core}"/>
-    </resources>
-    <dependencies>
-        <module name="javax.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="org.apache.httpcomponents" />
-        <module name="org.jboss.logging"/>
-        <module name="org.keycloak.keycloak-core"/>
-    </dependencies>
-
-</module>
diff --git a/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-core/main/module.xml b/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-core/main/module.xml
deleted file mode 100644
index da3e18b810..0000000000
--- a/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-core/main/module.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-  ~ JBoss, Home of Professional Open Source.
-  ~ Copyright 2014, Red Hat, Inc., and individual contributors
-  ~ as indicated by the @author tags. See the copyright.txt file in the
-  ~ distribution for a full listing of individual contributors.
-  ~
-  ~ This is free software; you can redistribute it and/or modify it
-  ~ under the terms of the GNU Lesser General Public License as
-  ~ published by the Free Software Foundation; either version 2.1 of
-  ~ the License, or (at your option) any later version.
-  ~
-  ~ This software is distributed in the hope that it will be useful,
-  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
-  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  ~ Lesser General Public License for more details.
-  ~
-  ~ You should have received a copy of the GNU Lesser General Public
-  ~ License along with this software; if not, write to the Free
-  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-  -->
-
-<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-core">
-    <resources>
-        <artifact name="${org.keycloak:keycloak-core}"/>
-    </resources>
-    <dependencies>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="org.bouncycastle"/>
-        <module name="net.iharder.base64"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
diff --git a/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-jboss-adapter-core/main/module.xml b/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-jboss-adapter-core/main/module.xml
deleted file mode 100644
index 89b0a6de2e..0000000000
--- a/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-jboss-adapter-core/main/module.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-  ~ JBoss, Home of Professional Open Source.
-  ~ Copyright 2014, Red Hat, Inc., and individual contributors
-  ~ as indicated by the @author tags. See the copyright.txt file in the
-  ~ distribution for a full listing of individual contributors.
-  ~
-  ~ This is free software; you can redistribute it and/or modify it
-  ~ under the terms of the GNU Lesser General Public License as
-  ~ published by the Free Software Foundation; either version 2.1 of
-  ~ the License, or (at your option) any later version.
-  ~
-  ~ This software is distributed in the hope that it will be useful,
-  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
-  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  ~ Lesser General Public License for more details.
-  ~
-  ~ You should have received a copy of the GNU Lesser General Public
-  ~ License along with this software; if not, write to the Free
-  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-  -->
-
-<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-jboss-adapter-core">
-    <resources>
-        <artifact name="${org.keycloak:keycloak-jboss-adapter-core}"/>
-    </resources>
-
-    <dependencies>
-        <module name="javax.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.picketbox"/>
-        <module name="org.keycloak.keycloak-adapter-core"/>
-        <module name="org.keycloak.keycloak-core"/>
-    </dependencies>
-
-</module>
diff --git a/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-undertow-adapter/main/module.xml b/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-undertow-adapter/main/module.xml
deleted file mode 100644
index dedbd945ec..0000000000
--- a/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-undertow-adapter/main/module.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-  ~ JBoss, Home of Professional Open Source.
-  ~ Copyright 2014, Red Hat, Inc., and individual contributors
-  ~ as indicated by the @author tags. See the copyright.txt file in the
-  ~ distribution for a full listing of individual contributors.
-  ~
-  ~ This is free software; you can redistribute it and/or modify it
-  ~ under the terms of the GNU Lesser General Public License as
-  ~ published by the Free Software Foundation; either version 2.1 of
-  ~ the License, or (at your option) any later version.
-  ~
-  ~ This software is distributed in the hope that it will be useful,
-  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
-  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  ~ Lesser General Public License for more details.
-  ~
-  ~ You should have received a copy of the GNU Lesser General Public
-  ~ License along with this software; if not, write to the Free
-  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-  -->
-
-<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-undertow-adapter">
-    <resources>
-        <artifact name="${org.keycloak:keycloak-undertow-adapter}"/>
-    </resources>
-    <dependencies>
-        <module name="javax.api"/>
-        <module name="org.bouncycastle"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="org.apache.httpcomponents" />
-        <module name="javax.servlet.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="io.undertow.core"/>
-        <module name="io.undertow.servlet"/>
-        <module name="org.keycloak.keycloak-adapter-core"/>
-        <module name="org.keycloak.keycloak-core"/>
-    </dependencies>
-
-</module>
diff --git a/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-wildfly-adapter/main/module.xml b/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-wildfly-adapter/main/module.xml
deleted file mode 100644
index ceb9b4bf89..0000000000
--- a/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-wildfly-adapter/main/module.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-  ~ JBoss, Home of Professional Open Source.
-  ~ Copyright 2014, Red Hat, Inc., and individual contributors
-  ~ as indicated by the @author tags. See the copyright.txt file in the
-  ~ distribution for a full listing of individual contributors.
-  ~
-  ~ This is free software; you can redistribute it and/or modify it
-  ~ under the terms of the GNU Lesser General Public License as
-  ~ published by the Free Software Foundation; either version 2.1 of
-  ~ the License, or (at your option) any later version.
-  ~
-  ~ This software is distributed in the hope that it will be useful,
-  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
-  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  ~ Lesser General Public License for more details.
-  ~
-  ~ You should have received a copy of the GNU Lesser General Public
-  ~ License along with this software; if not, write to the Free
-  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-  -->
-
-<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-wildfly-adapter">
-    <resources>
-        <artifact name="${org.keycloak:keycloak-wildfly-adapter}"/>
-    </resources>
-    <dependencies>
-        <module name="javax.api"/>
-        <module name="org.bouncycastle"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="org.apache.httpcomponents" />
-        <module name="javax.servlet.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="io.undertow.core"/>
-        <module name="io.undertow.servlet"/>
-        <module name="org.picketbox"/>
-        <module name="org.keycloak.keycloak-undertow-adapter"/>
-        <module name="org.keycloak.keycloak-adapter-core"/>
-        <module name="org.keycloak.keycloak-core"/>
-    </dependencies>
-
-</module>
diff --git a/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-wildfly-subsystem/main/module.xml b/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-wildfly-subsystem/main/module.xml
deleted file mode 100644
index 9ccd15f752..0000000000
--- a/integration/keycloak-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-wildfly-subsystem/main/module.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-  ~ JBoss, Home of Professional Open Source.
-  ~ Copyright 2014, Red Hat, Inc., and individual contributors
-  ~ as indicated by the @author tags. See the copyright.txt file in the
-  ~ distribution for a full listing of individual contributors.
-  ~
-  ~ This is free software; you can redistribute it and/or modify it
-  ~ under the terms of the GNU Lesser General Public License as
-  ~ published by the Free Software Foundation; either version 2.1 of
-  ~ the License, or (at your option) any later version.
-  ~
-  ~ This software is distributed in the hope that it will be useful,
-  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
-  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-  ~ Lesser General Public License for more details.
-  ~
-  ~ You should have received a copy of the GNU Lesser General Public
-  ~ License along with this software; if not, write to the Free
-  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-  -->
-
-<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-wildfly-subsystem">
-    <properties>
-        <property name="keycloak-version" value="${project.version}"/>
-    </properties>
-
-    <resources>
-        <artifact name="${org.keycloak:keycloak-wildfly-subsystem}"/>
-        <resource-root path="auth-server"/>
-    </resources>
-
-    <dependencies>
-        <module name="javax.api"/>
-        <module name="org.jboss.staxmapper"/>
-        <module name="org.jboss.as.controller"/>
-        <module name="org.jboss.as.server"/>
-        <module name="org.jboss.modules"/>
-        <module name="org.jboss.msc"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.jboss.vfs"/>
-        <module name="org.jboss.as.web-common"/>
-        <module name="org.jboss.metadata.web"/>
-    </dependencies>
-</module>
diff --git a/integration/pom.xml b/integration/pom.xml
index 06997d2090..0c52175399 100755
--- a/integration/pom.xml
+++ b/integration/pom.xml
@@ -28,6 +28,5 @@
         <module>js</module>
         <module>installed</module>
         <module>admin-client</module>
-        <module>keycloak-feature-pack</module>
     </modules>
 </project>
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigService.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigService.java
index 762f05e2a1..868f5858d0 100755
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigService.java
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakAdapterConfigService.java
@@ -78,7 +78,6 @@ public final class KeycloakAdapterConfigService implements Service<KeycloakAdapt
     }
 
     public void addServerDeployment(String deploymentName, String webContext) {
-        System.out.println("**** adding Server deployment=" + deploymentName);
         this.webContexts.put(deploymentName, webContext);
     }
 
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakDependencyProcessor.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakDependencyProcessor.java
index 4666b3ff1b..50f0bc0a25 100755
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakDependencyProcessor.java
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/KeycloakDependencyProcessor.java
@@ -52,9 +52,6 @@ public class KeycloakDependencyProcessor implements DeploymentUnitProcessor {
     }
 
     private void addModules(DeploymentUnit deploymentUnit) {
-        System.out.println("**************************");
-        System.out.println("* Adding Keycloak dependencies to " + deploymentUnit.getName());
-        System.out.println("**************************");
         final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION);
         final ModuleLoader moduleLoader = Module.getBootModuleLoader();
 
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/SecureDeploymentDefinition.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/SecureDeploymentDefinition.java
index 3c70a60ee6..2254dd6d3b 100755
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/SecureDeploymentDefinition.java
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/SecureDeploymentDefinition.java
@@ -31,7 +31,6 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import org.keycloak.subsystem.extension.authserver.ManageOverlayHandler;
 
 /**
  * Defines attributes and operations for a secure-deployment.
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AbstractAddOverlayHandler.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AbstractAddOverlayHandler.java
new file mode 100644
index 0000000000..e9780a8a71
--- /dev/null
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AbstractAddOverlayHandler.java
@@ -0,0 +1,182 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.extension.authserver;
+
+import java.util.Set;
+import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationFailedException;
+import org.jboss.as.controller.OperationStepHandler;
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.ProcessType;
+import org.jboss.as.controller.SimpleAttributeDefinition;
+import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DEPLOYMENT_OVERLAY;
+import org.jboss.as.controller.operations.common.Util;
+import org.jboss.as.controller.registry.Resource;
+import org.jboss.dmr.ModelNode;
+import org.jboss.dmr.ModelType;
+import static org.keycloak.subsystem.extension.authserver.AuthServerUtil.getHandler;
+
+/**
+ * Base class for operations that create overlays for an auth server.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
+ */
+public abstract class AbstractAddOverlayHandler implements OperationStepHandler {
+
+    protected static final String UPLOADED_FILE_OP_NAME = "uploaded-file-name";
+
+    protected static final SimpleAttributeDefinition BYTES_TO_UPLOAD
+            = new SimpleAttributeDefinitionBuilder("bytes-to-upload", ModelType.BYTES, false)
+            .setAllowExpression(false)
+            .setAllowNull(false)
+            .build();
+
+    @Override
+    public void execute(final OperationContext context, final ModelNode operation) throws OperationFailedException {
+        //System.out.println("*** execute operation ***");
+        //System.out.println(scrub(operation));
+
+        String uploadFileName = operation.get(UPLOADED_FILE_OP_NAME).asString();
+        String overlayPath = getOverlayPath(uploadFileName);
+        String overlayName = AuthServerUtil.getAuthServerName(operation) + "-keycloak-overlay";
+        PathAddress overlayAddress = PathAddress.pathAddress(PathElement.pathElement(DEPLOYMENT_OVERLAY, overlayName));
+
+        boolean isOverlayExists = isOverlayExists(context, overlayName, PathAddress.EMPTY_ADDRESS);
+        if (!isOverlayExists) {
+            addOverlay(context, overlayAddress);
+            if (!isHostController(context)) {
+                addDeploymentToOverlay(context, overlayAddress, AuthServerUtil.getDeploymentName(operation));
+            }
+        }
+
+        if (isHostController(context)) {
+            addOverlayToServerGroups(context, overlayAddress, operation, overlayName);
+        }
+
+        // There is no way to do an overwrite of content from here because it involves
+        // removing the overlay service in the runtime phase.  You have to remove
+        // the content in a seperate operation.
+        if (isOverlayExists && isContentExists(context, overlayAddress, overlayPath)) {
+            throw new OperationFailedException(pathExistsMessage(overlayAddress, overlayPath));
+        }
+
+        addContent(context, overlayAddress, operation.get(BYTES_TO_UPLOAD.getName()).asBytes(), overlayPath);
+
+        context.restartRequired();
+        context.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
+    }
+
+    private boolean isHostController(OperationContext context) {
+        return context.getProcessType() == ProcessType.HOST_CONTROLLER;
+    }
+
+    private String pathExistsMessage(PathAddress overlayAddress, String overlayPath) {
+        PathAddress contentAddress = overlayAddress.append("content", overlayPath);
+        String msg = "Can not update overlay. ";
+        msg += "First remove the overlay with CLI using the following command with the content path in double quotes:  ";
+        msg += contentAddress.toCLIStyleString() + ":remove";
+        return msg;
+    }
+
+    private boolean isOverlayExists(OperationContext context, String overlayName, PathAddress address) {
+        Resource resource = context.readResourceFromRoot(address);
+        return resource.getChildrenNames("deployment-overlay").contains(overlayName);
+    }
+
+    private boolean isContentExists(OperationContext context, PathAddress overlayAddress, String overlayPath) {
+        Resource resource = context.readResourceFromRoot(overlayAddress);
+        return resource.getChildrenNames("content").contains(overlayPath);
+    }
+
+    private void addOverlay(OperationContext context, PathAddress overlayAddress) {
+        ModelNode op = Util.createAddOperation(overlayAddress);
+        doAddStep(context, overlayAddress, op);
+    }
+
+    private void addDeploymentToOverlay(OperationContext context, PathAddress overlayAddress, String deploymentName) {
+        PathAddress deploymentAddress = overlayAddress.append("deployment", deploymentName);
+        ModelNode op = Util.createAddOperation(deploymentAddress);
+        doAddStep(context, deploymentAddress, op);
+    }
+
+    // only call this if context.getProcessType() == ProcessType.HOST_CONTROLLER
+    private void addOverlayToServerGroups(OperationContext context, PathAddress overlayAddress, ModelNode operation, String overlayName) {
+        String myProfile = findMyProfile(operation);
+        for (String serverGroup : getServerGroupNames(context)) {
+            PathAddress address = PathAddress.pathAddress("server-group", serverGroup);
+            ModelNode serverGroupModel = context.readResourceFromRoot(address).getModel();
+            if (serverGroupModel.get("profile").asString().equals(myProfile)) {
+                PathAddress serverGroupOverlayAddress = address.append(overlayAddress);
+                boolean isOverlayExists = isOverlayExists(context, overlayName, address);
+                if (!isOverlayExists) {
+                    addOverlay(context, serverGroupOverlayAddress);
+                    addDeploymentToOverlay(context, serverGroupOverlayAddress, AuthServerUtil.getDeploymentName(operation));
+                }
+            }
+        }
+    }
+
+    // only call this if context.getProcessType() == ProcessType.HOST_CONTROLLER
+    private String findMyProfile(ModelNode operation) {
+        PathAddress address = PathAddress.pathAddress(operation.get("address"));
+        return address.getElement(0).getValue();
+    }
+
+    private Set<String> getServerGroupNames(OperationContext context) {
+        return context.readResourceFromRoot(PathAddress.EMPTY_ADDRESS).getChildrenNames("server-group");
+    }
+
+    private void addContent(OperationContext context, PathAddress overlayAddress, byte[] bytes, String overlayPath) throws OperationFailedException {
+        PathAddress contentAddress = overlayAddress.append("content", overlayPath);
+        ModelNode op = Util.createAddOperation(contentAddress);
+
+        ModelNode content = new ModelNode();
+        content.get("bytes").set(bytes);
+        op.get("content").set(content);
+
+        doAddStep(context, contentAddress, op);
+    }
+
+    private void doAddStep(OperationContext context, PathAddress address, ModelNode operation) {
+        //System.out.println("**** Adding Add Step ****");
+        //System.out.println(scrub(operation).toString());
+        context.addStep(operation, getHandler(context, address, ADD), OperationContext.Stage.MODEL);
+    }
+
+    // used for debugging
+    private ModelNode scrub(ModelNode op) {
+        ModelNode scrubbed = op.clone();
+        if (scrubbed.has("content")) {
+            scrubbed.get("content").set("BYTES REMOVED FOR DISPLAY");
+        }
+        if (scrubbed.has("bytes-to-upload")) {
+            scrubbed.get("bytes-to-upload").set("BYTES REMOVED FOR DISPLAY");
+        }
+        return scrubbed;
+    }
+
+    /**
+     * Get the WAR path where the overlay will live.
+     *
+     * @param file The name of the file being uploaded.
+     * @return The overlay path as a String.
+     */
+    abstract String getOverlayPath(String fileName);
+}
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AddProviderHandler.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AddProviderHandler.java
index 4d632723e1..f661891b89 100644
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AddProviderHandler.java
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AddProviderHandler.java
@@ -17,19 +17,43 @@
 
 package org.keycloak.subsystem.extension.authserver;
 
-import org.jboss.as.controller.AbstractModelUpdateHandler;
-import org.jboss.as.controller.OperationFailedException;
+import java.io.File;
+import org.jboss.as.controller.OperationDefinition;
+import org.jboss.as.controller.SimpleAttributeDefinition;
+import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
+import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
 import org.jboss.dmr.ModelNode;
+import org.jboss.dmr.ModelType;
 
 /**
+ * Operation to add a provider jar to WEB-INF/lib.
  *
  * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
  */
-public class AddProviderHandler extends AbstractModelUpdateHandler {
+public class AddProviderHandler extends AbstractAddOverlayHandler {
+
+    public static final String OP = "add-provider";
+
+    public static final AddProviderHandler INSTANCE = new AddProviderHandler();
+
+    protected static final SimpleAttributeDefinition UPLOADED_FILE_NAME =
+            new SimpleAttributeDefinitionBuilder(UPLOADED_FILE_OP_NAME, ModelType.STRING, false)
+            .setAllowExpression(false)
+            .setAllowNull(false)
+            .setDefaultValue(new ModelNode().set("myprovider.jar"))
+            .build();
+
+    public static OperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder(OP, AuthServerDefinition.rscDescriptionResolver)
+            .addParameter(BYTES_TO_UPLOAD)
+            .addParameter(UPLOADED_FILE_NAME)
+            .build();
 
     @Override
-    protected void updateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
-
+    String getOverlayPath(String fileName) {
+        if (!fileName.toLowerCase().endsWith(".jar")) {
+            throw new IllegalArgumentException("Uploaded file name must end with .jar");
+        }
+        return "/WEB-INF/lib/" + fileName;
     }
 
 }
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerAddHandler.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerAddHandler.java
index 23ade1e9f0..fd3fcddda5 100755
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerAddHandler.java
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerAddHandler.java
@@ -52,14 +52,6 @@ public final class AuthServerAddHandler extends AbstractAddStepHandler {
             attr.validateAndSet(operation, model);
         }
 
-        System.out.println("**************************");
-        System.out.println("operation");
-        System.out.println(operation.toString());
-        System.out.println("**************************");
-        System.out.println("model");
-        System.out.println(model.toString());
-        System.out.println("**************************");
-
         // returns early if on domain controller
         if (!requiresRuntime(context)) return;
 
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerDefinition.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerDefinition.java
index c7e7ae38db..ff43a6f71c 100755
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerDefinition.java
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerDefinition.java
@@ -93,7 +93,8 @@ public class AuthServerDefinition extends SimpleResourceDefinition {
     public void registerOperations(ManagementResourceRegistration resourceRegistration) {
         super.registerOperations(resourceRegistration);
         resourceRegistration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
-        resourceRegistration.registerOperationHandler(ManageOverlayHandler.DEFINITION, ManageOverlayHandler.INSTANCE);
+        resourceRegistration.registerOperationHandler(AddProviderHandler.DEFINITION, AddProviderHandler.INSTANCE);
+        resourceRegistration.registerOperationHandler(OverlayKeycloakServerJsonHandler.DEFINITION, OverlayKeycloakServerJsonHandler.INSTANCE);
     }
 
     @Override
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerRemoveHandler.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerRemoveHandler.java
index 8b5dc5a298..f84e45ffe1 100644
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerRemoveHandler.java
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerRemoveHandler.java
@@ -44,12 +44,6 @@ public final class AuthServerRemoveHandler extends AbstractRemoveStepHandler {
 
     @Override
     protected void performRemove(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException {
-        //KeycloakAdapterConfigService.INSTANCE.removeAuthServer()
-        System.out.println("*** performRuntime ** operation");
-        System.out.println(operation.toString());
-        System.out.println("*** performRuntime ** model");
-        System.out.println(model.toString());
-
         String deploymentName = AuthServerUtil.getDeploymentName(operation);
         KeycloakAdapterConfigService.INSTANCE.removeServerDeployment(deploymentName);
 
@@ -63,8 +57,6 @@ public final class AuthServerRemoveHandler extends AbstractRemoveStepHandler {
     private void addStepToRemoveAuthServer(OperationContext context, String deploymentName) {
         PathAddress deploymentAddress = PathAddress.pathAddress(PathElement.pathElement(DEPLOYMENT, deploymentName));
         ModelNode op = Util.createOperation(REMOVE, deploymentAddress);
-        System.out.println("**** Removing deployment *****");
-        System.out.println(op.toString());
         context.addStep(op, getRemoveHandler(context, deploymentAddress), OperationContext.Stage.MODEL);
     }
 
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerUtil.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerUtil.java
index 30b170be25..d4085c998c 100644
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerUtil.java
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerUtil.java
@@ -17,9 +17,9 @@
 package org.keycloak.subsystem.extension.authserver;
 
 import java.io.File;
+import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.util.Iterator;
 import org.jboss.as.controller.OperationContext;
 import org.jboss.as.controller.OperationFailedException;
 import org.jboss.as.controller.OperationStepHandler;
@@ -27,13 +27,14 @@ import org.jboss.as.controller.PathAddress;
 import org.jboss.as.controller.PathElement;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ARCHIVE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.CONTENT;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DEPLOY;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DEPLOYMENT;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ENABLED;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.PERSISTENT;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.PATH;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REDEPLOY;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ROLLBACK_ON_RUNTIME_FAILURE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.RUNTIME_NAME;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.UNDEPLOY;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.URL;
@@ -43,8 +44,6 @@ import org.jboss.dmr.ModelNode;
 import org.jboss.modules.Module;
 import org.jboss.modules.ModuleIdentifier;
 import org.jboss.modules.ModuleLoadException;
-import org.jboss.modules.Resource;
-import org.jboss.modules.filter.PathFilter;
 
 /**
  * Utility methods that help assemble and start an auth server.
@@ -57,14 +56,15 @@ public class AuthServerUtil {
 
     private final String authServerName;
     private final PathAddress pathAddress;
-    private String deploymentName;
+    private final String deploymentName;
 
     //private String overlayName;
-    private Module subsysModule;
-    private String keycloakVersion;
+    private final Module subsysModule;
+    private final String keycloakVersion;
+    private final boolean isAuthServerExploded;
 
     //private File overlaysDir;
-    private URL authServerUrl = null;
+    private final URI authServerUri;
     //private URL serverConfig = null;
     //private Set<URL> spiUrls = new HashSet<URL>();
 
@@ -72,137 +72,69 @@ public class AuthServerUtil {
         this.authServerName = getAuthServerName(operation);
         this.pathAddress = getPathAddress(operation);
         this.deploymentName = getDeploymentName(operation);
-
-        //this.overlayName = deploymentName + "-keycloak-overlay";
-        setModule();
-        findAuthServerUrl();
-        //findSpiUrls();
-
-        System.out.println("&&&&& " + authServerName + " authServerUrl=" + authServerUrl);
-//        System.out.println("&&&&& " + authServerName + " spiUrls=" + spiUrls);
-//        System.out.println("&&&&& " + authServerName + " serverConfig=" + serverConfig);
+        this.subsysModule = findSubsysModule();
+        this.keycloakVersion = subsysModule.getProperty("keycloak-version");
+        this.isAuthServerExploded = Boolean.parseBoolean(subsysModule.getProperty("auth-server-exploded"));
+        this.authServerUri = findAuthServerUri();
     }
 
     String getDeploymentName() {
         return this.deploymentName;
     }
 
-    private void setModule() {
+    private Module findSubsysModule() {
         try {
-            this.subsysModule = Module.getModuleFromCallerModuleLoader(KEYCLOAK_SUBSYSTEM);
-            this.keycloakVersion = subsysModule.getProperty("keycloak-version");
+            return Module.getModuleFromCallerModuleLoader(KEYCLOAK_SUBSYSTEM);
         } catch (ModuleLoadException e) {
             throw new IllegalStateException("Can't find Keycloak subsystem.", e);
         }
     }
 
-    /*private void findSpiUrls() throws IllegalStateException {
+    private URI findAuthServerUri() throws IllegalStateException {
         try {
-            Iterator<Resource> rscIterator = this.subsysModule.iterateResources(new PathFilter() {
-                @Override
-                public boolean accept(String string) {
-                    return string.equals(AuthServerUtil.this.authServerName);
-                }
-            });
-
-            while (rscIterator.hasNext()) {
-                Resource rsc = rscIterator.next();
-                System.out.println("rsc.getName()=" + rsc.getName());
-                URL url = rsc.getURL();
-
-                if (isJar(rsc)) {
-                    this.spiUrls.add(url);
-                }
-                if (isServerConfig(rsc)) {
-                    this.serverConfig = url;
-                }
+            URL subsysJar = this.subsysModule.getExportedResource("keycloak-wildfly-subsystem-" + this.keycloakVersion + ".jar");
+            File subsysDir = new File(subsysJar.toURI()).getParentFile();
+            File authServerDir = new File(subsysDir, "auth-server");
+            if (this.isAuthServerExploded) {
+                return authServerDir.toURI();
+            } else {
+                return new File(authServerDir, "keycloak-server-" + keycloakVersion + ".war").toURI();
             }
-        } catch (ModuleLoadException e) {
+        } catch (URISyntaxException e) {
             throw new IllegalStateException(e);
-        }
-    }*/
-
-    private void findAuthServerUrl() throws IllegalStateException {
-        try {
-            Iterator<org.jboss.modules.Resource> rscIterator = this.subsysModule.iterateResources(new PathFilter() {
-                @Override
-                public boolean accept(String string) {
-                    return string.equals("");
-                }
-            });
-
-            while (rscIterator.hasNext()) {
-                Resource rsc = rscIterator.next();
-                System.out.println("rsc.getName()=" + rsc.getName());
-                URL url = rsc.getURL();
-                String parent = "";
-                try {
-                    parent = new File(url.toURI()).getParent();
-                } catch (URISyntaxException e) {
-                    continue;
-                } catch (IllegalArgumentException e) {
-                    continue;
-                }
-
-                if (isAuthServer(rsc, parent)) {
-                    this.authServerUrl = url;
-                    //File mainDir = new File(parent).getParentFile();
-                    //this.overlaysDir = new File(mainDir, "overlays");
-                    break;
-                }
-            }
-        } catch (ModuleLoadException e) {
+        } catch (IllegalArgumentException e) {
             throw new IllegalStateException(e);
         }
     }
 
-    private boolean isAuthServer(Resource rsc, String parent) {
-        return rsc.getName().equals("keycloak-server-" + keycloakVersion + ".war")
-                && parent.toLowerCase().endsWith("auth-server");
-    }
-
-    /*private boolean isServerConfig(Resource rsc) {
-        return rsc.getName().endsWith("/keycloak-server.json");
-    }
-
-    private boolean isJar(Resource rsc) {
-        return rsc.getName().toLowerCase().endsWith(".jar");
-    }
-
-    boolean serverOverlayDirExists() {
-        return new File(overlaysDir, authServerName).exists();
-    }
-
-    private boolean hasOverlays() {
-        return (this.serverConfig != null) || (!this.spiUrls.isEmpty());
-    }*/
-
     void addStepToUploadAuthServer(OperationContext context, boolean isEnabled) throws OperationFailedException {
         PathAddress deploymentAddress = deploymentAddress();
         ModelNode op = Util.createOperation(ADD, deploymentAddress);
         op.get(ENABLED).set(isEnabled);
         op.get(PERSISTENT).set(false); // prevents writing this deployment out to standalone.xml
 
-        if (authServerUrl == null) {
+        if (authServerUri == null) {
             throw new OperationFailedException("Keycloak Auth Server WAR not found in keycloak-wildfly-subsystem module");
         }
 
-        String urlString = authServerUrl.toExternalForm();
-        ModelNode contentItem = new ModelNode();
-        contentItem.get(URL).set(urlString);
-        op.get(CONTENT).add(contentItem);
+        op.get(CONTENT).add(makeContentItem());
 
-        System.out.println("*** add auth server operation");
-        System.out.println(op.toString());
         context.addStep(op, getHandler(context, deploymentAddress, ADD), OperationContext.Stage.MODEL);
+    }
 
-        /*File authServerOverlaysDir = new File(this.overlaysDir, authServerName);
-        System.out.println("authServerOverlaysDir" + authServerOverlaysDir.getAbsolutePath());
-        if (!authServerOverlaysDir.exists()) {
-            authServerOverlaysDir.mkdir();
-            addOverlay(context);
-            linkToDeployment(context);
-        }*/
+    private ModelNode makeContentItem() throws OperationFailedException {
+        ModelNode contentItem = new ModelNode();
+
+        if (this.isAuthServerExploded) {
+            String urlString = new File(authServerUri).getAbsolutePath();
+            contentItem.get(PATH).set(urlString);
+            contentItem.get(ARCHIVE).set(false);
+        } else {
+            String urlString = authServerUri.toString();
+            contentItem.get(URL).set(urlString);
+        }
+
+        return contentItem;
     }
 
     void addStepToRedeployAuthServer(OperationContext context) {
@@ -221,8 +153,6 @@ public class AuthServerUtil {
         PathAddress deploymentAddress = deploymentAddress();
         ModelNode op = Util.createOperation(operation, deploymentAddress);
         op.get(RUNTIME_NAME).set(deploymentName);
-        System.out.println(">>>> operation=" + operation);
-        System.out.println(op.toString());
         context.addStep(op, getHandler(context, deploymentAddress, operation), OperationContext.Stage.MODEL);
     }
 
@@ -230,112 +160,13 @@ public class AuthServerUtil {
         return PathAddress.pathAddress(PathElement.pathElement(DEPLOYMENT, deploymentName));
     }
 
-    /*void addStepsToAssembleOverlay(OperationContext context) throws OperationFailedException {
-        if (hasOverlays()) {
-            addOverlay(context);
-            addKeycloakServerJson(context);
-            addSpiJars(context);
-            linkToDeployment(context);
-        }
-        removeOverlayDir();
-    }
-
-    private void removeOverlayDir() {
-        // TODO implement as operation
-    }
-
-    private void addOverlay(OperationContext context) throws OperationFailedException {
-        if (!hasOverlays()) return;
-
-        PathAddress overlayAddress = PathAddress.pathAddress(PathElement.pathElement(DEPLOYMENT_OVERLAY, overlayName));
-
-        ModelNode addOp = Util.createOperation(ADD, overlayAddress);
-        //addOp.get(PERSISTENT).set(false);
-
-        addRollbackFalse(addOp);
-        System.out.println("*** add overlay operation");
-        System.out.println(addOp.toString());
-        context.addStep(addOp, getAddHandler(context, overlayAddress), OperationContext.Stage.MODEL);
-    }
-
-    private void addKeycloakServerJson(OperationContext context) throws OperationFailedException {
-        if (this.serverConfig == null) {
-            return;
-        }
-
-        addOveralyContent(context, this.serverConfig, "/WEB-INF/classes/META-INF/keycloak-server.json");
-        addChangeToOperation(context, this.serverConfig, ManageOverlayHandler.changeToEnum.deployed);
-    }
-
-    private void addSpiJars(OperationContext context) throws OperationFailedException {
-        if (this.spiUrls.isEmpty()) {
-            return;
-        }
-
-        for (URL source : this.spiUrls) {
-            try {
-                String fileName = new java.io.File(source.toURI()).getName();
-                addOveralyContent(context, source, "/WEB-INF/lib/" + fileName);
-            } catch (URISyntaxException e) {
-                throw new OperationFailedException(e);
-            } catch (IllegalArgumentException e) {
-                throw new OperationFailedException(e);
-            }
-        }
-    }
-
-    private void linkToDeployment(OperationContext context) throws OperationFailedException {
-        if (!hasOverlays()) return;
-
-        PathAddress linkAddress = PathAddress.pathAddress(PathElement.pathElement(DEPLOYMENT_OVERLAY, overlayName),
-                PathElement.pathElement(DEPLOYMENT, deploymentName));
-        ModelNode op = Util.createOperation(ADD, linkAddress);
-
-        addRollbackFalse(op);
-        System.out.println("*** link to deployment operation");
-        System.out.println(op.toString());
-        context.addStep(op, getAddHandler(context, linkAddress), OperationContext.Stage.MODEL);
-    }
-
-    private void addOveralyContent(OperationContext context, URL source, String destination) throws OperationFailedException {
-        PathAddress contentAddress = PathAddress.pathAddress(PathElement.pathElement(DEPLOYMENT_OVERLAY, overlayName),
-                PathElement.pathElement(CONTENT, destination));
-        ModelNode op = Util.createOperation(ADD, contentAddress);
-
-        ModelNode contentItem = new ModelNode();
-        contentItem.get(URL).set(source.toExternalForm());
-        op.get(CONTENT).set(contentItem);
-
-        addRollbackFalse(op);
-        System.out.println("*** add content operation");
-        System.out.println(op.toString());
-
-        context.addStep(op, getAddHandler(context, contentAddress), OperationContext.Stage.MODEL);
-    }
-
-    private void addChangeToOperation(OperationContext context, URL source, ManageOverlayHandler.changeToEnum changeTo) {
-        ModelNode op = Util.createOperation(ManageOverlayHandler.OP, this.pathAddress);
-        op.get(ManageOverlayHandler.URL.getName()).set(source.toExternalForm());
-        op.get(ManageOverlayHandler.CHANGE_TO.getName()).set(changeTo.toString());
-
-        System.out.println("************change-to operation********************");
-        System.out.println(op.toString());
-        context.addStep(op, ManageOverlayHandler.INSTANCE, OperationContext.Stage.RUNTIME, false);
-    }*/
-
-    private OperationStepHandler getHandler(OperationContext context, PathAddress address, String opName) {
+    static OperationStepHandler getHandler(OperationContext context, PathAddress address, String opName) {
         ImmutableManagementResourceRegistration rootResourceRegistration = context.getRootResourceRegistration();
         return rootResourceRegistration.getOperationHandler(address, opName);
-        //return new IgnoreIfResourceExistsHandler(handler);
-    }
-
-    private void addRollbackFalse(ModelNode modelNode) {
-        modelNode.get(ROLLBACK_ON_RUNTIME_FAILURE).set(false);
     }
 
     static String getDeploymentName(ModelNode operation) {
         String deploymentName = Util.getNameFromAddress(operation.get(ADDRESS));
-        System.out.println("*** authServerName=" + deploymentName);
         if (!deploymentName.toLowerCase().endsWith(".war")) {
             deploymentName += ".war";
         }
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerWriteAttributeHandler.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerWriteAttributeHandler.java
index 11cedce525..24decfcc02 100755
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerWriteAttributeHandler.java
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/AuthServerWriteAttributeHandler.java
@@ -50,13 +50,6 @@ public class AuthServerWriteAttributeHandler extends ModelOnlyWriteAttributeHand
             return;
         }
 
-        System.out.println("**** finishModelStage *****");
-        System.out.println("** operation **");
-        System.out.println(operation.toString());
-        System.out.println("** attributeName=" + attributeName);
-        System.out.println("** oldValue=" + oldValue);
-        System.out.println("** newValue=" + newValue);
-
         AuthServerUtil authServerUtil = new AuthServerUtil(operation);
         boolean isEnabled = isEnabled(model); // is server currently enabled?
 
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/ManageOverlayHandler.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/ManageOverlayHandler.java
deleted file mode 100755
index d347071495..0000000000
--- a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/ManageOverlayHandler.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
- * as indicated by the @author tags. All rights reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- */
-
-package org.keycloak.subsystem.extension.authserver;
-
-import org.jboss.as.controller.AttributeDefinition;
-import org.jboss.as.controller.OperationContext;
-import org.jboss.as.controller.OperationFailedException;
-import org.jboss.as.controller.ServiceVerificationHandler;
-import org.jboss.dmr.ModelNode;
-import org.jboss.msc.service.ServiceController;
-
-import java.util.List;
-import java.util.Set;
-import org.jboss.as.controller.AbstractRuntimeOnlyHandler;
-import org.jboss.as.controller.OperationDefinition;
-import org.jboss.as.controller.PathAddress;
-import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.ResourceDefinition;
-import org.jboss.as.controller.SimpleAttributeDefinition;
-import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
-import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
-
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DEPLOYMENT_OVERLAY;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP;
-import org.jboss.as.controller.operations.validation.EnumValidator;
-import org.jboss.as.controller.registry.ImmutableManagementResourceRegistration;
-import org.jboss.as.controller.registry.Resource;
-import org.jboss.dmr.ModelType;
-import org.keycloak.subsystem.extension.KeycloakAdapterConfigService;
-
-/**
- * Rename the extension of an overlay in the overlays/<auth server> directory.
- *
- * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
- */
-public final class ManageOverlayHandler extends AbstractRuntimeOnlyHandler {
-
-    public static final String OP = "change-to";
-
-    public static ManageOverlayHandler INSTANCE = new ManageOverlayHandler();
-
-    public enum changeToEnum {deployed, undeployed};
-
-    protected static final SimpleAttributeDefinition URL =
-            new SimpleAttributeDefinitionBuilder("url", ModelType.STRING, false)
-            .setAllowExpression(false)
-            .build();
-
-    protected static final SimpleAttributeDefinition CHANGE_TO =
-            new SimpleAttributeDefinitionBuilder(OP, ModelType.STRING, false)
-            .setAllowExpression(false)
-            .setValidator(new EnumValidator(changeToEnum.class,  false, false))
-            .build();
-
-    public static OperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder("manage-overlay", AuthServerDefinition.rscDescriptionResolver)
-            .addParameter(URL)
-            .addParameter(CHANGE_TO)
-            .build();
-
-    private ManageOverlayHandler() {
-    }
-
-    @Override
-    protected void executeRuntimeStep(OperationContext context, ModelNode mn) throws OperationFailedException {
-        System.out.println("Executing!!!!");
-        PathAddress pathAddress = PathAddress.pathAddress(PathElement.pathElement(DEPLOYMENT_OVERLAY, "main-auth-server.war-keycloak-overlay"));
-        //PathAddress pathAddress = PathAddress.pathAddress(PathElement.pathElement("path", "user.dir"));
-        ImmutableManagementResourceRegistration rootResourceRegistration = context.getRootResourceRegistration();
-
-        Resource resource = context.readResourceFromRoot(pathAddress);
-        Set<PathElement> childAddrs = rootResourceRegistration.getChildAddresses(pathAddress);
-        Set<String> children = rootResourceRegistration.getChildNames(pathAddress);
-
-
-        System.out.println("***************");
-        System.out.println("childAddrs=" + childAddrs);
-        System.out.println("children=" + children);
-        System.out.println("model=" + resource.getModel());
-        System.out.println("children=" + resource.getChildrenNames("deployment"));
-        context.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
-    }
-
-}
diff --git a/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/OverlayKeycloakServerJsonHandler.java b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/OverlayKeycloakServerJsonHandler.java
new file mode 100644
index 0000000000..485c37dd29
--- /dev/null
+++ b/integration/wildfly-subsystem/src/main/java/org/keycloak/subsystem/extension/authserver/OverlayKeycloakServerJsonHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.keycloak.subsystem.extension.authserver;
+
+import org.jboss.as.controller.OperationDefinition;
+import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
+
+/**
+ * Operation to overlay keycloak-server.json.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
+ */
+public class OverlayKeycloakServerJsonHandler extends AbstractAddOverlayHandler {
+
+    public static final String OP = "update-server-config";
+
+    public static final OverlayKeycloakServerJsonHandler INSTANCE = new OverlayKeycloakServerJsonHandler();
+
+    public static OperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder(OP, AuthServerDefinition.rscDescriptionResolver)
+            .addParameter(BYTES_TO_UPLOAD)
+            .build();
+
+    @Override
+    String getOverlayPath(String fileName) {
+        return "/WEB-INF/classes/META-INF/keycloak-server.json";
+    }
+
+}
diff --git a/integration/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/extension/LocalDescriptions.properties b/integration/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/extension/LocalDescriptions.properties
index 45c4c6e22c..3239f14040 100755
--- a/integration/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/extension/LocalDescriptions.properties
+++ b/integration/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/extension/LocalDescriptions.properties
@@ -9,9 +9,12 @@ keycloak.subsystem.secure-deployment=A deployment secured by Keycloak.
 keycloak.auth-server=A Keycloak Auth Server
 keycloak.auth-server.add=Add an Auth Server to the subsystem.
 keycloak.auth-server.remove=Remove an Auth Server from the subsystem.
-keycloak.auth-server.manage-overlay=Internal use only. Do not call from CLI!!
-keycloak.auth-server.manage-overlay.url=Internal use only. Do not call from CLI!! The overlay URL that needs its extension to be changed.
-keycloak.auth-server.manage-overlay.change-to=Internal use only. Do not call from CLI!! The extension the overlay will be changed to.
+keycloak.auth-server.add-provider=Add a provider service jar to the Keycloak auth server.
+keycloak.auth-server.add-provider.uploaded-file-name=The file name of the provider service jar to be added or updated.
+keycloak.auth-server.add-provider.bytes-to-upload=The bytes of the provider service jar to be added or updated.
+keycloak.auth-server.update-server-config=Upload a new keycloak-server.json configuration file for the Keycloak auth server.
+keycloak.auth-server.update-server-config.uploaded-file-name=Should be the name keycloak-server.json.
+keycloak.auth-server.update-server-config.bytes-to-upload=The bytes of the keycloak-server.json file to be added or updated.
 keycloak.auth-server.enabled=Enable or disable the Auth Server.
 keycloak.auth-server.web-context=Web context the auth-server will use.  Also, the module name of the auth-server deployment.