From 5fe0406ec9fce9682186c8214e7312a181402efe Mon Sep 17 00:00:00 2001
From: Petr Mensik <pmensik@redhat.com>
Date: Tue, 2 Jun 2015 15:37:19 +0200
Subject: [PATCH 01/53] Fixed addDisabledUser test

---
 .../keycloak/testsuite/ui/test/user/AddNewUserTest.java  | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/AddNewUserTest.java b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/AddNewUserTest.java
index 5694c51362..c59cd30b16 100644
--- a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/AddNewUserTest.java
+++ b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/AddNewUserTest.java
@@ -100,13 +100,16 @@ public class AddNewUserTest extends AbstractKeyCloakTest<UserPage> {
 
     @Test
     public void addDisabledUser() {
-        page.addUser(TEST_USER1);
+        User disabledUser = new User(TEST_USER1);
+		disabledUser.setUserEnabled(false);
+		disabledUser.setUserName("disabled_user");
+        page.addUser(disabledUser);
         assertTrue(flashMessage.getText(), flashMessage.isSuccess());
 		navigation.users();
-        page.deleteUser(TEST_USER1.getUserName());
+        page.deleteUser(disabledUser.getUserName());
         flashMessage.waitUntilPresent();
         assertTrue(flashMessage.getText(), flashMessage.isSuccess());
-        assertNull(page.findUser(TEST_USER1.getUserName()));
+        assertNull(page.findUser(disabledUser.getUserName()));
     }
 
     

From 681251468337c87fc2b23022df8fa4ef66dccc80 Mon Sep 17 00:00:00 2001
From: Stan Silvert <ssilvert@redhat.com>
Date: Thu, 4 Jun 2015 15:29:44 -0400
Subject: [PATCH 02/53] KEYCLOAK-1404: Need recovery mechanism for master admin
 user

---
 docbook/reference/en/en-US/master.xml         |  2 +
 .../en/en-US/modules/admin-recovery.xml       | 15 +++
 .../keycloak/offlineconfig/AdminRecovery.java | 80 ++++++++++++++++
 .../services/managers/ApplianceBootstrap.java |  4 +
 .../resources/KeycloakApplication.java        |  2 +
 .../offlineconfig/AdminRecoveryTest.java      | 94 +++++++++++++++++++
 6 files changed, 197 insertions(+)
 create mode 100755 docbook/reference/en/en-US/modules/admin-recovery.xml
 create mode 100644 services/src/main/java/org/keycloak/offlineconfig/AdminRecovery.java
 create mode 100644 testsuite/integration/src/test/java/org/keycloak/testsuite/offlineconfig/AdminRecoveryTest.java

diff --git a/docbook/reference/en/en-US/master.xml b/docbook/reference/en/en-US/master.xml
index 218a1aa7a5..d379ac8151 100755
--- a/docbook/reference/en/en-US/master.xml
+++ b/docbook/reference/en/en-US/master.xml
@@ -35,6 +35,7 @@
                 <!ENTITY UserFederation SYSTEM "modules/user-federation.xml">
                 <!ENTITY Kerberos SYSTEM "modules/kerberos.xml">
                 <!ENTITY ExportImport SYSTEM "modules/export-import.xml">
+                <!ENTITY AdminRecovery SYSTEM "modules/admin-recovery.xml">
                 <!ENTITY ServerCache SYSTEM "modules/cache.xml">
                 <!ENTITY SecurityVulnerabilities SYSTEM "modules/security-vulnerabilities.xml">
                 <!ENTITY Clustering SYSTEM "modules/clustering.xml">
@@ -126,6 +127,7 @@ This one is short
     &UserFederation;
     &Kerberos;
     &ExportImport;
+    &AdminRecovery;
     &ServerCache;
     &SAML;
     &SecurityVulnerabilities;
diff --git a/docbook/reference/en/en-US/modules/admin-recovery.xml b/docbook/reference/en/en-US/modules/admin-recovery.xml
new file mode 100755
index 0000000000..74cfa3eb45
--- /dev/null
+++ b/docbook/reference/en/en-US/modules/admin-recovery.xml
@@ -0,0 +1,15 @@
+<chapter id="admin-recovery">
+    <title>Recovering the Master Admin User</title>
+    <para>
+        It is possible for the "admin" user in the master realm to become inoperable.  This may be because it was
+        accentally deleted, its role mappings were removed, or the password was simply forgotten.
+    </para>
+    <para>
+        To recover the master admin user, just start the server with the following system property:
+        <programlisting><![CDATA[
+bin/standalone.sh -Dkeycloak.recover-admin=true
+]]></programlisting>
+        Then you can log in to the master admin account with the default password "admin".  You will then be
+        prompted to immediately change this password.
+    </para>
+</chapter>
\ No newline at end of file
diff --git a/services/src/main/java/org/keycloak/offlineconfig/AdminRecovery.java b/services/src/main/java/org/keycloak/offlineconfig/AdminRecovery.java
new file mode 100644
index 0000000000..0f384ce5d7
--- /dev/null
+++ b/services/src/main/java/org/keycloak/offlineconfig/AdminRecovery.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.keycloak.offlineconfig;
+
+import org.jboss.logging.Logger;
+import org.keycloak.Config;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RealmProvider;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.UserProvider;
+import org.keycloak.services.managers.ApplianceBootstrap;
+
+/**
+ * Static utility class that performs recovery on the master admin account.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2015 Red Hat Inc.
+ */
+public class AdminRecovery {
+    private static final Logger log = Logger.getLogger(AdminRecovery.class);
+
+    public static final String RECOVER_ADMIN_ACCOUNT = "keycloak.recover-admin";
+
+    // Don't allow instances
+    private AdminRecovery() {}
+
+    public static void recover(KeycloakSessionFactory sessionFactory) {
+        if (!needRecovery()) return;
+
+        KeycloakSession session = sessionFactory.create();
+
+        session.getTransaction().begin();
+        try {
+            doRecover(session);
+            session.getTransaction().commit();
+            log.info("*******************************");
+            log.info("Recovered Master Admin account.");
+            log.info("*******************************");
+        } finally {
+            session.close();
+            System.setProperty(AdminRecovery.RECOVER_ADMIN_ACCOUNT, "false");
+        }
+    }
+
+    private static boolean needRecovery() {
+        String strNeedRecovery = System.getProperty(RECOVER_ADMIN_ACCOUNT, "false");
+        return Boolean.parseBoolean(strNeedRecovery);
+    }
+
+    private static void doRecover(KeycloakSession session) {
+        RealmProvider realmProvider = session.realms();
+        UserProvider userProvider = session.users();
+
+        String adminRealmName = Config.getAdminRealm();
+        RealmModel realm = realmProvider.getRealmByName(adminRealmName);
+        UserModel adminUser = userProvider.getUserByUsername("admin", realm);
+
+        if (adminUser == null) {
+            adminUser = userProvider.addUser(realm, "admin");
+        }
+
+        ApplianceBootstrap.setupAdminUser(session, realm, adminUser);
+    }
+}
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
index 8760ff01b3..fbd6ea5309 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
@@ -61,6 +61,10 @@ public class ApplianceBootstrap {
         KeycloakModelUtils.generateRealmKeys(realm);
 
         UserModel adminUser = session.users().addUser(realm, "admin");
+        setupAdminUser(session, realm, adminUser);
+    }
+
+    public static void setupAdminUser(KeycloakSession session, RealmModel realm, UserModel adminUser) {
         adminUser.setEnabled(true);
         UserCredentialModel password = new UserCredentialModel();
         password.setType(UserCredentialModel.PASSWORD);
diff --git a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
index e4c821cd30..0e32fe8982 100755
--- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
+++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
@@ -42,6 +42,7 @@ import java.util.HashSet;
 import java.util.Properties;
 import java.util.Set;
 import java.util.StringTokenizer;
+import org.keycloak.offlineconfig.AdminRecovery;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -88,6 +89,7 @@ public class KeycloakApplication extends Application {
         importRealms(context);
         migrateModel();
 
+        AdminRecovery.recover(sessionFactory);
 
         setupScheduledTasks(sessionFactory);
     }
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/offlineconfig/AdminRecoveryTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/offlineconfig/AdminRecoveryTest.java
new file mode 100644
index 0000000000..b8aebbb2df
--- /dev/null
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/offlineconfig/AdminRecoveryTest.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.keycloak.testsuite.offlineconfig;
+
+import org.junit.Assert;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserCredentialValueModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.UserModel.RequiredAction;
+import org.keycloak.offlineconfig.AdminRecovery;
+import org.keycloak.testsuite.rule.KeycloakRule;
+import org.keycloak.testsuite.rule.WebRule;
+
+/**
+ * Test the AdminRecovery class.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2015 Red Hat Inc.
+ */
+public class AdminRecoveryTest {
+    @ClassRule
+    public static KeycloakRule keycloakRule = new KeycloakRule();
+
+    @Rule
+    public WebRule webRule = new WebRule(this);
+
+    @Test
+    public void testAdminDeletedRecovery() {
+        KeycloakSession session = keycloakRule.startSession();
+        RealmModel masterRealm = session.realms().getRealmByName("master");
+        UserModel adminUser = session.users().getUserByUsername("admin", masterRealm);
+        session.users().removeUser(masterRealm, adminUser);
+        adminUser = session.users().getUserByUsername("admin", masterRealm);
+        keycloakRule.stopSession(session, true);
+
+        Assert.assertNull(adminUser);
+
+        doAdminRecovery(session);
+
+        session = keycloakRule.startSession();
+        adminUser = session.users().getUserByUsername("admin", masterRealm);
+        Assert.assertNotNull(adminUser);
+        Assert.assertTrue(adminUser.getRequiredActions().contains(RequiredAction.UPDATE_PASSWORD.toString()));
+    }
+
+    @Test
+    public void testAdminPasswordRecovery() {
+        KeycloakSession session = keycloakRule.startSession();
+        RealmModel masterRealm = session.realms().getRealmByName("master");
+        UserModel adminUser = session.users().getUserByUsername("admin", masterRealm);
+        UserCredentialValueModel password = adminUser.getCredentialsDirectly().get(0);
+        password.setValue("forgotten-password");
+        adminUser.updateCredentialDirectly(password);
+        keycloakRule.stopSession(session, true);
+
+        Assert.assertEquals("forgotten-password", getAdminPassword());
+
+        doAdminRecovery(session);
+
+        Assert.assertNotEquals("forgotten-password", getAdminPassword());
+    }
+
+    private void doAdminRecovery(KeycloakSession session) {
+        System.setProperty(AdminRecovery.RECOVER_ADMIN_ACCOUNT, "true");
+        AdminRecovery.recover(session.getKeycloakSessionFactory());
+    }
+
+    private String getAdminPassword() {
+        KeycloakSession session = keycloakRule.startSession();
+        RealmModel masterRealm = session.realms().getRealmByName("master");
+        UserModel adminUser = session.users().getUserByUsername("admin", masterRealm);
+        UserCredentialValueModel password = adminUser.getCredentialsDirectly().get(0);
+        keycloakRule.stopSession(session, true);
+        return password.getValue();
+    }
+}

From e48aafd588a05ec09f50caa4848235f61a53deba Mon Sep 17 00:00:00 2001
From: Stan Silvert <ssilvert@redhat.com>
Date: Fri, 5 Jun 2015 07:46:39 -0400
Subject: [PATCH 03/53] Fix spelling error.

---
 docbook/reference/en/en-US/modules/admin-recovery.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docbook/reference/en/en-US/modules/admin-recovery.xml b/docbook/reference/en/en-US/modules/admin-recovery.xml
index 74cfa3eb45..e026cddecd 100755
--- a/docbook/reference/en/en-US/modules/admin-recovery.xml
+++ b/docbook/reference/en/en-US/modules/admin-recovery.xml
@@ -2,7 +2,7 @@
     <title>Recovering the Master Admin User</title>
     <para>
         It is possible for the "admin" user in the master realm to become inoperable.  This may be because it was
-        accentally deleted, its role mappings were removed, or the password was simply forgotten.
+        accidentally deleted, its role mappings were removed, or the password was simply forgotten.
     </para>
     <para>
         To recover the master admin user, just start the server with the following system property:

From 75e1f50fafb762a225c89a0c3f1105a205758a97 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Fri, 5 Jun 2015 19:35:09 +0200
Subject: [PATCH 04/53] KEYCLOAK-1390 mongo migration for identity providers

---
 .../impl/updates/Update1_3_0_Beta1.java       | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0_Beta1.java b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0_Beta1.java
index ba9d616a05..f834d22b1d 100644
--- a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0_Beta1.java
+++ b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0_Beta1.java
@@ -1,6 +1,11 @@
 package org.keycloak.connections.mongo.updater.impl.updates;
 
+import com.mongodb.BasicDBList;
+import com.mongodb.BasicDBObject;
+import com.mongodb.DBCollection;
+import com.mongodb.DBCursor;
 import org.keycloak.models.KeycloakSession;
+import org.keycloak.representations.idm.IdentityProviderRepresentation;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -14,7 +19,41 @@ public class Update1_3_0_Beta1 extends Update {
 
     @Override
     public void update(KeycloakSession session) {
+        deleteEntries("clientSessions");
+        deleteEntries("sessions");
+
         removeField("realms", "passwordCredentialGrantAllowed");
+
+        updateIdentityProviders();
+    }
+
+    private void updateIdentityProviders() {
+        DBCollection realms = db.getCollection("realms");
+        DBCursor realmsCursor = realms.find();
+
+        try {
+            while (realmsCursor.hasNext()) {
+                BasicDBObject realm = (BasicDBObject) realmsCursor.next();
+
+                BasicDBList identityProviders = (BasicDBList) realm.get("identityProviders");
+                if (identityProviders != null) {
+                    for (Object ipObj : identityProviders) {
+                        BasicDBObject identityProvider = (BasicDBObject) ipObj;
+
+                        boolean updateProfileFirstLogin = identityProvider.getBoolean("updateProfileFirstLogin");
+                        String upflMode = updateProfileFirstLogin ? IdentityProviderRepresentation.UPFLM_ON : IdentityProviderRepresentation.UPFLM_OFF;
+                        identityProvider.put("updateProfileFirstLoginMode", upflMode);
+                        identityProvider.removeField("updateProfileFirstLogin");
+
+                        identityProvider.put("trustEmail", false);
+                    }
+                }
+
+                realms.save(realm);
+            }
+        } finally {
+            realmsCursor.close();
+        }
     }
 
 }

From 0af68d28f187e9a3f84eb8717e81433bb945784c Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Mon, 8 Jun 2015 12:28:59 +0200
Subject: [PATCH 05/53] KEYCLOAK-1357 LDAP migration

---
 .../keycloak/federation/ldap/LDAPConfig.java  | 37 +++++++--------
 .../ldap/LDAPFederationProviderFactory.java   |  4 +-
 .../ldap/LDAPIdentityStoreRegistry.java       | 17 -------
 .../keycloak/migration/MigrationModel.java    |  2 +-
 .../migration/MigrationModelManager.java      |  6 ++-
 .../org/keycloak/migration/ModelVersion.java  |  2 +-
 .../migrators/MigrateTo1_3_0_Beta1.java       | 46 +++++++++++++++++++
 .../org/keycloak/models/LDAPConstants.java    | 19 ++++++++
 ...erFederationEventAwareProviderFactory.java |  2 +-
 .../keycloak/models/MigrationVersionTest.java | 22 ++++-----
 10 files changed, 101 insertions(+), 56 deletions(-)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java
index 4ebde77865..3317b9d1d0 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPConfig.java
@@ -48,7 +48,14 @@ public class LDAPConfig {
     }
 
     public String getUsersDn() {
-        return config.get(LDAPConstants.USERS_DN);
+        String usersDn = config.get(LDAPConstants.USERS_DN);
+
+        if (usersDn == null) {
+            // Just for the backwards compatibility 1.2 -> 1.3 . Should be removed later.
+            usersDn = config.get("userDnSuffix");
+        }
+
+        return usersDn;
     }
 
     public Collection<String> getUserObjectClasses() {
@@ -101,31 +108,13 @@ public class LDAPConfig {
         if (uuidAttrName == null) {
             // Differences of unique attribute among various vendors
             String vendor = getVendor();
-            if (vendor != null) {
-                switch (vendor) {
-                    case LDAPConstants.VENDOR_RHDS:
-                        uuidAttrName = "nsuniqueid";
-                        break;
-                    case LDAPConstants.VENDOR_TIVOLI:
-                        uuidAttrName = "uniqueidentifier";
-                        break;
-                    case LDAPConstants.VENDOR_NOVELL_EDIRECTORY:
-                        uuidAttrName = "guid";
-                        break;
-                    case LDAPConstants.VENDOR_ACTIVE_DIRECTORY:
-                        uuidAttrName = LDAPConstants.OBJECT_GUID;
-                }
-            }
-
-            if (uuidAttrName == null) {
-                uuidAttrName = LDAPConstants.ENTRY_UUID;
-            }
+            uuidAttrName = LDAPConstants.getUuidAttributeName(vendor);
         }
 
         return uuidAttrName;
     }
 
-    // TODO: Remove and use mapper instead
+    // TODO: Remove and use mapper instead?
     public boolean isUserAccountControlsAfterPasswordUpdate() {
         String userAccountCtrls = config.get(LDAPConstants.USER_ACCOUNT_CONTROLS_AFTER_PASSWORD_UPDATE);
         return userAccountCtrls==null ? false : Boolean.parseBoolean(userAccountCtrls);
@@ -148,6 +137,12 @@ public class LDAPConfig {
         String rdn = config.get(LDAPConstants.RDN_LDAP_ATTRIBUTE);
         if (rdn == null) {
             rdn = getUsernameLdapAttribute();
+
+            if (rdn.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) {
+                // Just for the backwards compatibility 1.2 -> 1.3 . Should be removed later.
+                rdn = LDAPConstants.CN;
+            }
+
         }
         return rdn;
     }
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java
index 5c1bf6e76f..876a96d5fc 100755
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPFederationProviderFactory.java
@@ -41,7 +41,7 @@ import java.util.Set;
  */
 public class LDAPFederationProviderFactory extends UserFederationEventAwareProviderFactory {
     private static final Logger logger = Logger.getLogger(LDAPFederationProviderFactory.class);
-    public static final String PROVIDER_NAME = "ldap";
+    public static final String PROVIDER_NAME = LDAPConstants.LDAP_PROVIDER;
 
     private LDAPIdentityStoreRegistry ldapStoreRegistry;
 
@@ -79,7 +79,7 @@ public class LDAPFederationProviderFactory extends UserFederationEventAwareProvi
 
     // Best effort to create appropriate mappers according to our LDAP config
     @Override
-    protected void onProviderModelCreated(RealmModel realm, UserFederationProviderModel newProviderModel) {
+    public void onProviderModelCreated(RealmModel realm, UserFederationProviderModel newProviderModel) {
         LDAPConfig ldapConfig = new LDAPConfig(newProviderModel.getConfig());
 
         boolean activeDirectory = ldapConfig.isActiveDirectory();
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPIdentityStoreRegistry.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPIdentityStoreRegistry.java
index c737266a03..c9d7bb25df 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPIdentityStoreRegistry.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPIdentityStoreRegistry.java
@@ -55,23 +55,6 @@ public class LDAPIdentityStoreRegistry {
         checkSystemProperty("com.sun.jndi.ldap.connect.pool.protocol", "plain");
         checkSystemProperty("com.sun.jndi.ldap.connect.pool.debug", "off");
 
-        /*String ldapLoginNameMapping = ldapConfig.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
-        if (ldapLoginNameMapping == null) {
-            ldapLoginNameMapping = activeDirectory ? LDAPConstants.CN : LDAPConstants.UID;
-        }
-
-        String ldapFirstNameMapping = activeDirectory ?  "givenName" : LDAPConstants.CN;
-        String createTimestampMapping = activeDirectory ? "whenCreated" : LDAPConstants.CREATE_TIMESTAMP;
-        String modifyTimestampMapping = activeDirectory ? "whenChanged" : LDAPConstants.MODIFY_TIMESTAMP;
-        String[] userObjectClasses = getUserObjectClasses(ldapConfig);  */
-
-
-/*        if (activeDirectory && ldapLoginNameMapping.equals("sAMAccountName")) {
-            ldapUserMappingConfig.setBindingDnPropertyName("fullName");
-            ldapUserMappingConfig.addAttributeMapping("fullName", LDAPConstants.CN);
-            logger.infof("Using 'cn' attribute for DN of user and 'sAMAccountName' for username");
-        }    */
-
         return new LDAPIdentityStore(cfg);
     }
 
diff --git a/model/api/src/main/java/org/keycloak/migration/MigrationModel.java b/model/api/src/main/java/org/keycloak/migration/MigrationModel.java
index 936fbcf1da..df24b3d009 100755
--- a/model/api/src/main/java/org/keycloak/migration/MigrationModel.java
+++ b/model/api/src/main/java/org/keycloak/migration/MigrationModel.java
@@ -11,7 +11,7 @@ public interface MigrationModel {
     /**
      * Must have the form of major.minor.micro as the version is parsed and numbers are compared
      */
-    public static final String LATEST_VERSION = "1.2.0.CR1";
+    public static final String LATEST_VERSION = "1.3.0.Beta1";
 
     String getStoredVersion();
     void setStoredVersion(String version);
diff --git a/model/api/src/main/java/org/keycloak/migration/MigrationModelManager.java b/model/api/src/main/java/org/keycloak/migration/MigrationModelManager.java
index 7f52ab38e5..5d58fe1b1a 100755
--- a/model/api/src/main/java/org/keycloak/migration/MigrationModelManager.java
+++ b/model/api/src/main/java/org/keycloak/migration/MigrationModelManager.java
@@ -17,11 +17,13 @@ public class MigrationModelManager {
         String storedVersion = model.getStoredVersion();
         if (MigrationModel.LATEST_VERSION.equals(storedVersion)) return;
         ModelVersion stored = null;
-        if (storedVersion != null) new ModelVersion(storedVersion);
+        if (storedVersion != null) {
+            stored = new ModelVersion(storedVersion);
+        }
 
         if (stored == null || stored.lessThan(MigrationTo1_2_0_CR1.VERSION)) {
             if (stored != null) {
-                logger.debug("Migrating older model to 1.2.0.RC1 updates");
+                logger.debug("Migrating older model to 1.2.0.CR1 updates");
             }
             new MigrationTo1_2_0_CR1().migrate(session);
         }
diff --git a/model/api/src/main/java/org/keycloak/migration/ModelVersion.java b/model/api/src/main/java/org/keycloak/migration/ModelVersion.java
index 1dfcd14c0d..095576a560 100755
--- a/model/api/src/main/java/org/keycloak/migration/ModelVersion.java
+++ b/model/api/src/main/java/org/keycloak/migration/ModelVersion.java
@@ -59,7 +59,7 @@ public class ModelVersion {
         if (major < version.major) return true;
         if (minor < version.minor) return true;
         if (micro < version.micro) return true;
-        if (qualifier == version.qualifier) return false;
+        if (qualifier != null && qualifier.equals(version.qualifier)) return false;
         if (qualifier == null) return false;
         if (version.qualifier == null) return true;
         int comp = qualifier.compareTo(version.qualifier);
diff --git a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java
index ccf3c75373..ce013404cf 100755
--- a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java
+++ b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java
@@ -2,10 +2,18 @@ package org.keycloak.migration.migrators;
 
 import org.keycloak.migration.ModelVersion;
 import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.LDAPConstants;
 import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserFederationEventAwareProviderFactory;
+import org.keycloak.models.UserFederationProvider;
+import org.keycloak.models.UserFederationProviderFactory;
+import org.keycloak.models.UserFederationProviderModel;
 import org.keycloak.models.utils.DefaultAuthenticationFlows;
 
 import java.util.List;
+import java.util.Map;
+
+import javax.naming.directory.SearchControls;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -21,7 +29,45 @@ public class MigrateTo1_3_0_Beta1 {
             if (realm.getAuthenticationFlows().size() == 0) {
                 DefaultAuthenticationFlows.addFlows(realm);
             }
+
+            migrateLDAPProviders(session, realm);
         }
 
     }
+
+    private void migrateLDAPProviders(KeycloakSession session, RealmModel realm) {
+        List<UserFederationProviderModel> federationProviders = realm.getUserFederationProviders();
+        for (UserFederationProviderModel fedProvider : federationProviders) {
+
+            if (fedProvider.getProviderName().equals(LDAPConstants.LDAP_PROVIDER)) {
+                Map<String, String> config = fedProvider.getConfig();
+
+                // Update config properties for LDAP federation provider
+                config.put(LDAPConstants.SEARCH_SCOPE, String.valueOf(SearchControls.SUBTREE_SCOPE));
+
+                String usersDn = config.remove("userDnSuffix");
+                config.put(LDAPConstants.USERS_DN, usersDn);
+
+                String rdnLdapAttribute = config.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
+                if (rdnLdapAttribute != null) {
+                    if (rdnLdapAttribute.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) {
+                        config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, LDAPConstants.CN);
+                    } else {
+                        config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, rdnLdapAttribute);
+                    }
+                }
+
+                String uuidAttrName = LDAPConstants.getUuidAttributeName(config.get(LDAPConstants.VENDOR));
+                config.put(LDAPConstants.UUID_LDAP_ATTRIBUTE, uuidAttrName);
+
+                realm.updateUserFederationProvider(fedProvider);
+
+                // Create default mappers for LDAP
+                UserFederationProviderFactory ldapFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, LDAPConstants.LDAP_PROVIDER);
+                if (ldapFactory != null) {
+                    ((UserFederationEventAwareProviderFactory) ldapFactory).onProviderModelCreated(realm, fedProvider);
+                }
+            }
+        }
+    }
 }
diff --git a/model/api/src/main/java/org/keycloak/models/LDAPConstants.java b/model/api/src/main/java/org/keycloak/models/LDAPConstants.java
index 22f8979021..0d97664029 100644
--- a/model/api/src/main/java/org/keycloak/models/LDAPConstants.java
+++ b/model/api/src/main/java/org/keycloak/models/LDAPConstants.java
@@ -5,6 +5,8 @@ package org.keycloak.models;
  */
 public class LDAPConstants {
 
+    public static final String LDAP_PROVIDER = "ldap";
+
     public static final String VENDOR = "vendor";
     public static final String VENDOR_RHDS = "rhds";
     public static final String VENDOR_ACTIVE_DIRECTORY = "ad";
@@ -80,4 +82,21 @@ public class LDAPConstants {
     public static final String OBJECT_GUID = "objectGUID";
     public static final String CREATE_TIMESTAMP = "createTimestamp";
     public static final String MODIFY_TIMESTAMP = "modifyTimestamp";
+
+    public static String getUuidAttributeName(String vendor) {
+        if (vendor != null) {
+            switch (vendor) {
+                case VENDOR_RHDS:
+                    return "nsuniqueid";
+                case VENDOR_TIVOLI:
+                    return "uniqueidentifier";
+                case VENDOR_NOVELL_EDIRECTORY:
+                    return "guid";
+                case VENDOR_ACTIVE_DIRECTORY:
+                    return OBJECT_GUID;
+            }
+        }
+
+        return ENTRY_UUID;
+    }
 }
diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationEventAwareProviderFactory.java b/model/api/src/main/java/org/keycloak/models/UserFederationEventAwareProviderFactory.java
index 866bf79881..b409d8784d 100644
--- a/model/api/src/main/java/org/keycloak/models/UserFederationEventAwareProviderFactory.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationEventAwareProviderFactory.java
@@ -29,5 +29,5 @@ public abstract class UserFederationEventAwareProviderFactory implements UserFed
         });
     }
 
-    protected abstract void onProviderModelCreated(RealmModel realm, UserFederationProviderModel createdProviderModel);
+    public abstract void onProviderModelCreated(RealmModel realm, UserFederationProviderModel createdProviderModel);
 }
diff --git a/model/api/src/test/java/org/keycloak/models/MigrationVersionTest.java b/model/api/src/test/java/org/keycloak/models/MigrationVersionTest.java
index c706d8a07c..9bdd231867 100755
--- a/model/api/src/test/java/org/keycloak/models/MigrationVersionTest.java
+++ b/model/api/src/test/java/org/keycloak/models/MigrationVersionTest.java
@@ -16,30 +16,30 @@ public class MigrationVersionTest {
         Assert.assertEquals(version_100Beta1.getMajor(), 1);
         Assert.assertEquals(version_100Beta1.getMinor(), 0);
         Assert.assertEquals(version_100Beta1.getMicro(), 0);
-        ModelVersion version_100RC1 = new ModelVersion("1.0.0.RC1");
+        ModelVersion version_100CR1 = new ModelVersion("1.0.0.CR1");
         ModelVersion version_100 = new ModelVersion("1.0.0");
         ModelVersion version_110Beta1 = new ModelVersion("1.1.0.Beta1");
-        ModelVersion version_110RC1 = new ModelVersion("1.1.0.RC1");
+        ModelVersion version_110CR1 = new ModelVersion("1.1.0.CR1");
         ModelVersion version_110 = new ModelVersion("1.1.0");
         ModelVersion version_111Beta1 = new ModelVersion("1.1.1.Beta1");
-        ModelVersion version_111RC1 = new ModelVersion("1.1.1.RC1");
+        ModelVersion version_111CR1 = new ModelVersion("1.1.1.CR1");
         ModelVersion version_111 = new ModelVersion("1.1.1");
         ModelVersion version_211Beta1 = new ModelVersion("2.1.1.Beta1");
-        ModelVersion version_211RC1 = new ModelVersion("2.1.1.RC1");
-        Assert.assertEquals(version_211RC1.getMajor(), 2);
-        Assert.assertEquals(version_211RC1.getMinor(), 1);
-        Assert.assertEquals(version_211RC1.getMicro(), 1);
-        Assert.assertEquals(version_211RC1.getQualifier(), "RC1");
+        ModelVersion version_211CR1 = new ModelVersion("2.1.1.CR1");
+        Assert.assertEquals(version_211CR1.getMajor(), 2);
+        Assert.assertEquals(version_211CR1.getMinor(), 1);
+        Assert.assertEquals(version_211CR1.getMicro(), 1);
+        Assert.assertEquals(version_211CR1.getQualifier(), "CR1");
         ModelVersion version_211 = new ModelVersion("2.1.1");
 
         Assert.assertFalse(version_100Beta1.lessThan(version_100Beta1));
-        Assert.assertTrue(version_100Beta1.lessThan(version_100RC1));
+        Assert.assertTrue(version_100Beta1.lessThan(version_100CR1));
         Assert.assertTrue(version_100Beta1.lessThan(version_100));
         Assert.assertTrue(version_100Beta1.lessThan(version_110Beta1));
-        Assert.assertTrue(version_100Beta1.lessThan(version_110RC1));
+        Assert.assertTrue(version_100Beta1.lessThan(version_110CR1));
         Assert.assertTrue(version_100Beta1.lessThan(version_110));
 
-        Assert.assertFalse(version_211.lessThan(version_110RC1));
+        Assert.assertFalse(version_211.lessThan(version_110CR1));
 
     }
 }

From 3643e76a0682e4f9d7498c23110b1e26d9e12155 Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Sat, 6 Jun 2015 21:22:07 +0200
Subject: [PATCH 06/53] Cleanup, and simplify keycloak-server-subsystem  -
 KEYCLOAK-1346 Remove support for overlays in server subsystem  -
 KEYCLOAK-1347 Remove support for multiple auth-servers  - KEYCLOAK-1348
 Simplify server subsystem definition

---
 .../feature-packs/server-feature-pack/pom.xml |   2 +-
 .../keycloak-server-subsystem/main/module.xml |   2 +-
 .../KeycloakAdapterConfigService.java         |  36 +--
 .../server/extension/KeycloakExtension.java   |  28 +--
 .../KeycloakServerDeploymentProcessor.java    |  13 +-
 .../extension/KeycloakSubsystemAdd.java       |  40 +++-
 .../KeycloakSubsystemDefinition.java          |  56 ++++-
 .../extension/KeycloakSubsystemParser.java    |  69 +-----
 ...va => KeycloakSubsystemRemoveHandler.java} |  20 +-
 ...ycloakSubsystemWriteAttributeHandler.java} |  42 ++--
 .../AuthServerUtil.java => ServerUtil.java}   |  91 +++-----
 .../authserver/AbstractAddOverlayHandler.java | 206 ------------------
 .../authserver/AddProviderHandler.java        |  51 -----
 .../authserver/AuthServerAddHandler.java      |  74 -------
 .../authserver/AuthServerDefinition.java      | 131 -----------
 .../authserver/ListOverlaysHandler.java       |  74 -------
 .../OverlayKeycloakServerJsonHandler.java     |  47 ----
 .../authserver/RemoveOverlayHandler.java      |  78 -------
 .../extension/LocalDescriptions.properties    |  24 +-
 .../schema/wildfly-keycloak-server_1_1.xsd    |  17 +-
 .../subsystem-templates/keycloak-server.xml   |   5 +-
 .../extension/SubsystemParsingTestCase.java   |   1 -
 .../server/extension/keycloak-server-1.1.xml  |   5 +-
 23 files changed, 185 insertions(+), 927 deletions(-)
 rename integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/{authserver => }/KeycloakServerDeploymentProcessor.java (81%)
 rename integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/{authserver/AuthServerRemoveHandler.java => KeycloakSubsystemRemoveHandler.java} (76%)
 rename integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/{authserver/AuthServerWriteAttributeHandler.java => KeycloakSubsystemWriteAttributeHandler.java} (55%)
 rename integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/{authserver/AuthServerUtil.java => ServerUtil.java} (64%)
 delete mode 100644 integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AbstractAddOverlayHandler.java
 delete mode 100644 integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AddProviderHandler.java
 delete mode 100755 integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerAddHandler.java
 delete mode 100755 integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerDefinition.java
 delete mode 100644 integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/ListOverlaysHandler.java
 delete mode 100644 integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/OverlayKeycloakServerJsonHandler.java
 delete mode 100644 integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/RemoveOverlayHandler.java

diff --git a/distribution/feature-packs/server-feature-pack/pom.xml b/distribution/feature-packs/server-feature-pack/pom.xml
index a73742739c..9925f5f337 100644
--- a/distribution/feature-packs/server-feature-pack/pom.xml
+++ b/distribution/feature-packs/server-feature-pack/pom.xml
@@ -126,7 +126,7 @@
                                     <version>${project.version}</version>
                                     <type>war</type>
                                     <overWrite>true</overWrite>
-                                    <outputDirectory>${project.build.directory}/${project.build.finalName}/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/auth-server</outputDirectory>
+                                    <outputDirectory>${project.build.directory}/${project.build.finalName}/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/server-war</outputDirectory>
                                 </artifactItem>
                             </artifactItems>
                         </configuration>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/module.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/module.xml
index 5233767d0d..0d0c336440 100644
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/module.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/module.xml
@@ -25,7 +25,7 @@
 <module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-server-subsystem">
     <properties>
         <property name="keycloak-version" value="${project.version}"/>
-        <property name="auth-server-exploded" value="false"/>
+        <property name="server-war-exploded" value="false"/>
     </properties>
 
     <resources>
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java
index 7f86d7981b..8f3a59d641 100755
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java
@@ -14,14 +14,8 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-
 package org.keycloak.subsystem.server.extension;
 
-import java.util.HashMap;
-import java.util.Map;
-
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS;
-
 /**
  * This service keeps track of the entire Keycloak management model so as to provide
  * adapter configuration to each deployment at deploy time.
@@ -30,37 +24,25 @@ import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD
  */
 public final class KeycloakAdapterConfigService {
 
-    private static final KeycloakAdapterConfigService INSTANCE = new KeycloakAdapterConfigService();
+    static final KeycloakAdapterConfigService INSTANCE = new KeycloakAdapterConfigService();
 
-    public static KeycloakAdapterConfigService getInstance() {
-        return INSTANCE;
-    }
-
-    // key=auth-server deployment name; value=web-context
-    private final Map<String, String> webContexts = new HashMap<String, String>();
+    static final String DEPLOYMENT_NAME = "keycloak-server";
 
+    private String webContext;
 
 
     private KeycloakAdapterConfigService() {
     }
 
-    public void addServerDeployment(String deploymentName, String webContext) {
-        this.webContexts.put(deploymentName, webContext);
+    void setWebContext(String webContext) {
+        this.webContext = webContext;
     }
 
-    public String getWebContext(String deploymentName) {
-        return webContexts.get(deploymentName);
+    String getWebContext() {
+        return webContext;
     }
 
-    public void removeServerDeployment(String deploymentName) {
-        this.webContexts.remove(deploymentName);
-    }
-
-    public boolean isWebContextUsed(String webContext) {
-        return webContexts.containsValue(webContext);
-    }
-
-    public boolean isKeycloakServerDeployment(String deploymentName) {
-        return this.webContexts.containsKey(deploymentName);
+    boolean isKeycloakServerDeployment(String deploymentName) {
+        return DEPLOYMENT_NAME.equals(deploymentName);
     }
 }
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakExtension.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakExtension.java
index 145b475653..cf1a4d7326 100755
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakExtension.java
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakExtension.java
@@ -24,11 +24,9 @@ import org.jboss.as.controller.ResourceDefinition;
 import org.jboss.as.controller.SubsystemRegistration;
 import org.jboss.as.controller.descriptions.StandardResourceDescriptionResolver;
 import org.jboss.as.controller.parsing.ExtensionParsingContext;
-import org.jboss.as.controller.registry.ManagementResourceRegistration;
-import org.keycloak.subsystem.server.extension.authserver.AuthServerDefinition;
-import org.keycloak.subsystem.server.logging.KeycloakLogger;
 
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
+import static org.keycloak.subsystem.server.logging.KeycloakLogger.ROOT_LOGGER;
 
 
 /**
@@ -38,17 +36,16 @@ import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUB
  */
 public class KeycloakExtension implements Extension {
 
-    public static final String SUBSYSTEM_NAME = "keycloak-server";
-    public static final String NAMESPACE = "urn:jboss:domain:keycloak-server:1.1";
-    private static final KeycloakSubsystemParser PARSER = new KeycloakSubsystemParser();
+    static final String SUBSYSTEM_NAME = "keycloak-server";
+    static final String NAMESPACE = "urn:jboss:domain:keycloak-server:1.1";
     static final PathElement PATH_SUBSYSTEM = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
-    private static final String RESOURCE_NAME = KeycloakExtension.class.getPackage().getName() + ".LocalDescriptions";
-    private static final ModelVersion MGMT_API_VERSION = ModelVersion.create(1,1,0);
-    static final PathElement SUBSYSTEM_PATH = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
-    private static final ResourceDefinition KEYCLOAK_SUBSYSTEM_RESOURCE = new KeycloakSubsystemDefinition();
-    static final AuthServerDefinition AUTH_SERVER_DEFINITION = new AuthServerDefinition();
 
-    public static StandardResourceDescriptionResolver getResourceDescriptionResolver(final String... keyPrefix) {
+    private static final String RESOURCE_NAME = KeycloakExtension.class.getPackage().getName() + ".LocalDescriptions";
+    private static final ResourceDefinition KEYCLOAK_SUBSYSTEM_RESOURCE = new KeycloakSubsystemDefinition();
+    private static final KeycloakSubsystemParser PARSER = new KeycloakSubsystemParser();
+    private static final ModelVersion MGMT_API_VERSION = ModelVersion.create(1,1,0);
+
+    static StandardResourceDescriptionResolver getResourceDescriptionResolver(final String... keyPrefix) {
         StringBuilder prefix = new StringBuilder(SUBSYSTEM_NAME);
         for (String kp : keyPrefix) {
             prefix.append('.').append(kp);
@@ -61,7 +58,7 @@ public class KeycloakExtension implements Extension {
      */
     @Override
     public void initializeParsers(final ExtensionParsingContext context) {
-        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, KeycloakExtension.NAMESPACE, PARSER);
+        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE, PARSER);
     }
 
     /**
@@ -69,11 +66,10 @@ public class KeycloakExtension implements Extension {
      */
     @Override
     public void initialize(final ExtensionContext context) {
-        KeycloakLogger.ROOT_LOGGER.debug("Activating Keycloak Extension");
+        ROOT_LOGGER.debug("Activating Keycloak Extension");
         final SubsystemRegistration subsystem = context.registerSubsystem(SUBSYSTEM_NAME, MGMT_API_VERSION);
 
-        ManagementResourceRegistration registration = subsystem.registerSubsystemModel(KEYCLOAK_SUBSYSTEM_RESOURCE);
-        registration.registerSubModel(AUTH_SERVER_DEFINITION);
+        subsystem.registerSubsystemModel(KEYCLOAK_SUBSYSTEM_RESOURCE);
         subsystem.registerXMLElementWriter(PARSER);
     }
 }
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/KeycloakServerDeploymentProcessor.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakServerDeploymentProcessor.java
similarity index 81%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/KeycloakServerDeploymentProcessor.java
rename to integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakServerDeploymentProcessor.java
index 80401cc795..e951c7fd6b 100644
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/KeycloakServerDeploymentProcessor.java
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakServerDeploymentProcessor.java
@@ -14,14 +14,13 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-package org.keycloak.subsystem.server.extension.authserver;
+package org.keycloak.subsystem.server.extension;
 
 import org.jboss.as.ee.component.EEModuleDescription;
 import org.jboss.as.server.deployment.DeploymentPhaseContext;
 import org.jboss.as.server.deployment.DeploymentUnit;
 import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
 import org.jboss.as.server.deployment.DeploymentUnitProcessor;
-import org.keycloak.subsystem.server.extension.KeycloakAdapterConfigService;
 
 /**
  * DUP responsible for setting the web context of a Keycloak auth server.
@@ -33,22 +32,22 @@ public class KeycloakServerDeploymentProcessor implements DeploymentUnitProcesso
     @Override
     public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
         DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
+        KeycloakAdapterConfigService config = KeycloakAdapterConfigService.INSTANCE;
         String deploymentName = deploymentUnit.getName();
-        KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
-        if (!service.isKeycloakServerDeployment(deploymentName)) {
+
+        if (!config.isKeycloakServerDeployment(deploymentName)) {
             return;
         }
 
         final EEModuleDescription description = deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.EE_MODULE_DESCRIPTION);
-        String webContext = service.getWebContext(deploymentName);
+        String webContext = config.getWebContext();
         if (webContext == null) {
-            throw new DeploymentUnitProcessingException("Can't determine web context/module for Keycloak Auth Server");
+            throw new DeploymentUnitProcessingException("Can't determine web context/module for Keycloak Server");
         }
         description.setModuleName(webContext);
     }
 
     @Override
     public void undeploy(DeploymentUnit du) {
-
     }
 }
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java
index 4f0dde9c78..7038408f3b 100755
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java
@@ -17,13 +17,18 @@
 package org.keycloak.subsystem.server.extension;
 
 import org.jboss.as.controller.AbstractBoottimeAddStepHandler;
+import org.jboss.as.controller.AttributeDefinition;
 import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationFailedException;
+import org.jboss.as.controller.registry.Resource;
 import org.jboss.as.server.AbstractDeploymentChainStep;
 import org.jboss.as.server.DeploymentProcessorTarget;
 import org.jboss.as.server.deployment.Phase;
 import org.jboss.dmr.ModelNode;
 
-import org.keycloak.subsystem.server.extension.authserver.KeycloakServerDeploymentProcessor;
+import static org.keycloak.subsystem.server.extension.KeycloakExtension.SUBSYSTEM_NAME;
+import static org.keycloak.subsystem.server.extension.KeycloakSubsystemDefinition.ALL_ATTRIBUTES;
+import static org.keycloak.subsystem.server.extension.KeycloakSubsystemDefinition.WEB_CONTEXT;
 
 /**
  * The Keycloak subsystem add update handler.
@@ -35,15 +40,44 @@ class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler {
     static final KeycloakSubsystemAdd INSTANCE = new KeycloakSubsystemAdd();
 
     @Override
-    protected void performBoottime(final OperationContext context, ModelNode operation, final ModelNode model) {
+    protected void performBoottime(final OperationContext context, final ModelNode operation, final ModelNode model) {
         context.addStep(new AbstractDeploymentChainStep() {
             @Override
             protected void execute(DeploymentProcessorTarget processorTarget) {
-                processorTarget.addDeploymentProcessor(KeycloakExtension.SUBSYSTEM_NAME,
+                processorTarget.addDeploymentProcessor(SUBSYSTEM_NAME,
                         Phase.POST_MODULE, // PHASE
                         Phase.POST_MODULE_VALIDATOR_FACTORY - 1, // PRIORITY
                         new KeycloakServerDeploymentProcessor());
             }
         }, OperationContext.Stage.RUNTIME);
     }
+
+    protected void populateModel(final OperationContext context, final ModelNode operation, final Resource resource) throws  OperationFailedException {
+        ModelNode model = resource.getModel();
+
+        // set attribute values from parsed model
+        for (AttributeDefinition attrDef : ALL_ATTRIBUTES) {
+            attrDef.validateAndSet(operation, model);
+        }
+
+        // returns early if on domain controller
+        if (!requiresRuntime(context)) {
+            return;
+        }
+
+        // don't want to try to start server on host controller
+        if (!context.isNormalServer()) {
+            return;
+        }
+
+        ModelNode webContextNode = resource.getModel().get(WEB_CONTEXT.getName());
+        if (!webContextNode.isDefined()) {
+            webContextNode = WEB_CONTEXT.getDefaultValue();
+        }
+        String webContext = webContextNode.asString();
+
+        ServerUtil serverUtil = new ServerUtil(operation);
+        serverUtil.addStepToUploadServerWar(context);
+        KeycloakAdapterConfigService.INSTANCE.setWebContext(webContext);
+    }
 }
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemDefinition.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemDefinition.java
index f553188251..25ed28a24c 100644
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemDefinition.java
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemDefinition.java
@@ -14,25 +14,56 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-
 package org.keycloak.subsystem.server.extension;
 
-import org.jboss.as.controller.ReloadRequiredRemoveStepHandler;
+import org.jboss.as.controller.AttributeDefinition;
+import org.jboss.as.controller.SimpleAttributeDefinition;
+import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
 import org.jboss.as.controller.SimpleResourceDefinition;
 import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler;
 import org.jboss.as.controller.registry.ManagementResourceRegistration;
+import org.jboss.dmr.ModelNode;
+import org.jboss.dmr.ModelType;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 
 /**
- * Definition of subsystem=keycloak.
+ * Definition of subsystem=keycloak-server.
  *
  * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
  */
 public class KeycloakSubsystemDefinition extends SimpleResourceDefinition {
+
+    static final SimpleAttributeDefinition WEB_CONTEXT =
+        new SimpleAttributeDefinitionBuilder("web-context", ModelType.STRING, true)
+            .setAllowExpression(true)
+            .setDefaultValue(new ModelNode("auth"))
+            .setRestartAllServices()
+            .build();
+
+    static final List<SimpleAttributeDefinition> ALL_ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>();
+
+    static {
+        ALL_ATTRIBUTES.add(WEB_CONTEXT);
+    }
+
+    private static final Map<String, SimpleAttributeDefinition> DEFINITION_LOOKUP = new HashMap<String, SimpleAttributeDefinition>();
+    static {
+        for (SimpleAttributeDefinition def : ALL_ATTRIBUTES) {
+            DEFINITION_LOOKUP.put(def.getXmlName(), def);
+        }
+    }
+
+    private static KeycloakSubsystemWriteAttributeHandler attrHandler = new KeycloakSubsystemWriteAttributeHandler(ALL_ATTRIBUTES);
+
     protected KeycloakSubsystemDefinition() {
-        super(KeycloakExtension.SUBSYSTEM_PATH,
-                KeycloakExtension.getResourceDescriptionResolver("subsystem"),
-                KeycloakSubsystemAdd.INSTANCE,
-                ReloadRequiredRemoveStepHandler.INSTANCE
+        super(KeycloakExtension.PATH_SUBSYSTEM,
+            KeycloakExtension.getResourceDescriptionResolver("subsystem"),
+            KeycloakSubsystemAdd.INSTANCE,
+            KeycloakSubsystemRemoveHandler.INSTANCE
         );
     }
 
@@ -42,4 +73,15 @@ public class KeycloakSubsystemDefinition extends SimpleResourceDefinition {
         resourceRegistration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
     }
 
+    @Override
+    public void registerAttributes(ManagementResourceRegistration resourceRegistration) {
+        super.registerAttributes(resourceRegistration);
+        for (AttributeDefinition attrDef : ALL_ATTRIBUTES) {
+            resourceRegistration.registerReadWriteAttribute(attrDef, null, attrHandler);
+        }
+    }
+
+    public static SimpleAttributeDefinition lookup(String name) {
+        return DEFINITION_LOOKUP.get(name);
+    }
 }
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemParser.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemParser.java
index 921c576dd6..53d35db779 100755
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemParser.java
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemParser.java
@@ -16,17 +16,11 @@
  */
 package org.keycloak.subsystem.server.extension;
 
-import org.keycloak.subsystem.server.extension.authserver.AuthServerDefinition;
-import org.jboss.as.controller.AttributeDefinition;
 import org.jboss.as.controller.PathAddress;
-import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.SimpleAttributeDefinition;
-import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
 import org.jboss.as.controller.operations.common.Util;
 import org.jboss.as.controller.parsing.ParseUtils;
 import org.jboss.as.controller.persistence.SubsystemMarshallingContext;
 import org.jboss.dmr.ModelNode;
-import org.jboss.dmr.Property;
 import org.jboss.staxmapper.XMLElementReader;
 import org.jboss.staxmapper.XMLElementWriter;
 import org.jboss.staxmapper.XMLExtendedStreamReader;
@@ -34,9 +28,11 @@ import org.jboss.staxmapper.XMLExtendedStreamWriter;
 
 import javax.xml.stream.XMLStreamConstants;
 import javax.xml.stream.XMLStreamException;
-import java.util.Collections;
 import java.util.List;
 
+import static org.keycloak.subsystem.server.extension.KeycloakExtension.PATH_SUBSYSTEM;
+import static org.keycloak.subsystem.server.extension.KeycloakSubsystemDefinition.WEB_CONTEXT;
+
 /**
  * The subsystem parser, which uses stax to read and write to and from xml
  */
@@ -49,12 +45,14 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
     public void readElement(final XMLExtendedStreamReader reader, final List<ModelNode> list) throws XMLStreamException {
         // Require no attributes
         ParseUtils.requireNoAttributes(reader);
-        ModelNode addKeycloakSub = Util.createAddOperation(PathAddress.pathAddress(KeycloakExtension.PATH_SUBSYSTEM));
+        ModelNode addKeycloakSub = Util.createAddOperation(PathAddress.pathAddress(PATH_SUBSYSTEM));
         list.add(addKeycloakSub);
 
         while (reader.hasNext() && nextTag(reader) != END_ELEMENT) {
-            if (reader.getLocalName().equals(AuthServerDefinition.TAG_NAME)) {
-                readAuthServer(reader, list);
+            if (reader.getLocalName().equals(WEB_CONTEXT.getXmlName())) {
+                WEB_CONTEXT.parseAndSetParameter(reader.getElementText(), addKeycloakSub, reader);
+            } else {
+                throw new XMLStreamException("Unknown keycloak-server subsystem tag: " + reader.getLocalName());
             }
         }
     }
@@ -64,64 +62,21 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
         return reader.nextTag();
     }
 
-    private void readAuthServer(XMLExtendedStreamReader reader, List<ModelNode> list) throws XMLStreamException {
-        String authServerName = readNameAttribute(reader);
-        ModelNode addAuthServer = new ModelNode();
-        addAuthServer.get(ModelDescriptionConstants.OP).set(ModelDescriptionConstants.ADD);
-        PathAddress addr = PathAddress.pathAddress(PathElement.pathElement(ModelDescriptionConstants.SUBSYSTEM, KeycloakExtension.SUBSYSTEM_NAME),
-                                                   PathElement.pathElement(AuthServerDefinition.TAG_NAME, authServerName));
-        addAuthServer.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
-
-        while (reader.hasNext() && nextTag(reader) != END_ELEMENT) {
-            String tagName = reader.getLocalName();
-            SimpleAttributeDefinition def = AuthServerDefinition.lookup(tagName);
-            if (def == null) throw new XMLStreamException("Unknown auth-server tag " + tagName);
-            def.parseAndSetParameter(reader.getElementText(), addAuthServer, reader);
-        }
-
-        list.add(addAuthServer);
-    }
-
-    // expects that the current tag will have one single attribute called "name"
-    private String readNameAttribute(XMLExtendedStreamReader reader) throws XMLStreamException {
-        String name = null;
-        for (int i = 0; i < reader.getAttributeCount(); i++) {
-            String attr = reader.getAttributeLocalName(i);
-            if (attr.equals("name")) {
-                name = reader.getAttributeValue(i);
-                continue;
-            }
-            throw ParseUtils.unexpectedAttribute(reader, i);
-        }
-        if (name == null) {
-            throw ParseUtils.missingRequired(reader, Collections.singleton("name"));
-        }
-        return name;
-    }
-
     /**
      * {@inheritDoc}
      */
     @Override
     public void writeContent(final XMLExtendedStreamWriter writer, final SubsystemMarshallingContext context) throws XMLStreamException {
         context.startSubsystemElement(KeycloakExtension.NAMESPACE, false);
-        writeAuthServers(writer, context);
+        writeWebContext(writer, context);
         writer.writeEndElement();
     }
 
-    private void writeAuthServers(XMLExtendedStreamWriter writer, SubsystemMarshallingContext context) throws XMLStreamException {
-        if (!context.getModelNode().get(AuthServerDefinition.TAG_NAME).isDefined()) {
+    private void writeWebContext(XMLExtendedStreamWriter writer, SubsystemMarshallingContext context) throws XMLStreamException {
+        if (!context.getModelNode().get(WEB_CONTEXT.getName()).isDefined()) {
             return;
         }
-        for (Property authServer : context.getModelNode().get(AuthServerDefinition.TAG_NAME).asPropertyList()) {
-            writer.writeStartElement(AuthServerDefinition.TAG_NAME);
-            writer.writeAttribute("name", authServer.getName());
-            ModelNode authServerElements = authServer.getValue();
-            for (AttributeDefinition element : AuthServerDefinition.ALL_ATTRIBUTES) {
-                element.marshallAsElement(authServerElements, writer);
-            }
 
-            writer.writeEndElement();
-        }
+        WEB_CONTEXT.marshallAsElement(context.getModelNode(), writer);
     }
 }
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerRemoveHandler.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemRemoveHandler.java
similarity index 76%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerRemoveHandler.java
rename to integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemRemoveHandler.java
index 05695ca582..4a1bdfcc40 100644
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerRemoveHandler.java
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemRemoveHandler.java
@@ -14,18 +14,16 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
+package org.keycloak.subsystem.server.extension;
 
-package org.keycloak.subsystem.server.extension.authserver;
-
-import org.jboss.as.controller.AbstractRemoveStepHandler;
 import org.jboss.as.controller.OperationContext;
 import org.jboss.as.controller.OperationFailedException;
 import org.jboss.as.controller.OperationStepHandler;
 import org.jboss.as.controller.PathAddress;
 import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.ReloadRequiredRemoveStepHandler;
 import org.jboss.as.controller.operations.common.Util;
 import org.jboss.dmr.ModelNode;
-import org.keycloak.subsystem.server.extension.KeycloakAdapterConfigService;
 
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DEPLOYMENT;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REMOVE;
@@ -36,25 +34,25 @@ import org.jboss.as.controller.registry.ImmutableManagementResourceRegistration;
  *
  * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
  */
-public final class AuthServerRemoveHandler extends AbstractRemoveStepHandler {
+public final class KeycloakSubsystemRemoveHandler extends ReloadRequiredRemoveStepHandler {
 
-    public static AuthServerRemoveHandler INSTANCE = new AuthServerRemoveHandler();
+    static KeycloakSubsystemRemoveHandler INSTANCE = new KeycloakSubsystemRemoveHandler();
 
-    private AuthServerRemoveHandler() {}
+    private KeycloakSubsystemRemoveHandler() {}
 
     @Override
     protected void performRemove(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException {
-        String deploymentName = AuthServerUtil.getDeploymentName(operation);
-        KeycloakAdapterConfigService.getInstance().removeServerDeployment(deploymentName);
+        String deploymentName = ServerUtil.getDeploymentName(operation);
+        KeycloakAdapterConfigService.INSTANCE.setWebContext(null);
 
         if (requiresRuntime(context)) { // don't do this on a domain controller
-            addStepToRemoveAuthServer(context, deploymentName);
+            addStepToRemoveServerWar(context, deploymentName);
         }
 
         super.performRemove(context, operation, model);
     }
 
-    private void addStepToRemoveAuthServer(OperationContext context, String deploymentName) {
+    private void addStepToRemoveServerWar(OperationContext context, String deploymentName) {
         PathAddress deploymentAddress = PathAddress.pathAddress(PathElement.pathElement(DEPLOYMENT, deploymentName));
         ModelNode op = Util.createOperation(REMOVE, deploymentAddress);
         context.addStep(op, getRemoveHandler(context, deploymentAddress), OperationContext.Stage.MODEL);
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerWriteAttributeHandler.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemWriteAttributeHandler.java
similarity index 55%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerWriteAttributeHandler.java
rename to integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemWriteAttributeHandler.java
index 3fd16cc6fc..ecba429323 100755
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerWriteAttributeHandler.java
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemWriteAttributeHandler.java
@@ -14,8 +14,7 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-
-package org.keycloak.subsystem.server.extension.authserver;
+package org.keycloak.subsystem.server.extension;
 
 import org.jboss.as.controller.AttributeDefinition;
 import org.jboss.as.controller.SimpleAttributeDefinition;
@@ -26,20 +25,19 @@ import org.jboss.as.controller.OperationContext;
 import org.jboss.as.controller.OperationFailedException;
 import org.jboss.as.controller.registry.Resource;
 import org.jboss.dmr.ModelNode;
-import org.keycloak.subsystem.server.extension.KeycloakAdapterConfigService;
 
 /**
  * Update an attribute on an Auth Server.
  *
  * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
  */
-public class AuthServerWriteAttributeHandler extends ModelOnlyWriteAttributeHandler { //extends ReloadRequiredWriteAttributeHandler {
+public class KeycloakSubsystemWriteAttributeHandler extends ModelOnlyWriteAttributeHandler { //extends ReloadRequiredWriteAttributeHandler {
 
-    public AuthServerWriteAttributeHandler(List<SimpleAttributeDefinition> definitions) {
+    public KeycloakSubsystemWriteAttributeHandler(List<SimpleAttributeDefinition> definitions) {
         this(definitions.toArray(new AttributeDefinition[definitions.size()]));
     }
 
-    public AuthServerWriteAttributeHandler(AttributeDefinition... definitions) {
+    public KeycloakSubsystemWriteAttributeHandler(AttributeDefinition... definitions) {
         super(definitions);
     }
 
@@ -50,34 +48,24 @@ public class AuthServerWriteAttributeHandler extends ModelOnlyWriteAttributeHand
             return;
         }
 
-        boolean isEnabled = AuthServerDefinition.ENABLED.resolveModelAttribute(context, model.getModel()).asBoolean();
-        String deploymentName = AuthServerUtil.getDeploymentName(operation);
+        String deploymentName = ServerUtil.getDeploymentName(operation);
 
-        if (attributeName.equals(AuthServerDefinition.WEB_CONTEXT.getName())) {
-
-            KeycloakAdapterConfigService.getInstance().removeServerDeployment(deploymentName);
-            KeycloakAdapterConfigService.getInstance().addServerDeployment(deploymentName, newValue.asString());
-            if (isEnabled) {
-                AuthServerUtil.addStepToRedeployAuthServer(context, deploymentName);
-            }
-        }
-
-        if (attributeName.equals(AuthServerDefinition.ENABLED.getName())) {
-            if (!isEnabled) { // we are disabling
-                AuthServerUtil.addStepToUndeployAuthServer(context, deploymentName);
-            } else { // we are enabling
-                AuthServerUtil.addStepToDeployAuthServer(context, deploymentName);
-            }
+        if (attributeName.equals(KeycloakSubsystemDefinition.WEB_CONTEXT.getName())) {
+            KeycloakAdapterConfigService.INSTANCE.setWebContext(newValue.asString());
+            ServerUtil.addStepToRedeployServerWar(context, deploymentName);
         }
 
         super.finishModelStage(context, operation, attributeName, newValue, oldValue, model);
     }
 
     private boolean attribNotChanging(String attributeName, ModelNode newValue, ModelNode oldValue) {
-        SimpleAttributeDefinition attribDef = AuthServerDefinition.lookup(attributeName);
-        if (!oldValue.isDefined()) oldValue = attribDef.getDefaultValue();
-        if (!newValue.isDefined()) newValue = attribDef.getDefaultValue();
+        SimpleAttributeDefinition attribDef = KeycloakSubsystemDefinition.lookup(attributeName);
+        if (!oldValue.isDefined()) {
+            oldValue = attribDef.getDefaultValue();
+        }
+        if (!newValue.isDefined()) {
+            newValue = attribDef.getDefaultValue();
+        }
         return newValue.equals(oldValue);
     }
-
 }
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerUtil.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/ServerUtil.java
similarity index 64%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerUtil.java
rename to integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/ServerUtil.java
index 6814aa7df1..2911afe10f 100644
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerUtil.java
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/ServerUtil.java
@@ -14,7 +14,7 @@
  * License for the specific language governing permissions and limitations under
  * the License.
  */
-package org.keycloak.subsystem.server.extension.authserver;
+package org.keycloak.subsystem.server.extension;
 
 import java.io.File;
 import java.net.URI;
@@ -29,50 +29,42 @@ import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ARCHIVE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.CONTENT;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DEPLOY;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DEPLOYMENT;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DEPLOYMENT_OVERLAY;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ENABLED;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.PERSISTENT;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.PATH;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REDEPLOY;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.RUNTIME_NAME;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.UNDEPLOY;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.URL;
 import org.jboss.as.controller.operations.common.Util;
 import org.jboss.as.controller.registry.ImmutableManagementResourceRegistration;
-import org.jboss.as.controller.registry.Resource;
+
 import org.jboss.dmr.ModelNode;
 import org.jboss.modules.Module;
 import org.jboss.modules.ModuleIdentifier;
 import org.jboss.modules.ModuleLoadException;
-import org.keycloak.subsystem.server.extension.KeycloakExtension;
 
 /**
  * Utility methods that help assemble and start an auth server.
  *
  * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
  */
-public class AuthServerUtil {
+public class ServerUtil {
 
     private static final ModuleIdentifier KEYCLOAK_SUBSYSTEM = ModuleIdentifier.create("org.keycloak.keycloak-server-subsystem");
 
     private final String deploymentName;
     private final Module subsysModule;
     private final String keycloakVersion;
-    private final boolean isAuthServerExploded;
-    private final URI authServerUri;
+    private final boolean isServerWarExploded;
+    private final URI serverWar;
 
-    AuthServerUtil(ModelNode operation) {
+    ServerUtil(ModelNode operation) {
         this.deploymentName = getDeploymentName(operation);
         this.subsysModule = findSubsysModule();
         this.keycloakVersion = subsysModule.getProperty("keycloak-version");
-        this.isAuthServerExploded = Boolean.parseBoolean(subsysModule.getProperty("auth-server-exploded"));
-        this.authServerUri = findAuthServerUri();
-    }
-
-    String getDeploymentName() {
-        return this.deploymentName;
+        this.isServerWarExploded = Boolean.parseBoolean(subsysModule.getProperty("server-war-exploded"));
+        this.serverWar = findServerWarUri();
     }
 
     private Module findSubsysModule() {
@@ -83,15 +75,15 @@ public class AuthServerUtil {
         }
     }
 
-    private URI findAuthServerUri() throws IllegalStateException {
+    private URI findServerWarUri() throws IllegalStateException {
         try {
             URL subsysResource = this.subsysModule.getExportedResource("module.xml");
             File subsysDir = new File(subsysResource.toURI()).getParentFile();
-            File authServerDir = new File(subsysDir, "auth-server");
-            if (this.isAuthServerExploded) {
-                return authServerDir.toURI();
+            File serverWarDir = new File(subsysDir, "server-war");
+            if (this.isServerWarExploded) {
+                return serverWarDir.toURI();
             } else {
-                return new File(authServerDir, "keycloak-server-" + keycloakVersion + ".war").toURI();
+                return new File(serverWarDir, "keycloak-server-" + keycloakVersion + ".war").toURI();
             }
         } catch (URISyntaxException e) {
             throw new IllegalStateException(e);
@@ -100,17 +92,21 @@ public class AuthServerUtil {
         }
     }
 
-    void addStepToUploadAuthServer(OperationContext context, boolean isEnabled) throws OperationFailedException {
+    void addStepToUploadServerWar(OperationContext context) throws OperationFailedException {
         PathAddress deploymentAddress = deploymentAddress(deploymentName);
         ModelNode op = Util.createOperation(ADD, deploymentAddress);
-        op.get(ENABLED).set(isEnabled);
-        op.get(PERSISTENT).set(false); // prevents writing this deployment out to standalone.xml
+
+        // this is required for deployment to take place
+        op.get(ENABLED).set(true);
+
+        // prevents writing this deployment out to standalone.xml
+        op.get(PERSISTENT).set(false);
 
         // Owner attribute is valid starting with WidlFly 9.  Ignored in WildFly 8
         op.get("owner").set(new ModelNode().add("subsystem", KeycloakExtension.SUBSYSTEM_NAME));
 
-        if (authServerUri == null) {
-            throw new OperationFailedException("Keycloak Auth Server WAR not found in keycloak-server-subsystem module");
+        if (serverWar == null) {
+            throw new OperationFailedException("Keycloak Server WAR not found in keycloak-server-subsystem module");
         }
 
         op.get(CONTENT).add(makeContentItem());
@@ -121,32 +117,26 @@ public class AuthServerUtil {
     private ModelNode makeContentItem() throws OperationFailedException {
         ModelNode contentItem = new ModelNode();
 
-        if (this.isAuthServerExploded) {
-            String urlString = new File(authServerUri).getAbsolutePath();
+        if (this.isServerWarExploded) {
+            String urlString = new File(serverWar).getAbsolutePath();
             contentItem.get(PATH).set(urlString);
             contentItem.get(ARCHIVE).set(false);
         } else {
-            String urlString = authServerUri.toString();
+            String urlString = serverWar.toString();
             contentItem.get(URL).set(urlString);
         }
 
         return contentItem;
     }
 
-    static void addStepToRedeployAuthServer(OperationContext context, String deploymentName) {
+    static void addStepToRedeployServerWar(OperationContext context, String deploymentName) {
         addDeploymentAction(context, REDEPLOY, deploymentName);
     }
 
-    static void addStepToUndeployAuthServer(OperationContext context, String deploymentName) {
-        addDeploymentAction(context, UNDEPLOY, deploymentName);
-    }
-
-    static void addStepToDeployAuthServer(OperationContext context, String deploymentName) {
-        addDeploymentAction(context, DEPLOY, deploymentName);
-    }
-
     private static void addDeploymentAction(OperationContext context, String operation, String deploymentName) {
-        if (!context.isNormalServer()) return;
+        if (!context.isNormalServer()) {
+            return;
+        }
         PathAddress deploymentAddress = deploymentAddress(deploymentName);
         ModelNode op = Util.createOperation(operation, deploymentAddress);
         op.get(RUNTIME_NAME).set(deploymentName);
@@ -170,27 +160,4 @@ public class AuthServerUtil {
 
         return deploymentName;
     }
-
-    static String getAuthServerName(ModelNode operation) {
-        PathAddress pathAddr = getPathAddress(operation);
-        return pathAddr.getElement(pathAddr.size() - 1).getValue();
-    }
-
-    static PathAddress getPathAddress(ModelNode operation) {
-        return PathAddress.pathAddress(operation.get(ADDRESS));
-    }
-
-    static PathAddress getOverlayAddress(String overlayName) {
-        return PathAddress.pathAddress(PathElement.pathElement(DEPLOYMENT_OVERLAY, overlayName));
-    }
-
-    static String getOverlayName(ModelNode operation) {
-        return AuthServerUtil.getAuthServerName(operation) + "-keycloak-overlay";
-    }
-
-    static boolean isOverlayExists(OperationContext context, String overlayName, PathAddress address) {
-        Resource resource = context.readResourceFromRoot(address);
-        return resource.getChildrenNames(DEPLOYMENT_OVERLAY).contains(overlayName);
-    }
-
 }
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AbstractAddOverlayHandler.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AbstractAddOverlayHandler.java
deleted file mode 100644
index 7bf620f3d9..0000000000
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AbstractAddOverlayHandler.java
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
- * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
- * as indicated by the @author tags. All rights reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.keycloak.subsystem.server.extension.authserver;
-
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REMOVE;
-
-import java.util.Set;
-
-import org.jboss.as.controller.AbstractAddStepHandler;
-import org.jboss.as.controller.OperationContext;
-import org.jboss.as.controller.OperationFailedException;
-import org.jboss.as.controller.PathAddress;
-import org.jboss.as.controller.ProcessType;
-import org.jboss.as.controller.SimpleAttributeDefinition;
-import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
-import org.jboss.as.controller.operations.common.Util;
-import org.jboss.as.controller.registry.Resource;
-import org.jboss.dmr.ModelNode;
-import org.jboss.dmr.ModelType;
-
-/**
- * Base class for operations that create overlays for an auth server.
- *
- * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
- */
-public abstract class AbstractAddOverlayHandler extends AbstractAddStepHandler{
-
-    protected static final String UPLOADED_FILE_OP_NAME = "uploaded-file-name";
-    protected static final SimpleAttributeDefinition UPLOADED_FILE_NAME =new SimpleAttributeDefinitionBuilder(UPLOADED_FILE_OP_NAME, ModelType.STRING, false)
-            .setAllowExpression(false)
-            .setAllowNull(false)
-            .build();
-
-    protected static final SimpleAttributeDefinition BYTES_TO_UPLOAD= new SimpleAttributeDefinitionBuilder("bytes-to-upload", ModelType.BYTES, false)
-            .setAllowExpression(false)
-            .build();
-
-    static final SimpleAttributeDefinition REDEPLOY_SERVER =
-        new SimpleAttributeDefinitionBuilder("redeploy", ModelType.BOOLEAN, true)
-        .setAllowExpression(true)
-        .setDefaultValue(new ModelNode(false))
-        .build();
-
-    protected static final SimpleAttributeDefinition OVERWRITE =
-        new SimpleAttributeDefinitionBuilder("overwrite", ModelType.BOOLEAN, true)
-        .setAllowExpression(true)
-        .setDefaultValue(new ModelNode(false))
-        .build();
-
-    public AbstractAddOverlayHandler() {
-        super(AddProviderHandler.DEFINITION.getParameters());
-    }
-
-    @Override
-    protected void performRuntime(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException {
-        final String uploadFileName = UPLOADED_FILE_NAME.resolveModelAttribute(context, model).asString();
-        final boolean isRedeploy =  isRedeploy(context, operation);
-        final boolean isOverwrite = OVERWRITE.resolveModelAttribute(context, model).asBoolean();
-
-        String overlayPath = getOverlayPath(uploadFileName);
-        String overlayName = AuthServerUtil.getOverlayName(operation);
-        PathAddress overlayAddress = AuthServerUtil.getOverlayAddress(overlayName);
-        String deploymentName = AuthServerUtil.getDeploymentName(operation);
-
-        boolean isOverlayExists = AuthServerUtil.isOverlayExists(context, overlayName, PathAddress.EMPTY_ADDRESS);
-        if (!isOverlayExists) {
-            addOverlay(context, overlayAddress);
-            if (!isHostController(context)) {
-                addDeploymentToOverlay(context, overlayAddress, deploymentName);
-            }
-        }
-
-        if (isHostController(context)) {
-            addOverlayToServerGroups(context, overlayAddress, operation, overlayName);
-        }
-
-        if (isOverlayExists && isContentExists(context, overlayAddress, overlayPath)) {
-            if (isOverwrite) {
-                removeContent(context, overlayAddress, overlayPath);
-            } else {
-                throw new OperationFailedException(pathExistsMessage(overlayAddress, overlayPath));
-            }
-        }
-
-        addContent(context, overlayAddress, BYTES_TO_UPLOAD.resolveModelAttribute(context, model).asBytes(), overlayPath);
-
-        if (isRedeploy) { AuthServerUtil.addStepToRedeployAuthServer(context, deploymentName); }
-        if (!isRedeploy) { context.restartRequired(); }
-        context.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
-    }
-
-    static void removeContent(OperationContext context, PathAddress overlayAddress, String overlayPath) {
-        PathAddress contentAddress = overlayAddress.append("content", overlayPath);
-        ModelNode operation = Util.createRemoveOperation(contentAddress);
-        context.addStep(operation, AuthServerUtil.getHandler(context, contentAddress, REMOVE), OperationContext.Stage.MODEL);
-    }
-
-    static boolean isRedeploy(OperationContext context, ModelNode model) throws OperationFailedException {
-        return isAuthServerEnabled(context) && REDEPLOY_SERVER.resolveModelAttribute(context, model).asBoolean();
-    }
-
-    private boolean isHostController(OperationContext context) {
-        return context.getProcessType() == ProcessType.HOST_CONTROLLER;
-    }
-
-    private String pathExistsMessage(PathAddress overlayAddress, String overlayPath) {
-        PathAddress contentAddress = overlayAddress.append("content", overlayPath);
-        String msg = "Can not update overlay at " + contentAddress.toCLIStyleString();
-        msg += "  You may try your request again using the " + OVERWRITE.getName() + " attribute.";
-        return msg;
-    }
-
-    private boolean isContentExists(OperationContext context, PathAddress overlayAddress, String overlayPath) {
-        Resource resource = context.readResourceFromRoot(overlayAddress);
-        return resource.getChildrenNames("content").contains(overlayPath);
-    }
-
-    private void addOverlay(OperationContext context, PathAddress overlayAddress) {
-        ModelNode op = Util.createAddOperation(overlayAddress);
-        doAddStep(context, overlayAddress, op);
-    }
-
-    private void addDeploymentToOverlay(OperationContext context, PathAddress overlayAddress, String deploymentName) {
-        PathAddress deploymentAddress = overlayAddress.append("deployment", deploymentName);
-        ModelNode op = Util.createAddOperation(deploymentAddress);
-        doAddStep(context, deploymentAddress, op);
-    }
-
-    // only call this if context.getProcessType() == ProcessType.HOST_CONTROLLER
-    private void addOverlayToServerGroups(OperationContext context, PathAddress overlayAddress, ModelNode operation, String overlayName) {
-        String myProfile = context.getCurrentAddressValue();
-        for (String serverGroup : getServerGroupNames(context)) {
-            PathAddress address = PathAddress.pathAddress("server-group", serverGroup);
-            ModelNode serverGroupModel = context.readResourceFromRoot(address).getModel();
-            if (serverGroupModel.get("profile").asString().equals(myProfile)) {
-                PathAddress serverGroupOverlayAddress = address.append(overlayAddress);
-                boolean isOverlayExists = AuthServerUtil.isOverlayExists(context, overlayName, address);
-                if (!isOverlayExists) {
-                    addOverlay(context, serverGroupOverlayAddress);
-                    addDeploymentToOverlay(context, serverGroupOverlayAddress, AuthServerUtil.getDeploymentName(operation));
-                }
-            }
-        }
-    }
-
-    private Set<String> getServerGroupNames(OperationContext context) {
-        return context.readResourceFromRoot(PathAddress.EMPTY_ADDRESS).getChildrenNames("server-group");
-    }
-
-    private void addContent(OperationContext context, PathAddress overlayAddress, byte[] bytes, String overlayPath) throws OperationFailedException {
-        PathAddress contentAddress = overlayAddress.append("content", overlayPath);
-        ModelNode op = Util.createAddOperation(contentAddress);
-
-        ModelNode content = new ModelNode();
-        content.get("bytes").set(bytes);
-        op.get("content").set(content);
-
-        doAddStep(context, contentAddress, op);
-    }
-
-    private void doAddStep(OperationContext context, PathAddress address, ModelNode operation) {
-        //System.out.println("**** Adding Add Step ****");
-        //System.out.println(scrub(operation).toString());
-        context.addStep(operation, AuthServerUtil.getHandler(context, address, ADD), OperationContext.Stage.MODEL);
-    }
-
-    private static boolean isAuthServerEnabled(OperationContext context) throws OperationFailedException {
-        ModelNode authServerModel = context.readResource(PathAddress.EMPTY_ADDRESS).getModel().clone();
-        return AuthServerDefinition.ENABLED.resolveModelAttribute(context, authServerModel).asBoolean();
-    }
-
-    // used for debugging
-    private ModelNode scrub(ModelNode op) {
-        ModelNode scrubbed = op.clone();
-        if (scrubbed.has("content")) {
-            scrubbed.get("content").set("BYTES REMOVED FOR DISPLAY");
-        }
-        if (scrubbed.has("bytes-to-upload")) {
-            scrubbed.get("bytes-to-upload").set("BYTES REMOVED FOR DISPLAY");
-        }
-        return scrubbed;
-    }
-
-    /**
-     * Get the WAR path where the overlay will live.
-     *
-     * @param fileName The name of the file being uploaded.
-     * @return The overlay path as a String.
-     */
-    abstract String getOverlayPath(String fileName);
-}
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AddProviderHandler.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AddProviderHandler.java
deleted file mode 100644
index 8d8694d199..0000000000
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AddProviderHandler.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
- * as indicated by the @author tags. All rights reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- */
-
-package org.keycloak.subsystem.server.extension.authserver;
-
-import org.jboss.as.controller.OperationDefinition;
-import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
-
-/**
- * Operation to add a provider jar to WEB-INF/lib.
- *
- * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
- */
-public class AddProviderHandler extends AbstractAddOverlayHandler {
-
-    public static final String OP = "add-provider";
-
-    public static OperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder(OP, AuthServerDefinition.rscDescriptionResolver)
-            .addParameter(BYTES_TO_UPLOAD)
-            .addParameter(UPLOADED_FILE_NAME)
-            .addParameter(REDEPLOY_SERVER)
-            .addParameter(OVERWRITE)
-            .build();
-
-    public static final AddProviderHandler INSTANCE = new AddProviderHandler();
-
-    private AddProviderHandler() {}
-    
-    @Override
-    String getOverlayPath(String fileName) {
-        if (!fileName.toLowerCase().endsWith(".jar")) {
-            throw new IllegalArgumentException("Uploaded file name must end with .jar");
-        }
-        return "/WEB-INF/lib/" + fileName;
-    }
-
-}
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerAddHandler.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerAddHandler.java
deleted file mode 100755
index e65957347d..0000000000
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerAddHandler.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
- * as indicated by the @author tags. All rights reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- */
-
-package org.keycloak.subsystem.server.extension.authserver;
-
-import org.jboss.as.controller.AbstractAddStepHandler;
-import org.jboss.as.controller.AttributeDefinition;
-import org.jboss.as.controller.OperationContext;
-import org.jboss.as.controller.OperationFailedException;
-import org.jboss.dmr.ModelNode;
-
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP;
-import org.jboss.as.controller.registry.Resource;
-import org.keycloak.subsystem.server.extension.KeycloakAdapterConfigService;
-
-/**
- * Add an auth server.
- *
- * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
- */
-public final class AuthServerAddHandler extends AbstractAddStepHandler {
-
-    public static AuthServerAddHandler INSTANCE = new AuthServerAddHandler();
-
-    private AuthServerAddHandler() {
-    }
-
-    @Override
-    protected void populateModel(OperationContext context, ModelNode operation, Resource resource) throws OperationFailedException {
-        // TODO: localize exception. get id number
-        if (!operation.get(OP).asString().equals(ADD)) {
-            throw new OperationFailedException("Unexpected operation for add Auth Server. operation=" + operation.toString());
-        }
-
-        ModelNode model = resource.getModel();
-        for (AttributeDefinition attr : AuthServerDefinition.ALL_ATTRIBUTES) {
-            attr.validateAndSet(operation, model);
-        }
-        model = context.resolveExpressions(model);
-
-        // returns early if on domain controller
-        if (!requiresRuntime(context)) return;
-
-        // don't want to try to start server on host controller
-        if (!context.isNormalServer()) return;
-
-
-        ModelNode webContextNode = model.get(AuthServerDefinition.WEB_CONTEXT.getName());
-        if (!webContextNode.isDefined()) webContextNode = AuthServerDefinition.WEB_CONTEXT.getDefaultValue();
-        String webContext = webContextNode.asString();
-
-        ModelNode isEnabled = model.get("enabled");
-        boolean enabled = isEnabled.isDefined() && isEnabled.asBoolean();
-
-        AuthServerUtil authServerUtil = new AuthServerUtil(operation);
-        authServerUtil.addStepToUploadAuthServer(context, enabled);
-        KeycloakAdapterConfigService.getInstance().addServerDeployment(authServerUtil.getDeploymentName(), webContext);
-    }
-}
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerDefinition.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerDefinition.java
deleted file mode 100755
index 7cfe27bdbc..0000000000
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/AuthServerDefinition.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
- * as indicated by the @author tags. All rights reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.keycloak.subsystem.server.extension.authserver;
-
-import org.jboss.as.controller.AttributeDefinition;
-import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.SimpleAttributeDefinition;
-import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
-import org.jboss.as.controller.SimpleResourceDefinition;
-import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler;
-import org.jboss.as.controller.registry.ManagementResourceRegistration;
-import org.jboss.dmr.ModelNode;
-import org.jboss.dmr.ModelType;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import org.jboss.as.controller.OperationFailedException;
-import org.jboss.as.controller.descriptions.ResourceDescriptionResolver;
-import org.jboss.as.controller.operations.validation.ParameterValidator;
-import org.jboss.as.controller.registry.OperationEntry;
-import org.keycloak.subsystem.server.extension.KeycloakAdapterConfigService;
-import org.keycloak.subsystem.server.extension.KeycloakExtension;
-
-/**
- * Defines attributes and operations for an Auth Server
- *
- * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
- */
-public class AuthServerDefinition extends SimpleResourceDefinition {
-
-    public static final String TAG_NAME = "auth-server";
-
-    protected static final SimpleAttributeDefinition ENABLED =
-            new SimpleAttributeDefinitionBuilder("enabled", ModelType.BOOLEAN, true)
-            .setAllowExpression(true)
-            .setDefaultValue(new ModelNode(false))
-            .setRestartAllServices()
-            .build();
-
-    protected static final SimpleAttributeDefinition WEB_CONTEXT =
-            new SimpleAttributeDefinitionBuilder("web-context", ModelType.STRING, true)
-            .setAllowExpression(true)
-            .setDefaultValue(new ModelNode("auth"))
-            .setValidator(new WebContextValidator())
-            .setRestartAllServices()
-            .build();
-
-    protected static final ResourceDescriptionResolver rscDescriptionResolver = KeycloakExtension.getResourceDescriptionResolver(TAG_NAME);
-
-    public static final List<SimpleAttributeDefinition> ALL_ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>();
-    static {
-        ALL_ATTRIBUTES.add(ENABLED);
-        ALL_ATTRIBUTES.add(WEB_CONTEXT);
-    }
-
-    private static final Map<String, SimpleAttributeDefinition> DEFINITION_LOOKUP = new HashMap<String, SimpleAttributeDefinition>();
-    static {
-        for (SimpleAttributeDefinition def : ALL_ATTRIBUTES) {
-            DEFINITION_LOOKUP.put(def.getXmlName(), def);
-        }
-    }
-
-    private static AuthServerWriteAttributeHandler attrHandler = new AuthServerWriteAttributeHandler(ALL_ATTRIBUTES);
-
-    public AuthServerDefinition() {
-        super(PathElement.pathElement(TAG_NAME),
-                rscDescriptionResolver,
-                AuthServerAddHandler.INSTANCE,
-                AuthServerRemoveHandler.INSTANCE,
-                null,
-                OperationEntry.Flag.RESTART_ALL_SERVICES);
-    }
-
-    @Override
-    public void registerOperations(ManagementResourceRegistration resourceRegistration) {
-        super.registerOperations(resourceRegistration);
-        resourceRegistration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
-        resourceRegistration.registerOperationHandler(AddProviderHandler.DEFINITION, AddProviderHandler.INSTANCE);
-        resourceRegistration.registerOperationHandler(OverlayKeycloakServerJsonHandler.DEFINITION, OverlayKeycloakServerJsonHandler.INSTANCE);
-        resourceRegistration.registerOperationHandler(ListOverlaysHandler.DEFINITION, ListOverlaysHandler.INSTANCE);
-        resourceRegistration.registerOperationHandler(RemoveOverlayHandler.DEFINITION, RemoveOverlayHandler.INSTANCE);
-    }
-
-    @Override
-    public void registerAttributes(ManagementResourceRegistration resourceRegistration) {
-        super.registerAttributes(resourceRegistration);
-        for (AttributeDefinition attrDef : ALL_ATTRIBUTES) {
-            resourceRegistration.registerReadWriteAttribute(attrDef, null, attrHandler);
-        }
-    }
-
-    public static SimpleAttributeDefinition lookup(String name) {
-        return DEFINITION_LOOKUP.get(name);
-    }
-
-    private static class WebContextValidator implements ParameterValidator {
-
-        @Override
-        public void validateParameter(String paramName, ModelNode value) throws OperationFailedException {
-            String strValue = value.asString();
-            if (KeycloakAdapterConfigService.getInstance().isWebContextUsed(strValue)) {
-                throw new OperationFailedException("Can not set web-context to '" + strValue + "'. web-context must be unique among all deployments.");
-            }
-        }
-
-        @Override
-        public void validateResolvedParameter(String paramName, ModelNode value) throws OperationFailedException {
-            String strValue = value.asString();
-            if (KeycloakAdapterConfigService.getInstance().isWebContextUsed(strValue)) {
-                throw new OperationFailedException("Can not set web-context to '" + strValue + "'. web-context must be unique among all deployments.");
-            }
-        }
-
-    }
-}
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/ListOverlaysHandler.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/ListOverlaysHandler.java
deleted file mode 100644
index 4b5b17e7ea..0000000000
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/ListOverlaysHandler.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
- * as indicated by the @author tags. All rights reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- */
-
-package org.keycloak.subsystem.server.extension.authserver;
-
-import java.util.Set;
-import java.util.TreeSet;
-import org.jboss.as.controller.OperationContext;
-import org.jboss.as.controller.OperationDefinition;
-import org.jboss.as.controller.OperationFailedException;
-import org.jboss.as.controller.OperationStepHandler;
-import org.jboss.as.controller.PathAddress;
-import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.CONTENT;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DEPLOYMENT_OVERLAY;
-import org.jboss.as.controller.registry.Resource;
-import org.jboss.dmr.ModelNode;
-import org.jboss.dmr.ModelType;
-
-/**
- * Operation to list all of the provider jars, theme jars, and keycloak-server.json that
- * have been uploaded to the auth server.
- *
- * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
- */
-public class ListOverlaysHandler implements OperationStepHandler {
-    static final String LIST_OVERLAYS_OPERATION = "list-overlays";
-
-    static final OperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder(LIST_OVERLAYS_OPERATION, AuthServerDefinition.rscDescriptionResolver)
-            .setReadOnly()
-            .setRuntimeOnly()
-            .setReplyType(ModelType.LIST)
-            .setReplyValueType(ModelType.STRING)
-            .build();
-
-    static final OperationStepHandler INSTANCE = new ListOverlaysHandler();
-
-    private ListOverlaysHandler() {}
-
-    @Override
-    public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
-        final ModelNode result = context.getResult();
-        result.setEmptyList();
-
-        String overlayName = AuthServerUtil.getOverlayName(operation);
-        boolean isOverlayExists = AuthServerUtil.isOverlayExists(context, overlayName, PathAddress.EMPTY_ADDRESS);
-        if (isOverlayExists) {
-            Set<String> overlays = new TreeSet<String>(getOverlayNames(context, overlayName));
-            for (final String key : overlays) {
-                result.add(key);
-            }
-        }
-    }
-
-    private Set<String> getOverlayNames(OperationContext context, String overlayName) {
-        PathAddress overlayAddr = PathAddress.pathAddress(DEPLOYMENT_OVERLAY, overlayName);
-        Resource resource = context.readResourceFromRoot(overlayAddr);
-        return resource.getChildrenNames(CONTENT);
-    }
-}
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/OverlayKeycloakServerJsonHandler.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/OverlayKeycloakServerJsonHandler.java
deleted file mode 100644
index 744e264bdd..0000000000
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/OverlayKeycloakServerJsonHandler.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
- * as indicated by the @author tags. All rights reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- */
-
-package org.keycloak.subsystem.server.extension.authserver;
-
-import org.jboss.as.controller.OperationDefinition;
-import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
-
-/**
- * Operation to overlay keycloak-server.json.
- *
- * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
- */
-public class OverlayKeycloakServerJsonHandler extends AbstractAddOverlayHandler {
-
-    public static final String OP = "update-server-config";
-
-    public static final OverlayKeycloakServerJsonHandler INSTANCE = new OverlayKeycloakServerJsonHandler();
-
-    public static OperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder(OP, AuthServerDefinition.rscDescriptionResolver)
-            .addParameter(BYTES_TO_UPLOAD)
-            .addParameter(REDEPLOY_SERVER)
-            .addParameter(OVERWRITE)
-            .build();
-
-    private OverlayKeycloakServerJsonHandler() {}
-    
-    @Override
-    String getOverlayPath(String fileName) {
-        return "/WEB-INF/classes/META-INF/keycloak-server.json";
-    }
-
-}
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/RemoveOverlayHandler.java b/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/RemoveOverlayHandler.java
deleted file mode 100644
index 022e96c321..0000000000
--- a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/authserver/RemoveOverlayHandler.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
- * as indicated by the @author tags. All rights reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- */
-
-package org.keycloak.subsystem.server.extension.authserver;
-
-import static org.keycloak.subsystem.server.extension.authserver.AbstractAddOverlayHandler.REDEPLOY_SERVER;
-
-import org.jboss.as.controller.OperationContext;
-import org.jboss.as.controller.OperationDefinition;
-import org.jboss.as.controller.OperationFailedException;
-import org.jboss.as.controller.OperationStepHandler;
-import org.jboss.as.controller.PathAddress;
-import org.jboss.as.controller.SimpleAttributeDefinition;
-import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
-import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
-import org.jboss.dmr.ModelNode;
-import org.jboss.dmr.ModelType;
-
-/**
- * Operation to remove a provider jars, theme jars, or keycloak-server.json that
- * has been uploaded to the auth server.
- *
- * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
- */
-public class RemoveOverlayHandler implements OperationStepHandler {
-    static final String REMOVE_OVERLAY_OPERATION = "remove-overlay";
-
-    protected static final SimpleAttributeDefinition OVERLAY_FILE_PATH =
-            new SimpleAttributeDefinitionBuilder("overlay-file-path", ModelType.STRING, false)
-            .setAllowExpression(true)
-            .setAllowNull(false)
-            .build();
-
-    static final OperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder(REMOVE_OVERLAY_OPERATION, AuthServerDefinition.rscDescriptionResolver)
-            .addParameter(OVERLAY_FILE_PATH)
-            .addParameter(REDEPLOY_SERVER)
-            .build();
-
-    static final OperationStepHandler INSTANCE = new RemoveOverlayHandler();
-
-    private RemoveOverlayHandler() {}
-
-    @Override
-    public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
-        final ModelNode model = new ModelNode();
-        OVERLAY_FILE_PATH.validateAndSet(operation, model);
-        REDEPLOY_SERVER.validateAndSet(operation, model);
-        String overlayName = AuthServerUtil.getOverlayName(operation);
-        boolean isOverlayExists = AuthServerUtil.isOverlayExists(context, overlayName, PathAddress.EMPTY_ADDRESS);
-        String overlayPath = OVERLAY_FILE_PATH.resolveModelAttribute(context, model).asString();
-        if (isOverlayExists) {
-            PathAddress overlayAddress = AuthServerUtil.getOverlayAddress(overlayName);
-            AbstractAddOverlayHandler.removeContent(context, overlayAddress, overlayPath);
-        } else {
-            context.setRollbackOnly();
-            throw new OperationFailedException("Overlay path " + overlayPath + " not found.");
-        }
-
-        boolean isRedeploy = AbstractAddOverlayHandler.isRedeploy(context, operation);
-        String deploymentName = AuthServerUtil.getDeploymentName(operation);
-        if (isRedeploy) AuthServerUtil.addStepToRedeployAuthServer(context, deploymentName);
-        if (!isRedeploy) context.restartRequired();
-    }
-}
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/resources/org/keycloak/subsystem/server/extension/LocalDescriptions.properties b/integration/wildfly/wildfly-server-subsystem/src/main/resources/org/keycloak/subsystem/server/extension/LocalDescriptions.properties
index f09e3bd189..909e6b3818 100755
--- a/integration/wildfly/wildfly-server-subsystem/src/main/resources/org/keycloak/subsystem/server/extension/LocalDescriptions.properties
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/resources/org/keycloak/subsystem/server/extension/LocalDescriptions.properties
@@ -1,26 +1,4 @@
 keycloak-server.subsystem=Keycloak subsystem
 keycloak-server.subsystem.add=Operation Adds Keycloak subsystem
 keycloak-server.subsystem.remove=Operation removes Keycloak subsystem
-keycloak-server.subsystem.auth-server=Keycloak Auth Server
-keycloak-server.subsystem.realm=A Keycloak realm.
-keycloak-server.subsystem.secure-deployment=A deployment secured by Keycloak.
-
-
-keycloak-server.auth-server=A Keycloak Auth Server
-keycloak-server.auth-server.add=Add an Auth Server to the subsystem.
-keycloak-server.auth-server.remove=Remove an Auth Server from the subsystem.
-keycloak-server.auth-server.add-provider=Add a provider service jar to the Keycloak auth server.
-keycloak-server.auth-server.add-provider.uploaded-file-name=The file name of the provider service jar to be added or updated.
-keycloak-server.auth-server.add-provider.bytes-to-upload=The bytes of the provider service jar to be added or updated.
-keycloak-server.auth-server.add-provider.redeploy=Redeploy the auth server after adding the provider.  Ignored if auth server is disabled.
-keycloak-server.auth-server.add-provider.overwrite=Overwrite even if the uploaded-file-name already exists as an overlay.
-keycloak-server.auth-server.list-overlays=List the overlays uploaded for this auth server.
-keycloak-server.auth-server.remove-overlay=Remove a provider jar, theme jar, or keycloak-server.json that has been uploaded to the auth server.
-keycloak-server.auth-server.remove-overlay.overlay-file-path=The uploaded path and file name of the overlay to be removed.
-keycloak-server.auth-server.remove-overlay.redeploy=Redeploy the auth server after removing the overlay.
-keycloak-server.auth-server.update-server-config=Upload a new keycloak-server.json configuration file for the Keycloak auth server.
-keycloak-server.auth-server.update-server-config.bytes-to-upload=The bytes of the keycloak-server.json file to be added or updated.
-keycloak-server.auth-server.update-server-config.redeploy=Redeploy the auth server after updating the server config.
-keycloak-server.auth-server.update-server-config.overwrite=Overwrite even if keycloak-server.json already exitss as an overlay.
-keycloak-server.auth-server.enabled=Enable or disable the Auth Server.
-keycloak-server.auth-server.web-context=Web context the auth-server will use.  Also, the module name of the auth-server deployment.
+keycloak-server.subsystem.web-context=Web context where Keycloak server is bound. Default value is 'auth'.
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd b/integration/wildfly/wildfly-server-subsystem/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd
index a8dd28e5a4..b346d36162 100755
--- a/integration/wildfly/wildfly-server-subsystem/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd
@@ -18,21 +18,8 @@
                 ]]>
             </xs:documentation>
         </xs:annotation>
-        <xs:choice minOccurs="0" maxOccurs="unbounded">
-            <xs:element name="auth-server" maxOccurs="1" minOccurs="0" type="auth-server-type"/>
+        <xs:choice minOccurs="0" maxOccurs="1">
+            <xs:element name="web-context" type="xs:string" minOccurs="0" maxOccurs="1"/>
         </xs:choice>
     </xs:complexType>
-
-    <xs:complexType name="auth-server-type">
-        <xs:all>
-            <xs:element name="web-context" type="xs:string" minOccurs="1" maxOccurs="1"/>
-            <xs:element name="enabled" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
-        </xs:all>
-        <xs:attribute name="name" type="xs:string" use="required">
-            <xs:annotation>
-                <xs:documentation>The name of the war archive containing the Keycloak server web application.</xs:documentation>
-            </xs:annotation>
-        </xs:attribute>
-    </xs:complexType>
-
 </xs:schema>
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/resources/subsystem-templates/keycloak-server.xml b/integration/wildfly/wildfly-server-subsystem/src/main/resources/subsystem-templates/keycloak-server.xml
index 7f66f74965..4a83086787 100644
--- a/integration/wildfly/wildfly-server-subsystem/src/main/resources/subsystem-templates/keycloak-server.xml
+++ b/integration/wildfly/wildfly-server-subsystem/src/main/resources/subsystem-templates/keycloak-server.xml
@@ -3,9 +3,6 @@
 <config>
    <extension-module>org.keycloak.keycloak-server-subsystem</extension-module>
    <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
-      <auth-server name="main-auth-server">
-         <enabled>true</enabled>
-         <web-context>auth</web-context>
-      </auth-server>
+      <web-context>auth</web-context>
    </subsystem>
 </config>
diff --git a/integration/wildfly/wildfly-server-subsystem/src/test/java/org/keycloak/subsystem/server/extension/SubsystemParsingTestCase.java b/integration/wildfly/wildfly-server-subsystem/src/test/java/org/keycloak/subsystem/server/extension/SubsystemParsingTestCase.java
index 9f29a6f15b..405b06b39d 100755
--- a/integration/wildfly/wildfly-server-subsystem/src/test/java/org/keycloak/subsystem/server/extension/SubsystemParsingTestCase.java
+++ b/integration/wildfly/wildfly-server-subsystem/src/test/java/org/keycloak/subsystem/server/extension/SubsystemParsingTestCase.java
@@ -41,7 +41,6 @@ public class SubsystemParsingTestCase extends AbstractSubsystemBaseTest {
     @Test
     public void testJson() throws Exception {
         ModelNode node = new ModelNode();
-        node.get("enabled").set(true);
         node.get("web-context").set("auth");
 
         System.out.println("json=" + node.toJSONString(false));
diff --git a/integration/wildfly/wildfly-server-subsystem/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml b/integration/wildfly/wildfly-server-subsystem/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml
index f05f8d19c7..bc8f11a778 100644
--- a/integration/wildfly/wildfly-server-subsystem/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml
+++ b/integration/wildfly/wildfly-server-subsystem/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml
@@ -1,6 +1,3 @@
 <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
-    <auth-server name="main-auth-server">
-        <enabled>true</enabled>
-        <web-context>auth</web-context>
-    </auth-server>
+    <web-context>auth</web-context>
 </subsystem>
\ No newline at end of file

From 7be957f4f9af9a32a53189f1d30c80aac4c6981e Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Mon, 8 Jun 2015 15:59:51 +0200
Subject: [PATCH 07/53] KEYCLOAK-1370 Empty module de.idyl.winzipaes in
 keycloak-server-dist

---
 .../system/layers/base/de/idyl/winzipaes/main/module.xml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/de/idyl/winzipaes/main/module.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/de/idyl/winzipaes/main/module.xml
index 10f1103cfd..14d7dffd6d 100644
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/de/idyl/winzipaes/main/module.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/de/idyl/winzipaes/main/module.xml
@@ -4,7 +4,7 @@
 
 <module xmlns="urn:jboss:module:1.1" name="de.idyl.winzipaes">
     <resources>
-        <!-- Insert resources here -->
+        <artifact name="${de.idyl:winzipaes}"/>
     </resources>
     <dependencies>
         <module name="javax.api"/>

From 74ace4006c67c3c87fe32c48c4f0efc99d8a9462 Mon Sep 17 00:00:00 2001
From: Vlastimil Elias <vlastimil.elias@worldonline.cz>
Date: Mon, 8 Jun 2015 17:04:53 +0200
Subject: [PATCH 08/53] Added base abstract implementation of Attribute mapper
 for Social providers, used for GitHub provider

---
 .../AbstractJsonUserAttributeMapper.java      | 133 ++++++++++++++++++
 .../social/github/GitHubIdentityProvider.java |  65 +++++----
 .../github/GitHubUserAttributeMapper.java     |  29 ++++
 ...oak.broker.provider.IdentityProviderMapper |   1 +
 4 files changed, 197 insertions(+), 31 deletions(-)
 create mode 100755 broker/oidc/src/main/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapper.java
 create mode 100644 social/github/src/main/java/org/keycloak/social/github/GitHubUserAttributeMapper.java
 create mode 100755 social/github/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper

diff --git a/broker/oidc/src/main/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapper.java b/broker/oidc/src/main/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapper.java
new file mode 100755
index 0000000000..7f3817b1c4
--- /dev/null
+++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapper.java
@@ -0,0 +1,133 @@
+package org.keycloak.broker.oidc.mappers;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.codehaus.jackson.JsonNode;
+import org.jboss.logging.Logger;
+import org.keycloak.broker.oidc.OIDCIdentityProvider;
+import org.keycloak.broker.provider.AbstractIdentityProviderMapper;
+import org.keycloak.broker.provider.BrokeredIdentityContext;
+import org.keycloak.models.IdentityProviderMapperModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.provider.ProviderConfigProperty;
+
+/**
+ * Abstract class for Social Provider mappers which allow mapping of JSON user profile field into Keycloak user attribute.
+ * Concrete mapper classes with own ID and provider mapping must be implemented for each social provider who uses {@link JsonNode} user profile.
+ * 
+ * @author Vlastimil Elias (velias at redhat dot com)
+ */
+public abstract class AbstractJsonUserAttributeMapper extends AbstractIdentityProviderMapper {
+
+    protected static final Logger logger = Logger.getLogger(AbstractJsonUserAttributeMapper.class);
+
+    protected static final Logger LOGGER_DUMP_USER_PROFILE = Logger.getLogger("org.keycloak.social.user_profile_dump");
+
+    /**
+     * Config param where name of mapping source JSON User Profile field is stored.
+     */
+    public static final String CONF_JSON_FIELD = "jsonField";
+    /**
+     * Config param where name of mapping target USer attribute is stored.
+     */
+    public static final String CONF_USER_ATTRIBUTE = "userAttribute";
+
+    /**
+     * Key in {@link BrokeredIdentityContext#getContextData()} where {@link JsonNode} with user profile is stored.
+     */
+    public static final String CONTEXT_JSON_NODE = OIDCIdentityProvider.USER_INFO;
+
+    private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
+
+    static {
+        ProviderConfigProperty property;
+        ProviderConfigProperty property1;
+        property1 = new ProviderConfigProperty();
+        property1.setName(CONF_JSON_FIELD);
+        property1.setLabel("Social Profile JSON Field Name");
+        property1.setHelpText("Name of field in Social provider User Profile JSON data to get value from.");
+        property1.setType(ProviderConfigProperty.STRING_TYPE);
+        configProperties.add(property1);
+        property = new ProviderConfigProperty();
+        property.setName(CONF_USER_ATTRIBUTE);
+        property.setLabel("User Attribute Name");
+        property.setHelpText("User attribute name to store information into.");
+        property.setType(ProviderConfigProperty.STRING_TYPE);
+        configProperties.add(property);
+    }
+
+    public static void storeUserProfileForMapper(BrokeredIdentityContext user, JsonNode profile) {
+        user.getContextData().put(AbstractJsonUserAttributeMapper.CONTEXT_JSON_NODE, profile);
+        if (LOGGER_DUMP_USER_PROFILE.isDebugEnabled())
+            LOGGER_DUMP_USER_PROFILE.debug("User Profile JSON Data: " + profile);
+    }
+
+    @Override
+    public List<ProviderConfigProperty> getConfigProperties() {
+        return configProperties;
+    }
+
+    @Override
+    public String getDisplayCategory() {
+        return "Attribute Importer";
+    }
+
+    @Override
+    public String getDisplayType() {
+        return "Attribute Importer";
+    }
+
+    @Override
+    public String getHelpText() {
+        return "Import user profile information if it exists in Social provider JSON data into the specified user attribute.";
+    }
+
+    @Override
+    public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+        String attribute = mapperModel.getConfig().get(CONF_USER_ATTRIBUTE);
+        if (attribute == null) {
+            logger.debug("Attribute is not configured");
+            return;
+        }
+
+        String value = getJsonValue(mapperModel, context);
+        if (value != null) {
+            user.setAttribute(attribute, value);
+        }
+    }
+
+    @Override
+    public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+        // we do not update user profile from social provider
+    }
+
+    protected static String getJsonValue(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+
+        String jsonField = mapperModel.getConfig().get(CONF_JSON_FIELD);
+        if (jsonField == null) {
+            logger.debug("JSON field is not configured");
+            return null;
+        }
+
+        JsonNode profileJsonNode = (JsonNode) context.getContextData().get(CONTEXT_JSON_NODE);
+
+        if (profileJsonNode != null) {
+            JsonNode value = profileJsonNode.get(jsonField);
+            if (value != null) {
+                String ret = value.asText();
+                if (ret != null && !ret.trim().isEmpty())
+                    return ret.trim();
+                else
+                    return null;
+            }
+        } else {
+            logger.debug("User profile JSON node is not available.");
+        }
+
+        return null;
+    }
+
+}
diff --git a/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java b/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
index 40a883b24a..cd36006976 100755
--- a/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
+++ b/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
@@ -3,10 +3,11 @@ package org.keycloak.social.github;
 import org.codehaus.jackson.JsonNode;
 import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
 import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
 import org.keycloak.broker.oidc.util.JsonSimpleHttp;
-import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.broker.provider.BrokeredIdentityContext;
 import org.keycloak.broker.provider.IdentityBrokerException;
+import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.social.SocialIdentityProvider;
 
 /**
@@ -14,40 +15,42 @@ import org.keycloak.social.SocialIdentityProvider;
  */
 public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider implements SocialIdentityProvider {
 
-    public static final String AUTH_URL = "https://github.com/login/oauth/authorize";
-    public static final String TOKEN_URL = "https://github.com/login/oauth/access_token";
-    public static final String PROFILE_URL = "https://api.github.com/user";
-    public static final String DEFAULT_SCOPE = "user:email";
+	public static final String AUTH_URL = "https://github.com/login/oauth/authorize";
+	public static final String TOKEN_URL = "https://github.com/login/oauth/access_token";
+	public static final String PROFILE_URL = "https://api.github.com/user";
+	public static final String DEFAULT_SCOPE = "user:email";
 
-    public GitHubIdentityProvider(OAuth2IdentityProviderConfig config) {
-        super(config);
-        config.setAuthorizationUrl(AUTH_URL);
-        config.setTokenUrl(TOKEN_URL);
-        config.setUserInfoUrl(PROFILE_URL);
-    }
+	public GitHubIdentityProvider(OAuth2IdentityProviderConfig config) {
+		super(config);
+		config.setAuthorizationUrl(AUTH_URL);
+		config.setTokenUrl(TOKEN_URL);
+		config.setUserInfoUrl(PROFILE_URL);
+	}
 
-    @Override
-    protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
-        try {
-            JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken));
+	@Override
+	protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
+		try {
+			JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken));
 
-            BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"));
+			BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"));
 
-            String username = getJsonProperty(profile, "login");
-            user.setUsername(username);
-            user.setName(getJsonProperty(profile, "name"));
-            user.setEmail(getJsonProperty(profile, "email"));
-            user.setIdpConfig(getConfig());
-            user.setIdp(this);
+			String username = getJsonProperty(profile, "login");
+			user.setUsername(username);
+			user.setName(getJsonProperty(profile, "name"));
+			user.setEmail(getJsonProperty(profile, "email"));
+			user.setIdpConfig(getConfig());
+			user.setIdp(this);
 
-            return user;
-        } catch (Exception e) {
-            throw new IdentityBrokerException("Could not obtain user profile from github.", e);
-        }
-    }
+			AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile);
 
-    @Override
-    protected String getDefaultScopes() {
-        return DEFAULT_SCOPE;
-    }
+			return user;
+		} catch (Exception e) {
+			throw new IdentityBrokerException("Could not obtain user profile from github.", e);
+		}
+	}
+
+	@Override
+	protected String getDefaultScopes() {
+		return DEFAULT_SCOPE;
+	}
 }
diff --git a/social/github/src/main/java/org/keycloak/social/github/GitHubUserAttributeMapper.java b/social/github/src/main/java/org/keycloak/social/github/GitHubUserAttributeMapper.java
new file mode 100644
index 0000000000..b4a6359076
--- /dev/null
+++ b/social/github/src/main/java/org/keycloak/social/github/GitHubUserAttributeMapper.java
@@ -0,0 +1,29 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @authors tag. All rights reserved.
+ */
+package org.keycloak.social.github;
+
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
+
+/**
+ * User attribute mapper.
+ * 
+ * @author Vlastimil Elias (velias at redhat dot com)
+ */
+public class GitHubUserAttributeMapper extends AbstractJsonUserAttributeMapper {
+
+	private static final String[] cp = new String[] { GitHubIdentityProviderFactory.PROVIDER_ID };
+
+	@Override
+	public String[] getCompatibleProviders() {
+		return cp;
+	}
+
+	@Override
+	public String getId() {
+		return "github-user-attribute-mapper";
+	}
+
+}
diff --git a/social/github/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper b/social/github/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
new file mode 100755
index 0000000000..25972f6fa3
--- /dev/null
+++ b/social/github/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
@@ -0,0 +1 @@
+org.keycloak.social.github.GitHubUserAttributeMapper
\ No newline at end of file

From 91283878ac477adbf4aa07602bd6ac2a23822b3e Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Mon, 8 Jun 2015 12:38:16 -0400
Subject: [PATCH 09/53] html encoding fix

---
 .../java/org/keycloak/util/HtmlUtils.java     |  12 +-
 .../keycloak/protocol/saml/SamlService.java   |   1 +
 .../testsuite/saml/SamlBindingTest.java       | 968 +++++++++---------
 .../saml/signed-get/WEB-INF/picketlink.xml    |   2 +-
 .../saml/simple-get/WEB-INF/picketlink.xml    |   2 +-
 5 files changed, 509 insertions(+), 476 deletions(-)
 mode change 100644 => 100755 core/src/main/java/org/keycloak/util/HtmlUtils.java

diff --git a/core/src/main/java/org/keycloak/util/HtmlUtils.java b/core/src/main/java/org/keycloak/util/HtmlUtils.java
old mode 100644
new mode 100755
index 7da97b7e88..2387482df4
--- a/core/src/main/java/org/keycloak/util/HtmlUtils.java
+++ b/core/src/main/java/org/keycloak/util/HtmlUtils.java
@@ -34,7 +34,17 @@ public class HtmlUtils {
         for (int i = 0; i < value.length(); i++) {
             char chr = value.charAt(i);
 
-            if (chr != '\'' && chr != '"' && chr != '<' && chr != '>' && chr != '/') {
+            if (chr == '<') {
+                escaped.append("&lt;");
+            } else if (chr == '>') {
+                escaped.append("&gt;");
+            } else if (chr == '"') {
+                escaped.append("&quot;");
+            } else if (chr == '\'') {
+                escaped.append("&apos;");
+            } else if (chr == '&') {
+                escaped.append("&amp;");
+            } else {
                 escaped.append(chr);
             }
         }
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
index bfa184b3b0..09b033b9d7 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
@@ -504,6 +504,7 @@ public class SamlService {
                                     @QueryParam(GeneralConstants.SAML_RESPONSE_KEY) String samlResponse,
                                     @QueryParam(GeneralConstants.RELAY_STATE) String relayState) {
         logger.debug("SAML GET");
+        //String uri = uriInfo.getRequestUri().toString();
         return new RedirectBindingProtocol().execute(samlRequest, samlResponse, relayState);
     }
 
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java
index 54700417d0..e82b04a8d4 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java
@@ -1,473 +1,495 @@
-package org.keycloak.testsuite.saml;
-
-import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput;
-import org.junit.Assert;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.keycloak.Config;
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.ClientSessionModel;
-import org.keycloak.models.Constants;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.ProtocolMapperModel;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.models.UserSessionModel;
-import org.keycloak.protocol.oidc.OIDCLoginProtocol;
-import org.keycloak.protocol.oidc.TokenManager;
-import org.keycloak.protocol.saml.mappers.AttributeStatementHelper;
-import org.keycloak.protocol.saml.mappers.HardcodedAttributeMapper;
-import org.keycloak.protocol.saml.mappers.HardcodedRole;
-import org.keycloak.protocol.saml.mappers.RoleListMapper;
-import org.keycloak.protocol.saml.mappers.RoleNameMapper;
-import org.keycloak.representations.AccessToken;
-import org.keycloak.services.managers.RealmManager;
-import org.keycloak.services.resources.admin.AdminRoot;
-import org.keycloak.testsuite.pages.LoginPage;
-import org.keycloak.testsuite.rule.KeycloakRule;
-import org.keycloak.testsuite.rule.WebResource;
-import org.keycloak.testsuite.rule.WebRule;
-import org.openqa.selenium.WebDriver;
-import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
-import org.keycloak.saml.processing.api.saml.v2.response.SAML2Response;
-import org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants;
-import org.keycloak.dom.saml.v2.assertion.AssertionType;
-import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
-import org.keycloak.dom.saml.v2.assertion.AttributeType;
-import org.keycloak.dom.saml.v2.protocol.ResponseType;
-import org.keycloak.saml.processing.web.util.PostBindingUtil;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.client.Client;
-import javax.ws.rs.client.ClientBuilder;
-import javax.ws.rs.client.ClientRequestContext;
-import javax.ws.rs.client.ClientRequestFilter;
-import javax.ws.rs.client.Entity;
-import javax.ws.rs.client.WebTarget;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriBuilder;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-/**
- * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
- */
-public class SamlBindingTest {
-
-    @ClassRule
-    public static SamlKeycloakRule keycloakRule = new SamlKeycloakRule() {
-        @Override
-        public void initWars() {
-             ClassLoader classLoader = SamlBindingTest.class.getClassLoader();
-
-            initializeSamlSecuredWar("/saml/simple-post", "/sales-post",  "post.war", classLoader);
-            initializeSamlSecuredWar("/saml/signed-post", "/sales-post-sig",  "post-sig.war", classLoader);
-            initializeSamlSecuredWar("/saml/signed-post-email", "/sales-post-sig-email",  "post-sig-email.war", classLoader);
-            initializeSamlSecuredWar("/saml/signed-post-transient", "/sales-post-sig-transient",  "post-sig-transient.war", classLoader);
-            initializeSamlSecuredWar("/saml/signed-post-persistent", "/sales-post-sig-persistent",  "post-sig-persistent.war", classLoader);
-            initializeSamlSecuredWar("/saml/signed-metadata", "/sales-metadata",  "post-metadata.war", classLoader);
-            initializeSamlSecuredWar("/saml/signed-get", "/employee-sig",  "employee-sig.war", classLoader);
-            //initializeSamlSecuredWar("/saml/simple-get", "/employee",  "employee.war", classLoader);
-            initializeSamlSecuredWar("/saml/signed-front-get", "/employee-sig-front",  "employee-sig-front.war", classLoader);
-            initializeSamlSecuredWar("/saml/bad-client-signed-post", "/bad-client-sales-post-sig",  "bad-client-post-sig.war", classLoader);
-            initializeSamlSecuredWar("/saml/bad-realm-signed-post", "/bad-realm-sales-post-sig",  "bad-realm-post-sig.war", classLoader);
-            initializeSamlSecuredWar("/saml/encrypted-post", "/sales-post-enc",  "post-enc.war", classLoader);
-            uploadSP();
-            server.getServer().deploy(createDeploymentInfo("employee.war", "/employee", SamlSPFacade.class));
-
-
-
-        }
-
-        @Override
-        public String getRealmJson() {
-            return "/saml/testsaml.json";
-        }
-    };
-
-    public static class SamlSPFacade extends HttpServlet {
-        public static String samlResponse;
-
-        @Override
-        protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-            handler(req, resp);
-        }
-
-        @Override
-        protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-            handler(req, resp);
-        }
-
-        private void handler(HttpServletRequest req, HttpServletResponse resp) {
-            System.out.println("********* HERE ******");
-            if (req.getParameterMap().isEmpty()) {
-                System.out.println("redirecting");
-                resp.setStatus(302);
-                resp.setHeader("Location", "http://localhost:8081/auth/realms/demo/protocol/saml?SAMLRequest=jVJbT8IwFP4rS99HuwluNIwEIUYSLwugD76Y2h2kSdfOng7l31uGRn0ATfrQ9HznfJfTEYpaN3zS%2Bo1ZwGsL6KP3WhvkXaEgrTPcClTIjagBuZd8Obm55mmP8cZZb6XV5NByGiwQwXllDYkmX9epNdjW4JbgtkrC%2FeK6IBvvG06ptlLojUXPc5YnFOpG2x0AJdEsaFRG7PuPoUWwQx0IXSOtoLb0SynduyLRpXUSOs8FWQuNQKL5rCDz2VO%2FymEgIY2zlJ3H%2FSx9jkU%2BzOK0ys8yNmSSsUEAYxnsqC18tyO2MDfohfEFSVkyiNlZzM5XacrDSbJePug%2Fkqj8FHKhTKXMy%2BnIng8g5FerVRmXd8sViR7AYec8AMh4tPfDO3L3Y2%2F%2F3cT4j7BH9Mf8A1nDb8PA%2Bay0WsldNNHavk1D1D5k4V0LXbi18MclJL2ke1FVvO6gvDXYgFRrBRWh4wPp7z85%2FgA%3D");
-                return;
-            }
-            System.out.println("received response");
-            samlResponse = req.getParameter("SAMLResponse");
-        }
-    }
-
-    @Rule
-    public WebRule webRule = new WebRule(this);
-    @WebResource
-    protected WebDriver driver;
-    @WebResource
-    protected LoginPage loginPage;
-
-    protected void checkLoggedOut(String mainUrl) {
-        String pageSource = driver.getPageSource();
-        System.out.println("*** logout pagesouce ***");
-        System.out.println(pageSource);
-        System.out.println("driver url: " + driver.getCurrentUrl());
-        Assert.assertTrue(pageSource.contains("request-path: /logout.jsp"));
-        driver.navigate().to(mainUrl);
-        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
-    }
-
-
-    @Test
-    public void testPostSimpleLoginLogout() {
-        driver.navigate().to("http://localhost:8081/sales-post/");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
-        loginPage.login("bburke", "password");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post/");
-        System.out.println(driver.getPageSource());
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to("http://localhost:8081/sales-post?GLO=true");
-        checkLoggedOut("http://localhost:8081/sales-post/");
-    }
-    @Test
-    public void testPostSignedLoginLogout() {
-        driver.navigate().to("http://localhost:8081/sales-post-sig/");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
-        loginPage.login("bburke", "password");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to("http://localhost:8081/sales-post-sig?GLO=true");
-        checkLoggedOut("http://localhost:8081/sales-post-sig/");
-
-    }
-    @Test
-    public void testPostSignedLoginLogoutTransientNameID() {
-        driver.navigate().to("http://localhost:8081/sales-post-sig-transient/");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
-        loginPage.login("bburke", "password");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig-transient/");
-        System.out.println(driver.getPageSource());
-        Assert.assertFalse(driver.getPageSource().contains("bburke"));
-        Assert.assertTrue(driver.getPageSource().contains("principal=G-"));
-        driver.navigate().to("http://localhost:8081/sales-post-sig-transient?GLO=true");
-        checkLoggedOut("http://localhost:8081/sales-post-sig-transient/");
-
-    }
-    @Test
-    public void testPostSignedLoginLogoutPersistentNameID() {
-        driver.navigate().to("http://localhost:8081/sales-post-sig-persistent/");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
-        loginPage.login("bburke", "password");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig-persistent/");
-        System.out.println(driver.getPageSource());
-        Assert.assertFalse(driver.getPageSource().contains("bburke"));
-        Assert.assertTrue(driver.getPageSource().contains("principal=G-"));
-        driver.navigate().to("http://localhost:8081/sales-post-sig-persistent?GLO=true");
-        checkLoggedOut("http://localhost:8081/sales-post-sig-persistent/");
-
-    }
-    @Test
-    public void testPostSignedLoginLogoutEmailNameID() {
-        driver.navigate().to("http://localhost:8081/sales-post-sig-email/");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
-        loginPage.login("bburke", "password");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig-email/");
-        System.out.println(driver.getPageSource());
-        Assert.assertTrue(driver.getPageSource().contains("principal=bburke@redhat.com"));
-        driver.navigate().to("http://localhost:8081/sales-post-sig-email?GLO=true");
-        checkLoggedOut("http://localhost:8081/sales-post-sig-email/");
-
-    }
-
-
-    @Test
-    public void testAttributes() throws Exception {
-        // this test has a hardcoded SAMLRequest and we hack a SP face servlet to get the SAMLResponse so we can look
-        // at the assertions sent.  This is because Picketlink, AFAICT, does not give you any way to get access to
-        // the assertion.
-
-        {
-            SamlSPFacade.samlResponse = null;
-            driver.navigate().to("http://localhost:8081/employee/");
-            Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
-            System.out.println(driver.getCurrentUrl());
-            loginPage.login("bburke", "password");
-            Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/");
-            Assert.assertNotNull(SamlSPFacade.samlResponse);
-            SAML2Response saml2Response = new SAML2Response();
-            byte[] samlResponse = PostBindingUtil.base64Decode(SamlSPFacade.samlResponse);
-            ResponseType rt = saml2Response.getResponseType(new ByteArrayInputStream(samlResponse));
-            Assert.assertTrue(rt.getAssertions().size() == 1);
-            AssertionType assertion = rt.getAssertions().get(0).getAssertion();
-
-            // test attributes and roles
-
-            boolean email = false;
-            boolean phone = false;
-            boolean userRole = false;
-            boolean managerRole = false;
-            for (AttributeStatementType statement : assertion.getAttributeStatements()) {
-                for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
-                    AttributeType attr = choice.getAttribute();
-                    if (X500SAMLProfileConstants.EMAIL.getFriendlyName().equals(attr.getFriendlyName())) {
-                        Assert.assertEquals(X500SAMLProfileConstants.EMAIL.get(), attr.getName());
-                        Assert.assertEquals(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get(), attr.getNameFormat());
-                        Assert.assertEquals(attr.getAttributeValue().get(0), "bburke@redhat.com");
-                        email = true;
-                    } else if (attr.getName().equals("phone")) {
-                        Assert.assertEquals(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_BASIC.get(), attr.getNameFormat());
-                        Assert.assertEquals(attr.getAttributeValue().get(0), "617");
-                        phone = true;
-                    } else if (attr.getName().equals("Role")) {
-                        if (attr.getAttributeValue().get(0).equals("manager")) managerRole = true;
-                        if (attr.getAttributeValue().get(0).equals("user")) userRole = true;
-                    }
-                }
-
-            }
-
-            Assert.assertTrue(email);
-            Assert.assertTrue(phone);
-            Assert.assertTrue(userRole);
-            Assert.assertTrue(managerRole);
-        }
-
-        keycloakRule.update(new KeycloakRule.KeycloakSetup() {
-            @Override
-            public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                ClientModel app = appRealm.getClientByClientId("http://localhost:8081/employee/");
-                for (ProtocolMapperModel mapper : app.getProtocolMappers()) {
-                    if (mapper.getName().equals("role-list")) {
-                        app.removeProtocolMapper(mapper);
-                        mapper.setId(null);
-                        mapper.getConfig().put(RoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true");
-                        mapper.getConfig().put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "memberOf");
-                        app.addProtocolMapper(mapper);
-                    }
-                }
-                app.addProtocolMapper(HardcodedAttributeMapper.create("hardcoded-attribute", "hardcoded-attribute", "Basic", null, "hard", false, null));
-                app.addProtocolMapper(HardcodedRole.create("hardcoded-role", "hardcoded-role"));
-                app.addProtocolMapper(RoleNameMapper.create("renamed-role", "manager", "el-jefe"));
-                app.addProtocolMapper(RoleNameMapper.create("renamed-employee-role", "http://localhost:8081/employee/.employee", "pee-on"));
-            }
-        }, "demo");
-
-        System.out.println(">>>>>>>>>> single role attribute <<<<<<<<");
-
-        {
-            SamlSPFacade.samlResponse = null;
-            driver.navigate().to("http://localhost:8081/employee/");
-            System.out.println(driver.getCurrentUrl());
-            Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/");
-            Assert.assertNotNull(SamlSPFacade.samlResponse);
-            SAML2Response saml2Response = new SAML2Response();
-            byte[] samlResponse = PostBindingUtil.base64Decode(SamlSPFacade.samlResponse);
-            ResponseType rt = saml2Response.getResponseType(new ByteArrayInputStream(samlResponse));
-            Assert.assertTrue(rt.getAssertions().size() == 1);
-            AssertionType assertion = rt.getAssertions().get(0).getAssertion();
-
-            // test attributes and roles
-
-            boolean userRole = false;
-            boolean managerRole = false;
-            boolean single = false;
-            boolean hardcodedRole = false;
-            boolean hardcodedAttribute = false;
-            boolean peeOn = false;
-            for (AttributeStatementType statement : assertion.getAttributeStatements()) {
-                for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
-                    AttributeType attr = choice.getAttribute();
-                    if (attr.getName().equals("memberOf")) {
-                        if (single) Assert.fail("too many role attributes");
-                        single = true;
-                        for (Object value : attr.getAttributeValue()) {
-                            if (value.equals("el-jefe")) managerRole = true;
-                            if (value.equals("user")) userRole = true;
-                            if (value.equals("hardcoded-role")) hardcodedRole = true;
-                            if (value.equals("pee-on")) peeOn = true;
-                        }
-                    } else if (attr.getName().equals("hardcoded-attribute")) {
-                        hardcodedAttribute = true;
-                        Assert.assertEquals(attr.getAttributeValue().get(0), "hard");
-                    }
-                }
-
-            }
-
-            Assert.assertTrue(single);
-            Assert.assertTrue(hardcodedAttribute);
-            Assert.assertTrue(hardcodedRole);
-            Assert.assertTrue(peeOn);
-            Assert.assertTrue(userRole);
-            Assert.assertTrue(managerRole);
-        }
-    }
-
-    @Test
-    public void testRedirectSignedLoginLogout() {
-        driver.navigate().to("http://localhost:8081/employee-sig/");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
-        loginPage.login("bburke", "password");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to("http://localhost:8081/employee-sig?GLO=true");
-        checkLoggedOut("http://localhost:8081/employee-sig/");
-
-    }
-
-    @Test
-    public void testRedirectSignedLoginLogoutFrontNoSSO() {
-        driver.navigate().to("http://localhost:8081/employee-sig-front/");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
-        loginPage.login("bburke", "password");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig-front/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to("http://localhost:8081/employee-sig-front?GLO=true");
-        checkLoggedOut("http://localhost:8081/employee-sig-front/");
-
-    }
-
-    @Test
-    public void testRedirectSignedLoginLogoutFront() {
-        // visit 1st app an logg in
-        System.out.println("visit 1st app ");
-        driver.navigate().to("http://localhost:8081/employee-sig/");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
-        System.out.println("login to form");
-        loginPage.login("bburke", "password");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-
-        // visit 2nd app
-        System.out.println("visit 2nd app ");
-        driver.navigate().to("http://localhost:8081/employee-sig-front/");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig-front/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-
-        // visit 3rd app
-        System.out.println("visit 3rd app ");
-        driver.navigate().to("http://localhost:8081/sales-post-sig/");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-
-        // logout of first app
-        System.out.println("GLO");
-        driver.navigate().to("http://localhost:8081/employee-sig?GLO=true");
-        checkLoggedOut("http://localhost:8081/employee-sig/");
-        driver.navigate().to("http://localhost:8081/employee-sig-front/");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
-        driver.navigate().to("http://localhost:8081/sales-post-sig/");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
-
-    }
-
-    @Test
-    public void testPostEncryptedLoginLogout() {
-        driver.navigate().to("http://localhost:8081/sales-post-enc/");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
-        loginPage.login("bburke", "password");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-enc/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to("http://localhost:8081/sales-post-enc?GLO=true");
-        checkLoggedOut("http://localhost:8081/sales-post-enc/");
-
-    }
-    @Test
-    public void testPostBadClientSignature() {
-        driver.navigate().to("http://localhost:8081/bad-client-sales-post-sig/");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
-        Assert.assertEquals(driver.getTitle(), "We're sorry...");
-
-    }
-
-    @Test
-    public void testPostBadRealmSignature() {
-        driver.navigate().to("http://localhost:8081/bad-realm-sales-post-sig/");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
-        loginPage.login("bburke", "password");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/bad-realm-sales-post-sig/");
-        Assert.assertTrue(driver.getPageSource().contains("null"));
-    }
-
-    private static String createToken() {
-        KeycloakSession session = keycloakRule.startSession();
-        try {
-            RealmManager manager = new RealmManager(session);
-
-            RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
-            ClientModel adminConsole = adminRealm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
-            TokenManager tm = new TokenManager();
-            UserModel admin = session.users().getUserByUsername("admin", adminRealm);
-            ClientSessionModel clientSession = session.sessions().createClientSession(adminRealm, adminConsole);
-            clientSession.setNote(OIDCLoginProtocol.ISSUER, "http://localhost:8081/auth/realms/master");
-            UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false, null, null);
-            AccessToken token = tm.createClientAccessToken(session, tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession, clientSession);
-            return tm.encodeToken(adminRealm, token);
-        } finally {
-            keycloakRule.stopSession(session, true);
-        }
-    }
-
-
-    @Test
-    public void testMetadataPostSignedLoginLogout() throws Exception {
-
-        driver.navigate().to("http://localhost:8081/sales-metadata/");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
-        loginPage.login("bburke", "password");
-        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-metadata/");
-        String pageSource = driver.getPageSource();
-        Assert.assertTrue(pageSource.contains("bburke"));
-        driver.navigate().to("http://localhost:8081/sales-metadata?GLO=true");
-        checkLoggedOut("http://localhost:8081/sales-metadata/");
-
-    }
-
-    public static void uploadSP() {
-        String token = createToken();
-        final String authHeader = "Bearer " + token;
-        ClientRequestFilter authFilter = new ClientRequestFilter() {
-            @Override
-            public void filter(ClientRequestContext requestContext) throws IOException {
-                requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, authHeader);
-            }
-        };
-        Client client = ClientBuilder.newBuilder().register(authFilter).build();
-        UriBuilder authBase = UriBuilder.fromUri("http://localhost:8081/auth");
-        WebTarget adminRealms = client.target(AdminRoot.realmsUrl(authBase));
-
-
-        MultipartFormDataOutput formData = new MultipartFormDataOutput();
-        InputStream is = SamlBindingTest.class.getResourceAsStream("/saml/sp-metadata.xml");
-        Assert.assertNotNull(is);
-        formData.addFormData("file", is, MediaType.APPLICATION_XML_TYPE);
-
-        WebTarget upload = adminRealms.path("demo/client-importers/saml2-entity-descriptor/upload");
-        System.out.println(upload.getUri());
-        Response response = upload.request().post(Entity.entity(formData, MediaType.MULTIPART_FORM_DATA));
-        Assert.assertEquals(204, response.getStatus());
-        response.close();
-        client.close();
-    }
-
-
-}
+package org.keycloak.testsuite.saml;
+
+import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput;
+import org.junit.Assert;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.keycloak.Config;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.ClientSessionModel;
+import org.keycloak.models.Constants;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.ProtocolMapperModel;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.UserSessionModel;
+import org.keycloak.protocol.oidc.OIDCLoginProtocol;
+import org.keycloak.protocol.oidc.TokenManager;
+import org.keycloak.protocol.saml.mappers.AttributeStatementHelper;
+import org.keycloak.protocol.saml.mappers.HardcodedAttributeMapper;
+import org.keycloak.protocol.saml.mappers.HardcodedRole;
+import org.keycloak.protocol.saml.mappers.RoleListMapper;
+import org.keycloak.protocol.saml.mappers.RoleNameMapper;
+import org.keycloak.representations.AccessToken;
+import org.keycloak.services.managers.RealmManager;
+import org.keycloak.services.resources.admin.AdminRoot;
+import org.keycloak.testsuite.pages.LoginPage;
+import org.keycloak.testsuite.rule.KeycloakRule;
+import org.keycloak.testsuite.rule.WebResource;
+import org.keycloak.testsuite.rule.WebRule;
+import org.openqa.selenium.WebDriver;
+import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
+import org.keycloak.saml.processing.api.saml.v2.response.SAML2Response;
+import org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants;
+import org.keycloak.dom.saml.v2.assertion.AssertionType;
+import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
+import org.keycloak.dom.saml.v2.assertion.AttributeType;
+import org.keycloak.dom.saml.v2.protocol.ResponseType;
+import org.keycloak.saml.processing.web.util.PostBindingUtil;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+import javax.ws.rs.client.ClientRequestContext;
+import javax.ws.rs.client.ClientRequestFilter;
+import javax.ws.rs.client.Entity;
+import javax.ws.rs.client.WebTarget;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriBuilder;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class SamlBindingTest {
+
+    @ClassRule
+    public static SamlKeycloakRule keycloakRule = new SamlKeycloakRule() {
+        @Override
+        public void initWars() {
+             ClassLoader classLoader = SamlBindingTest.class.getClassLoader();
+
+            initializeSamlSecuredWar("/saml/simple-post", "/sales-post",  "post.war", classLoader);
+            initializeSamlSecuredWar("/saml/signed-post", "/sales-post-sig",  "post-sig.war", classLoader);
+            initializeSamlSecuredWar("/saml/signed-post-email", "/sales-post-sig-email",  "post-sig-email.war", classLoader);
+            initializeSamlSecuredWar("/saml/signed-post-transient", "/sales-post-sig-transient",  "post-sig-transient.war", classLoader);
+            initializeSamlSecuredWar("/saml/signed-post-persistent", "/sales-post-sig-persistent",  "post-sig-persistent.war", classLoader);
+            initializeSamlSecuredWar("/saml/signed-metadata", "/sales-metadata",  "post-metadata.war", classLoader);
+            initializeSamlSecuredWar("/saml/signed-get", "/employee-sig",  "employee-sig.war", classLoader);
+            //initializeSamlSecuredWar("/saml/simple-get", "/employee",  "employee.war", classLoader);
+            initializeSamlSecuredWar("/saml/signed-front-get", "/employee-sig-front",  "employee-sig-front.war", classLoader);
+            initializeSamlSecuredWar("/saml/bad-client-signed-post", "/bad-client-sales-post-sig",  "bad-client-post-sig.war", classLoader);
+            initializeSamlSecuredWar("/saml/bad-realm-signed-post", "/bad-realm-sales-post-sig",  "bad-realm-post-sig.war", classLoader);
+            initializeSamlSecuredWar("/saml/encrypted-post", "/sales-post-enc",  "post-enc.war", classLoader);
+            uploadSP();
+            server.getServer().deploy(createDeploymentInfo("employee.war", "/employee", SamlSPFacade.class));
+
+
+
+        }
+
+        @Override
+        public String getRealmJson() {
+            return "/saml/testsaml.json";
+        }
+    };
+
+    public static class SamlSPFacade extends HttpServlet {
+        public static String samlResponse;
+        public static String RELAY_STATE = "http://test.com/foo/bar";
+        public static String sentRelayState;
+
+        @Override
+        protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+            handler(req, resp);
+        }
+
+        @Override
+        protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+            handler(req, resp);
+        }
+
+        private void handler(HttpServletRequest req, HttpServletResponse resp) {
+            System.out.println("********* HERE ******");
+            if (req.getParameterMap().isEmpty()) {
+                System.out.println("redirecting");
+                resp.setStatus(302);
+                // Redirect
+                // UriBuilder builder = UriBuilder.fromUri("http://localhost:8081/auth/realms/demo/protocol/saml?SAMLRequest=jVLRTsIwFP2Vpe%2BjG4wxG0YyWYxL0BBAH3wx3XYnTbp29nYof%2B8YEvEBNOlD03vOveec2ynyWjYsae1WreC9BbTOZy0Vsr4Qk9YopjkKZIrXgMwWbJ08LNhw4LHGaKsLLcmRch3MEcFYoRVxktN1rhW2NZg1mJ0o4Gm1iMnW2oZRKnXB5VajZZEX%2BRTqRuo9ACVO2mkUih%2F4l9C8s0MNcFkjLaHW9KSUHlwR506bAnrPMam4RCBOlsYkS1%2BD3MvLcDJxAx9KN4jCkXszrG5cP%2BCVH4y8IM8PYFx2dsQOfuiILWQKLVc2JkPPH7te6HrRxh%2BzUdidwSSIXoiz%2FBZyK1Qp1Nv1yPIjCNn9ZrN0V1AKA4UlzjMY7N13IDKbHjyxXoA5291%2FtzH7I%2FApPet%2FHNawx65hli61FMXeSaTUH%2FMubtvlYU0LfcA1t5cl%2BAO%2FfxGlW%2FVQ1ipsoBCVgJLQ2XHo7385%2BwI%3D");
+                UriBuilder builder = UriBuilder.fromUri("http://localhost:8081/auth/realms/demo/protocol/saml?SAMLRequest=jVJbT8IwFP4rS99HuwluNIwEIUYSLwugD76Y2h2kSdfOng7l31uGRn0ATfrQ9HznfJfTEYpaN3zS%2Bo1ZwGsL6KP3WhvkXaEgrTPcClTIjagBuZd8Obm55mmP8cZZb6XV5NByGiwQwXllDYkmX9epNdjW4JbgtkrC%2FeK6IBvvG06ptlLojUXPc5YnFOpG2x0AJdEsaFRG7PuPoUWwQx0IXSOtoLb0SynduyLRpXUSOs8FWQuNQKL5rCDz2VO%2FymEgIY2zlJ3H%2FSx9jkU%2BzOK0ys8yNmSSsUEAYxnsqC18tyO2MDfohfEFSVkyiNlZzM5XacrDSbJePug%2Fkqj8FHKhTKXMy%2BnIng8g5FerVRmXd8sViR7AYec8AMh4tPfDO3L3Y2%2F%2F3cT4j7BH9Mf8A1nDb8PA%2Bay0WsldNNHavk1D1D5k4V0LXbi18MclJL2ke1FVvO6gvDXYgFRrBRWh4wPp7z85%2FgA%3D");
+                builder.queryParam("RelayState", RELAY_STATE);
+                resp.setHeader("Location", builder.build().toString());
+                return;
+            }
+            System.out.println("received response");
+            samlResponse = req.getParameter("SAMLResponse");
+            sentRelayState = req.getParameter("RelayState");
+        }
+    }
+
+    @Rule
+    public WebRule webRule = new WebRule(this);
+    @WebResource
+    protected WebDriver driver;
+    @WebResource
+    protected LoginPage loginPage;
+
+    protected void checkLoggedOut(String mainUrl) {
+        String pageSource = driver.getPageSource();
+        System.out.println("*** logout pagesouce ***");
+        System.out.println(pageSource);
+        System.out.println("driver url: " + driver.getCurrentUrl());
+        Assert.assertTrue(pageSource.contains("request-path: /logout.jsp"));
+        driver.navigate().to(mainUrl);
+        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
+    }
+
+
+    @Test
+    public void testPostSimpleLoginLogout() {
+        driver.navigate().to("http://localhost:8081/sales-post/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post/");
+        System.out.println(driver.getPageSource());
+        Assert.assertTrue(driver.getPageSource().contains("bburke"));
+        driver.navigate().to("http://localhost:8081/sales-post?GLO=true");
+        checkLoggedOut("http://localhost:8081/sales-post/");
+    }
+    @Test
+    public void testPostSignedLoginLogout() {
+        driver.navigate().to("http://localhost:8081/sales-post-sig/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig/");
+        Assert.assertTrue(driver.getPageSource().contains("bburke"));
+        driver.navigate().to("http://localhost:8081/sales-post-sig?GLO=true");
+        checkLoggedOut("http://localhost:8081/sales-post-sig/");
+
+    }
+    @Test
+    public void testPostSignedLoginLogoutTransientNameID() {
+        driver.navigate().to("http://localhost:8081/sales-post-sig-transient/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig-transient/");
+        System.out.println(driver.getPageSource());
+        Assert.assertFalse(driver.getPageSource().contains("bburke"));
+        Assert.assertTrue(driver.getPageSource().contains("principal=G-"));
+        driver.navigate().to("http://localhost:8081/sales-post-sig-transient?GLO=true");
+        checkLoggedOut("http://localhost:8081/sales-post-sig-transient/");
+
+    }
+    @Test
+    public void testPostSignedLoginLogoutPersistentNameID() {
+        driver.navigate().to("http://localhost:8081/sales-post-sig-persistent/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig-persistent/");
+        System.out.println(driver.getPageSource());
+        Assert.assertFalse(driver.getPageSource().contains("bburke"));
+        Assert.assertTrue(driver.getPageSource().contains("principal=G-"));
+        driver.navigate().to("http://localhost:8081/sales-post-sig-persistent?GLO=true");
+        checkLoggedOut("http://localhost:8081/sales-post-sig-persistent/");
+
+    }
+    @Test
+    public void testPostSignedLoginLogoutEmailNameID() {
+        driver.navigate().to("http://localhost:8081/sales-post-sig-email/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig-email/");
+        System.out.println(driver.getPageSource());
+        Assert.assertTrue(driver.getPageSource().contains("principal=bburke@redhat.com"));
+        driver.navigate().to("http://localhost:8081/sales-post-sig-email?GLO=true");
+        checkLoggedOut("http://localhost:8081/sales-post-sig-email/");
+
+    }
+
+    @Test
+    public void testRelayStateEncoding() throws Exception {
+        // this test has a hardcoded SAMLRequest and we hack a SP face servlet to get the SAMLResponse so we can look
+        // at the relay state
+        SamlSPFacade.samlResponse = null;
+        driver.navigate().to("http://localhost:8081/employee/");
+        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
+        System.out.println(driver.getCurrentUrl());
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/");
+        Assert.assertEquals(SamlSPFacade.sentRelayState, SamlSPFacade.RELAY_STATE);
+        Assert.assertNotNull(SamlSPFacade.samlResponse);
+
+    }
+
+
+    @Test
+    public void testAttributes() throws Exception {
+        // this test has a hardcoded SAMLRequest and we hack a SP face servlet to get the SAMLResponse so we can look
+        // at the assertions sent.  This is because Picketlink, AFAICT, does not give you any way to get access to
+        // the assertion.
+
+        {
+            SamlSPFacade.samlResponse = null;
+            driver.navigate().to("http://localhost:8081/employee/");
+            Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
+            System.out.println(driver.getCurrentUrl());
+            loginPage.login("bburke", "password");
+            Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/");
+            Assert.assertNotNull(SamlSPFacade.samlResponse);
+            SAML2Response saml2Response = new SAML2Response();
+            byte[] samlResponse = PostBindingUtil.base64Decode(SamlSPFacade.samlResponse);
+            ResponseType rt = saml2Response.getResponseType(new ByteArrayInputStream(samlResponse));
+            Assert.assertTrue(rt.getAssertions().size() == 1);
+            AssertionType assertion = rt.getAssertions().get(0).getAssertion();
+
+            // test attributes and roles
+
+            boolean email = false;
+            boolean phone = false;
+            boolean userRole = false;
+            boolean managerRole = false;
+            for (AttributeStatementType statement : assertion.getAttributeStatements()) {
+                for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
+                    AttributeType attr = choice.getAttribute();
+                    if (X500SAMLProfileConstants.EMAIL.getFriendlyName().equals(attr.getFriendlyName())) {
+                        Assert.assertEquals(X500SAMLProfileConstants.EMAIL.get(), attr.getName());
+                        Assert.assertEquals(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get(), attr.getNameFormat());
+                        Assert.assertEquals(attr.getAttributeValue().get(0), "bburke@redhat.com");
+                        email = true;
+                    } else if (attr.getName().equals("phone")) {
+                        Assert.assertEquals(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_BASIC.get(), attr.getNameFormat());
+                        Assert.assertEquals(attr.getAttributeValue().get(0), "617");
+                        phone = true;
+                    } else if (attr.getName().equals("Role")) {
+                        if (attr.getAttributeValue().get(0).equals("manager")) managerRole = true;
+                        if (attr.getAttributeValue().get(0).equals("user")) userRole = true;
+                    }
+                }
+
+            }
+
+            Assert.assertTrue(email);
+            Assert.assertTrue(phone);
+            Assert.assertTrue(userRole);
+            Assert.assertTrue(managerRole);
+        }
+
+        keycloakRule.update(new KeycloakRule.KeycloakSetup() {
+            @Override
+            public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+                ClientModel app = appRealm.getClientByClientId("http://localhost:8081/employee/");
+                for (ProtocolMapperModel mapper : app.getProtocolMappers()) {
+                    if (mapper.getName().equals("role-list")) {
+                        app.removeProtocolMapper(mapper);
+                        mapper.setId(null);
+                        mapper.getConfig().put(RoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true");
+                        mapper.getConfig().put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "memberOf");
+                        app.addProtocolMapper(mapper);
+                    }
+                }
+                app.addProtocolMapper(HardcodedAttributeMapper.create("hardcoded-attribute", "hardcoded-attribute", "Basic", null, "hard", false, null));
+                app.addProtocolMapper(HardcodedRole.create("hardcoded-role", "hardcoded-role"));
+                app.addProtocolMapper(RoleNameMapper.create("renamed-role", "manager", "el-jefe"));
+                app.addProtocolMapper(RoleNameMapper.create("renamed-employee-role", "http://localhost:8081/employee/.employee", "pee-on"));
+            }
+        }, "demo");
+
+        System.out.println(">>>>>>>>>> single role attribute <<<<<<<<");
+
+        {
+            SamlSPFacade.samlResponse = null;
+            driver.navigate().to("http://localhost:8081/employee/");
+            System.out.println(driver.getCurrentUrl());
+            Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/");
+            Assert.assertNotNull(SamlSPFacade.samlResponse);
+            SAML2Response saml2Response = new SAML2Response();
+            byte[] samlResponse = PostBindingUtil.base64Decode(SamlSPFacade.samlResponse);
+            ResponseType rt = saml2Response.getResponseType(new ByteArrayInputStream(samlResponse));
+            Assert.assertTrue(rt.getAssertions().size() == 1);
+            AssertionType assertion = rt.getAssertions().get(0).getAssertion();
+
+            // test attributes and roles
+
+            boolean userRole = false;
+            boolean managerRole = false;
+            boolean single = false;
+            boolean hardcodedRole = false;
+            boolean hardcodedAttribute = false;
+            boolean peeOn = false;
+            for (AttributeStatementType statement : assertion.getAttributeStatements()) {
+                for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
+                    AttributeType attr = choice.getAttribute();
+                    if (attr.getName().equals("memberOf")) {
+                        if (single) Assert.fail("too many role attributes");
+                        single = true;
+                        for (Object value : attr.getAttributeValue()) {
+                            if (value.equals("el-jefe")) managerRole = true;
+                            if (value.equals("user")) userRole = true;
+                            if (value.equals("hardcoded-role")) hardcodedRole = true;
+                            if (value.equals("pee-on")) peeOn = true;
+                        }
+                    } else if (attr.getName().equals("hardcoded-attribute")) {
+                        hardcodedAttribute = true;
+                        Assert.assertEquals(attr.getAttributeValue().get(0), "hard");
+                    }
+                }
+
+            }
+
+            Assert.assertTrue(single);
+            Assert.assertTrue(hardcodedAttribute);
+            Assert.assertTrue(hardcodedRole);
+            Assert.assertTrue(peeOn);
+            Assert.assertTrue(userRole);
+            Assert.assertTrue(managerRole);
+        }
+    }
+
+    @Test
+    public void testRedirectSignedLoginLogout() {
+        driver.navigate().to("http://localhost:8081/employee-sig/");
+        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig/");
+        Assert.assertTrue(driver.getPageSource().contains("bburke"));
+        driver.navigate().to("http://localhost:8081/employee-sig?GLO=true");
+        checkLoggedOut("http://localhost:8081/employee-sig/");
+
+    }
+
+    @Test
+    public void testRedirectSignedLoginLogoutFrontNoSSO() {
+        driver.navigate().to("http://localhost:8081/employee-sig-front/");
+        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig-front/");
+        Assert.assertTrue(driver.getPageSource().contains("bburke"));
+        driver.navigate().to("http://localhost:8081/employee-sig-front?GLO=true");
+        checkLoggedOut("http://localhost:8081/employee-sig-front/");
+
+    }
+
+    @Test
+    public void testRedirectSignedLoginLogoutFront() {
+        // visit 1st app an logg in
+        System.out.println("visit 1st app ");
+        driver.navigate().to("http://localhost:8081/employee-sig/");
+        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
+        System.out.println("login to form");
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig/");
+        Assert.assertTrue(driver.getPageSource().contains("bburke"));
+
+        // visit 2nd app
+        System.out.println("visit 2nd app ");
+        driver.navigate().to("http://localhost:8081/employee-sig-front/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig-front/");
+        Assert.assertTrue(driver.getPageSource().contains("bburke"));
+
+        // visit 3rd app
+        System.out.println("visit 3rd app ");
+        driver.navigate().to("http://localhost:8081/sales-post-sig/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig/");
+        Assert.assertTrue(driver.getPageSource().contains("bburke"));
+
+        // logout of first app
+        System.out.println("GLO");
+        driver.navigate().to("http://localhost:8081/employee-sig?GLO=true");
+        checkLoggedOut("http://localhost:8081/employee-sig/");
+        driver.navigate().to("http://localhost:8081/employee-sig-front/");
+        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
+        driver.navigate().to("http://localhost:8081/sales-post-sig/");
+        Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
+
+    }
+
+    @Test
+    public void testPostEncryptedLoginLogout() {
+        driver.navigate().to("http://localhost:8081/sales-post-enc/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-enc/");
+        Assert.assertTrue(driver.getPageSource().contains("bburke"));
+        driver.navigate().to("http://localhost:8081/sales-post-enc?GLO=true");
+        checkLoggedOut("http://localhost:8081/sales-post-enc/");
+
+    }
+    @Test
+    public void testPostBadClientSignature() {
+        driver.navigate().to("http://localhost:8081/bad-client-sales-post-sig/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+        Assert.assertEquals(driver.getTitle(), "We're sorry...");
+
+    }
+
+    @Test
+    public void testPostBadRealmSignature() {
+        driver.navigate().to("http://localhost:8081/bad-realm-sales-post-sig/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/bad-realm-sales-post-sig/");
+        Assert.assertTrue(driver.getPageSource().contains("null"));
+    }
+
+    private static String createToken() {
+        KeycloakSession session = keycloakRule.startSession();
+        try {
+            RealmManager manager = new RealmManager(session);
+
+            RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
+            ClientModel adminConsole = adminRealm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
+            TokenManager tm = new TokenManager();
+            UserModel admin = session.users().getUserByUsername("admin", adminRealm);
+            ClientSessionModel clientSession = session.sessions().createClientSession(adminRealm, adminConsole);
+            clientSession.setNote(OIDCLoginProtocol.ISSUER, "http://localhost:8081/auth/realms/master");
+            UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false, null, null);
+            AccessToken token = tm.createClientAccessToken(session, tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession, clientSession);
+            return tm.encodeToken(adminRealm, token);
+        } finally {
+            keycloakRule.stopSession(session, true);
+        }
+    }
+
+
+    @Test
+    public void testMetadataPostSignedLoginLogout() throws Exception {
+
+        driver.navigate().to("http://localhost:8081/sales-metadata/");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
+        loginPage.login("bburke", "password");
+        Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-metadata/");
+        String pageSource = driver.getPageSource();
+        Assert.assertTrue(pageSource.contains("bburke"));
+        driver.navigate().to("http://localhost:8081/sales-metadata?GLO=true");
+        checkLoggedOut("http://localhost:8081/sales-metadata/");
+
+    }
+
+    public static void uploadSP() {
+        String token = createToken();
+        final String authHeader = "Bearer " + token;
+        ClientRequestFilter authFilter = new ClientRequestFilter() {
+            @Override
+            public void filter(ClientRequestContext requestContext) throws IOException {
+                requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, authHeader);
+            }
+        };
+        Client client = ClientBuilder.newBuilder().register(authFilter).build();
+        UriBuilder authBase = UriBuilder.fromUri("http://localhost:8081/auth");
+        WebTarget adminRealms = client.target(AdminRoot.realmsUrl(authBase));
+
+
+        MultipartFormDataOutput formData = new MultipartFormDataOutput();
+        InputStream is = SamlBindingTest.class.getResourceAsStream("/saml/sp-metadata.xml");
+        Assert.assertNotNull(is);
+        formData.addFormData("file", is, MediaType.APPLICATION_XML_TYPE);
+
+        WebTarget upload = adminRealms.path("demo/client-importers/saml2-entity-descriptor/upload");
+        System.out.println(upload.getUri());
+        Response response = upload.request().post(Entity.entity(formData, MediaType.MULTIPART_FORM_DATA));
+        Assert.assertEquals(204, response.getStatus());
+        response.close();
+        client.close();
+    }
+
+
+}
diff --git a/testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml b/testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml
index e2e7e3ba40..2dd9522e4f 100755
--- a/testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml
+++ b/testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml
@@ -1,6 +1,6 @@
 <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
 	<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
-		ServerEnvironment="tomcat" BindingType="REDIRECT" SupportsSignatures="true">
+		ServerEnvironment="tomcat" BindingType="REDIRECT" SupportsSignatures="true" IDPUsesPostBinding="false">
 		<IdentityURL>${idp-sig.url::http://localhost:8081/auth/realms/demo/protocol/saml}
 		</IdentityURL>
 		<ServiceURL>${employee-sig.url::http://localhost:8081/employee-sig/}
diff --git a/testsuite/integration/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml b/testsuite/integration/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml
index 7636260689..ade45d1cd8 100755
--- a/testsuite/integration/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml
+++ b/testsuite/integration/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml
@@ -1,6 +1,6 @@
 <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
 	<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
-		ServerEnvironment="tomcat" BindingType="REDIRECT" RelayState="someURL">
+		ServerEnvironment="tomcat" BindingType="REDIRECT" IDPUsesPostBinding="false">
 		<IdentityURL>${idp.url::http://localhost:8081/auth/realms/demo/protocol/saml}</IdentityURL>
 		<ServiceURL>${employee.url::http://localhost:8081/employee/}
 		</ServiceURL>

From e977a363ef257d5707ac80a164bc03b4f33fc410 Mon Sep 17 00:00:00 2001
From: Stan Silvert <ssilvert@redhat.com>
Date: Mon, 8 Jun 2015 13:04:52 -0400
Subject: [PATCH 10/53] Require user to specify a temporary admin password to
 do admin recovery.

---
 .../en/en-US/modules/admin-recovery.xml       |  6 ++--
 .../keycloak/offlineconfig/AdminRecovery.java | 18 ++++++++---
 .../offlineconfig/OfflineConfigException.java | 32 +++++++++++++++++++
 .../services/managers/ApplianceBootstrap.java | 12 +++----
 .../offlineconfig/AdminRecoveryTest.java      | 17 ++++++++++
 5 files changed, 72 insertions(+), 13 deletions(-)
 create mode 100644 services/src/main/java/org/keycloak/offlineconfig/OfflineConfigException.java

diff --git a/docbook/reference/en/en-US/modules/admin-recovery.xml b/docbook/reference/en/en-US/modules/admin-recovery.xml
index e026cddecd..941284805f 100755
--- a/docbook/reference/en/en-US/modules/admin-recovery.xml
+++ b/docbook/reference/en/en-US/modules/admin-recovery.xml
@@ -5,11 +5,11 @@
         accidentally deleted, its role mappings were removed, or the password was simply forgotten.
     </para>
     <para>
-        To recover the master admin user, just start the server with the following system property:
+        To recover the master admin user, just start the server with the following system properties:
         <programlisting><![CDATA[
-bin/standalone.sh -Dkeycloak.recover-admin=true
+bin/standalone.sh -Dkeycloak.recover-admin=true -Dkeycloak.temp-admin-password=temppassword
 ]]></programlisting>
-        Then you can log in to the master admin account with the default password "admin".  You will then be
+        Then you can log in to the master admin account with your temporary password.  You will then be
         prompted to immediately change this password.
     </para>
 </chapter>
\ No newline at end of file
diff --git a/services/src/main/java/org/keycloak/offlineconfig/AdminRecovery.java b/services/src/main/java/org/keycloak/offlineconfig/AdminRecovery.java
index 0f384ce5d7..cb775b1b5f 100644
--- a/services/src/main/java/org/keycloak/offlineconfig/AdminRecovery.java
+++ b/services/src/main/java/org/keycloak/offlineconfig/AdminRecovery.java
@@ -36,6 +36,7 @@ public class AdminRecovery {
     private static final Logger log = Logger.getLogger(AdminRecovery.class);
 
     public static final String RECOVER_ADMIN_ACCOUNT = "keycloak.recover-admin";
+    public static final String TEMP_ADMIN_PASSWORD = "keycloak.temp-admin-password";
 
     // Don't allow instances
     private AdminRecovery() {}
@@ -47,14 +48,15 @@ public class AdminRecovery {
 
         session.getTransaction().begin();
         try {
-            doRecover(session);
+            doRecover(session, getTempAdminPassword());
             session.getTransaction().commit();
             log.info("*******************************");
             log.info("Recovered Master Admin account.");
             log.info("*******************************");
         } finally {
             session.close();
-            System.setProperty(AdminRecovery.RECOVER_ADMIN_ACCOUNT, "false");
+            System.clearProperty(RECOVER_ADMIN_ACCOUNT);
+            System.clearProperty(TEMP_ADMIN_PASSWORD);
         }
     }
 
@@ -63,7 +65,15 @@ public class AdminRecovery {
         return Boolean.parseBoolean(strNeedRecovery);
     }
 
-    private static void doRecover(KeycloakSession session) {
+    private static String getTempAdminPassword() {
+        String tempAdminPassword = System.getProperty(TEMP_ADMIN_PASSWORD);
+        if ((tempAdminPassword == null) || tempAdminPassword.isEmpty()) {
+            throw new OfflineConfigException("Must provide temporary admin password to recover admin account.");
+        }
+        return tempAdminPassword;
+    }
+
+    private static void doRecover(KeycloakSession session, String tempAdminPassword) {
         RealmProvider realmProvider = session.realms();
         UserProvider userProvider = session.users();
 
@@ -75,6 +85,6 @@ public class AdminRecovery {
             adminUser = userProvider.addUser(realm, "admin");
         }
 
-        ApplianceBootstrap.setupAdminUser(session, realm, adminUser);
+        ApplianceBootstrap.setupAdminUser(session, realm, adminUser, tempAdminPassword);
     }
 }
diff --git a/services/src/main/java/org/keycloak/offlineconfig/OfflineConfigException.java b/services/src/main/java/org/keycloak/offlineconfig/OfflineConfigException.java
new file mode 100644
index 0000000000..09a4a5ca6d
--- /dev/null
+++ b/services/src/main/java/org/keycloak/offlineconfig/OfflineConfigException.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.keycloak.offlineconfig;
+
+/**
+ * Runtime exception thrown when an offline configuration fails.  Offline
+ * configuration is defined as any configuration done before the Keycloak Server
+ * starts accepting requests.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2015 Red Hat Inc.
+ */
+public class OfflineConfigException extends IllegalStateException {
+
+    public OfflineConfigException(String msg) {
+        super(msg);
+    }
+}
diff --git a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
index fbd6ea5309..7510572c79 100755
--- a/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
+++ b/services/src/main/java/org/keycloak/services/managers/ApplianceBootstrap.java
@@ -61,15 +61,15 @@ public class ApplianceBootstrap {
         KeycloakModelUtils.generateRealmKeys(realm);
 
         UserModel adminUser = session.users().addUser(realm, "admin");
-        setupAdminUser(session, realm, adminUser);
+        setupAdminUser(session, realm, adminUser, "admin");
     }
 
-    public static void setupAdminUser(KeycloakSession session, RealmModel realm, UserModel adminUser) {
+    public static void setupAdminUser(KeycloakSession session, RealmModel realm, UserModel adminUser, String password) {
         adminUser.setEnabled(true);
-        UserCredentialModel password = new UserCredentialModel();
-        password.setType(UserCredentialModel.PASSWORD);
-        password.setValue("admin");
-        session.users().updateCredential(realm, adminUser, password);
+        UserCredentialModel usrCredModel = new UserCredentialModel();
+        usrCredModel.setType(UserCredentialModel.PASSWORD);
+        usrCredModel.setValue(password);
+        session.users().updateCredential(realm, adminUser, usrCredModel);
         adminUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
 
         RoleModel adminRole = realm.getRole(AdminRoles.ADMIN);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/offlineconfig/AdminRecoveryTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/offlineconfig/AdminRecoveryTest.java
index b8aebbb2df..7e070dd607 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/offlineconfig/AdminRecoveryTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/offlineconfig/AdminRecoveryTest.java
@@ -17,6 +17,7 @@
 
 package org.keycloak.testsuite.offlineconfig;
 
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.ClassRule;
 import org.junit.Rule;
@@ -27,6 +28,7 @@ import org.keycloak.models.UserCredentialValueModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserModel.RequiredAction;
 import org.keycloak.offlineconfig.AdminRecovery;
+import org.keycloak.offlineconfig.OfflineConfigException;
 import org.keycloak.testsuite.rule.KeycloakRule;
 import org.keycloak.testsuite.rule.WebRule;
 
@@ -42,6 +44,13 @@ public class AdminRecoveryTest {
     @Rule
     public WebRule webRule = new WebRule(this);
 
+    // Verifies that system properties were cleared at the end of recovery
+    @After
+    public void verifySysPropsCleared() {
+        Assert.assertNull(System.getProperty(AdminRecovery.RECOVER_ADMIN_ACCOUNT));
+        Assert.assertNull(System.getProperty(AdminRecovery.TEMP_ADMIN_PASSWORD));
+    }
+
     @Test
     public void testAdminDeletedRecovery() {
         KeycloakSession session = keycloakRule.startSession();
@@ -78,8 +87,16 @@ public class AdminRecoveryTest {
         Assert.assertNotEquals("forgotten-password", getAdminPassword());
     }
 
+    @Test(expected = OfflineConfigException.class)
+    public void testAdminRecoveryWithoutPassword() {
+        KeycloakSession session = keycloakRule.startSession();
+        System.setProperty(AdminRecovery.RECOVER_ADMIN_ACCOUNT, "true");
+        AdminRecovery.recover(session.getKeycloakSessionFactory());
+    }
+
     private void doAdminRecovery(KeycloakSession session) {
         System.setProperty(AdminRecovery.RECOVER_ADMIN_ACCOUNT, "true");
+        System.setProperty(AdminRecovery.TEMP_ADMIN_PASSWORD, "foo");
         AdminRecovery.recover(session.getKeycloakSessionFactory());
     }
 

From 7badd3d5e5a737de7b528689e9042d1dfe007205 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Mon, 8 Jun 2015 15:04:34 +0200
Subject: [PATCH 11/53] JSON migration

---
 .../idm/RealmRepresentation.java              |  4 +++
 .../migrators/MigrateTo1_3_0_Beta1.java       | 33 ++++++++++++-------
 2 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
index 3443f4fca1..dabc8dbf6d 100755
--- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
@@ -266,6 +266,10 @@ public class RealmRepresentation {
         this.codeSecret = codeSecret;
     }
 
+    public Boolean isPasswordCredentialGrantAllowed() {
+        return passwordCredentialGrantAllowed;
+    }
+
     public Boolean isRegistrationAllowed() {
         return registrationAllowed;
     }
diff --git a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java
index ce013404cf..195910b2f7 100755
--- a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java
+++ b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java
@@ -5,6 +5,7 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.LDAPConstants;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserFederationEventAwareProviderFactory;
+import org.keycloak.models.UserFederationMapperModel;
 import org.keycloak.models.UserFederationProvider;
 import org.keycloak.models.UserFederationProviderFactory;
 import org.keycloak.models.UserFederationProviderModel;
@@ -12,6 +13,7 @@ import org.keycloak.models.utils.DefaultAuthenticationFlows;
 
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import javax.naming.directory.SearchControls;
 
@@ -43,29 +45,38 @@ public class MigrateTo1_3_0_Beta1 {
                 Map<String, String> config = fedProvider.getConfig();
 
                 // Update config properties for LDAP federation provider
-                config.put(LDAPConstants.SEARCH_SCOPE, String.valueOf(SearchControls.SUBTREE_SCOPE));
+                if (config.get(LDAPConstants.SEARCH_SCOPE) == null) {
+                    config.put(LDAPConstants.SEARCH_SCOPE, String.valueOf(SearchControls.SUBTREE_SCOPE));
+                }
 
                 String usersDn = config.remove("userDnSuffix");
-                config.put(LDAPConstants.USERS_DN, usersDn);
+                if (usersDn != null && config.get(LDAPConstants.USERS_DN) == null) {
+                    config.put(LDAPConstants.USERS_DN, usersDn);
+                }
 
-                String rdnLdapAttribute = config.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
-                if (rdnLdapAttribute != null) {
-                    if (rdnLdapAttribute.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) {
+                String usernameLdapAttribute = config.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
+                if (usernameLdapAttribute != null && config.get(LDAPConstants.RDN_LDAP_ATTRIBUTE) == null) {
+                    if (usernameLdapAttribute.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) {
                         config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, LDAPConstants.CN);
                     } else {
-                        config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, rdnLdapAttribute);
+                        config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, usernameLdapAttribute);
                     }
                 }
 
-                String uuidAttrName = LDAPConstants.getUuidAttributeName(config.get(LDAPConstants.VENDOR));
-                config.put(LDAPConstants.UUID_LDAP_ATTRIBUTE, uuidAttrName);
+                if (config.get(LDAPConstants.UUID_LDAP_ATTRIBUTE) == null) {
+                    String uuidAttrName = LDAPConstants.getUuidAttributeName(config.get(LDAPConstants.VENDOR));
+                    config.put(LDAPConstants.UUID_LDAP_ATTRIBUTE, uuidAttrName);
+                }
 
                 realm.updateUserFederationProvider(fedProvider);
 
                 // Create default mappers for LDAP
-                UserFederationProviderFactory ldapFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, LDAPConstants.LDAP_PROVIDER);
-                if (ldapFactory != null) {
-                    ((UserFederationEventAwareProviderFactory) ldapFactory).onProviderModelCreated(realm, fedProvider);
+                Set<UserFederationMapperModel> mappers = realm.getUserFederationMappersByFederationProvider(fedProvider.getId());
+                if (mappers.isEmpty()) {
+                    UserFederationProviderFactory ldapFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, LDAPConstants.LDAP_PROVIDER);
+                    if (ldapFactory != null) {
+                        ((UserFederationEventAwareProviderFactory) ldapFactory).onProviderModelCreated(realm, fedProvider);
+                    }
                 }
             }
         }

From 80ff7b92db521027a1bcfad4dc99dfd933c9a9c8 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Mon, 8 Jun 2015 17:39:13 +0200
Subject: [PATCH 12/53] KEYCLOAK-886 Reduce some LDAP info logging to trace and
 debug

---
 .../ldap/idm/query/internal/OrCondition.java  |  2 --
 .../idm/store/ldap/LDAPIdentityStore.java     | 18 ++++++++---------
 .../idm/store/ldap/LDAPOperationManager.java  | 20 +++++++++----------
 .../mappers/RoleLDAPFederationMapper.java     |  7 ++-----
 .../models/UserFederationManager.java         |  2 +-
 .../models/UserFederationProvider.java        |  4 +++-
 6 files changed, 24 insertions(+), 29 deletions(-)

diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/query/internal/OrCondition.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/query/internal/OrCondition.java
index 436355b27f..d898ffd23a 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/query/internal/OrCondition.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/query/internal/OrCondition.java
@@ -1,7 +1,5 @@
 package org.keycloak.federation.ldap.idm.query.internal;
 
-import java.util.List;
-
 import org.keycloak.federation.ldap.idm.query.Condition;
 import org.keycloak.federation.ldap.idm.query.QueryParameter;
 
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java
index 03b23a31bb..3dbfd0a399 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.java
@@ -181,8 +181,8 @@ public class LDAPIdentityStore implements IdentityStore {
     public boolean validatePassword(LDAPObject user, String password) {
         String userDN = user.getDn().toString();
 
-        if (logger.isDebugEnabled()) {
-            logger.debugf("Using DN [%s] for authentication of user", userDN);
+        if (logger.isTraceEnabled()) {
+            logger.tracef("Using DN [%s] for authentication of user", userDN);
         }
 
         if (operationManager.authenticate(userDN, password)) {
@@ -259,7 +259,9 @@ public class LDAPIdentityStore implements IdentityStore {
         filter.append(getObjectClassesFilter(identityQuery.getObjectClasses()));
         filter.append(")");
 
-        logger.infof("Using filter for LDAP search: %s", filter);
+        if (logger.isTraceEnabled()) {
+            logger.tracef("Using filter for LDAP search: %s . Searching in DN: %s", filter, identityQuery.getSearchDn());
+        }
         return filter;
     }
 
@@ -378,10 +380,6 @@ public class LDAPIdentityStore implements IdentityStore {
             ldapObject.setDn(dn);
             ldapObject.setRdnAttributeName(dn.getFirstRdnAttrName());
 
-            if (logger.isTraceEnabled()) {
-                logger.tracef("Populating LDAP Object from DN [%s]", entryDN);
-            }
-
             NamingEnumeration<? extends Attribute> ldapAttributes = attributes.getAll();
 
             // Exact name of attributes might be different
@@ -415,9 +413,6 @@ public class LDAPIdentityStore implements IdentityStore {
                     if (ldapAttributeName.equalsIgnoreCase(LDAPConstants.OBJECT_CLASS)) {
                         ldapObject.setObjectClasses(attrValues);
                     } else {
-                        if (logger.isTraceEnabled()) {
-                            logger.tracef("Populating ldap attribute [%s] with value [%s] for DN [%s].", ldapAttributeName, attrValues.toString(), entryDN);
-                        }
                         if (attrValues.size() == 1) {
                             ldapObject.setAttribute(ldapAttributeName, attrValues.iterator().next());
                         } else {
@@ -431,6 +426,9 @@ public class LDAPIdentityStore implements IdentityStore {
                 }
             }
 
+            if (logger.isTraceEnabled()) {
+                logger.tracef("Found ldap object [%s] and populated with the attributes [%s]. Read-only attributes are [%s]", ldapObject.getDn().toString(), ldapObject.getAttributes(), ldapObject.getReadOnlyAttributeNames());
+            }
             return ldapObject;
 
         } catch (Exception e) {
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
index fd88f392c0..8d934f3a11 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/store/ldap/LDAPOperationManager.java
@@ -128,8 +128,8 @@ public class LDAPOperationManager {
             execute(new LdapOperation<SearchResult>() {
                 @Override
                 public SearchResult execute(LdapContext context) throws NamingException {
-                    if (logger.isDebugEnabled()) {
-                        logger.debugf("Removing entry with DN [%s]", entryDn);
+                    if (logger.isTraceEnabled()) {
+                        logger.tracef("Removing entry with DN [%s]", entryDn);
                     }
                     destroySubcontext(context, entryDn);
                     return null;
@@ -357,8 +357,8 @@ public class LDAPOperationManager {
 
     public void modifyAttributes(final String dn, final ModificationItem[] mods) {
         try {
-            if (logger.isDebugEnabled()) {
-                logger.debugf("Modifying attributes for entry [%s]: [", dn);
+            if (logger.isTraceEnabled()) {
+                logger.tracef("Modifying attributes for entry [%s]: [", dn);
 
                 for (ModificationItem item : mods) {
                     Object values;
@@ -369,10 +369,10 @@ public class LDAPOperationManager {
                         values = "No values";
                     }
 
-                    logger.debugf("  Op [%s]: %s = %s", item.getModificationOp(), item.getAttribute().getID(), values);
+                    logger.tracef("  Op [%s]: %s = %s", item.getModificationOp(), item.getAttribute().getID(), values);
                 }
 
-                logger.debugf("]");
+                logger.tracef("]");
             }
 
             execute(new LdapOperation<Void>() {
@@ -389,18 +389,18 @@ public class LDAPOperationManager {
 
     public void createSubContext(final String name, final Attributes attributes) {
         try {
-            if (logger.isDebugEnabled()) {
-                logger.debugf("Creating entry [%s] with attributes: [", name);
+            if (logger.isTraceEnabled()) {
+                logger.tracef("Creating entry [%s] with attributes: [", name);
 
                 NamingEnumeration<? extends Attribute> all = attributes.getAll();
 
                 while (all.hasMore()) {
                     Attribute attribute = all.next();
 
-                    logger.debugf("  %s = %s", attribute.getID(), attribute.get());
+                    logger.tracef("  %s = %s", attribute.getID(), attribute.get());
                 }
 
-                logger.debugf("]");
+                logger.tracef("]");
             }
 
             execute(new LdapOperation<Void>() {
diff --git a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java
index 2a78169c04..165309c1e7 100644
--- a/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java
+++ b/federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/RoleLDAPFederationMapper.java
@@ -79,8 +79,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
                 RoleContainerModel roleContainer = getTargetRoleContainer(mapperModel, realm);
                 RoleModel role = roleContainer.getRole(roleName);
 
-                // TODO: debug
-                logger.infof("Granting role [%s] to user [%s] during import from LDAP", roleName, user.getUsername());
+                logger.debugf("Granting role [%s] to user [%s] during import from LDAP", roleName, user.getUsername());
                 user.grantRole(role);
             }
         }
@@ -94,8 +93,7 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
     // Sync roles from LDAP tree and create them in local Keycloak DB (if they don't exist here yet)
     protected void syncRolesFromLDAP(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, RealmModel realm) {
         if (!rolesSyncedModels.contains(mapperModel.getId())) {
-            // TODO: debug
-            logger.infof("Syncing roles from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getDisplayName());
+            logger.debugf("Syncing roles from LDAP into Keycloak DB. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getDisplayName());
 
             LDAPIdentityQuery ldapQuery = createRoleQuery(mapperModel, ldapProvider);
 
@@ -108,7 +106,6 @@ public class RoleLDAPFederationMapper extends AbstractLDAPFederationMapper {
                 String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
 
                 if (roleContainer.getRole(roleName) == null) {
-                    // TODO: debug
                     logger.infof("Syncing role [%s] from LDAP to keycloak DB", roleName);
                     roleContainer.addRole(roleName);
                 }
diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
index 93045c1f19..4682dddbfa 100755
--- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
@@ -20,7 +20,7 @@ public class UserFederationManager implements UserProvider {
 
     protected KeycloakSession session;
 
-    // Set of already validated/proxied users during this session. Key is user ID
+    // Set of already validated/proxied federation users during this session. Key is user ID
     private Map<String, UserModel> managedUsers = new HashMap<>();
 
     public UserFederationManager(KeycloakSession session) {
diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationProvider.java b/model/api/src/main/java/org/keycloak/models/UserFederationProvider.java
index 7c97d675ee..8fdd45ac16 100755
--- a/model/api/src/main/java/org/keycloak/models/UserFederationProvider.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationProvider.java
@@ -44,11 +44,12 @@ public interface UserFederationProvider extends Provider {
 
     /**
      * Gives the provider an option to validate if user still exists in federation backend and then proxy UserModel loaded from local storage.
-     * This method is called whenever a UserModel is pulled from local storage.
+     * This method is called whenever a UserModel is pulled from Keycloak local storage.
      * For example, the LDAP provider proxies the UserModel and does on-demand synchronization with
      * LDAP whenever UserModel update methods are invoked.  It also overrides UserModel.updateCredential for the
      * credential types it supports
      *
+     * @param realm
      * @param local
      * @return null if user is no longer valid or proxy object otherwise
      */
@@ -122,6 +123,7 @@ public interface UserFederationProvider extends Provider {
      * Is the Keycloak UserModel still valid and/or existing in federated storage?  Keycloak may call this method
      * in various user operations.  The local storage may be deleted if this method returns false.
      *
+     * @param realm
      * @param local
      * @return
      */

From b80a4a0aa9ca363e7f51fd3a5c53d748db2669dd Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Mon, 8 Jun 2015 21:10:25 +0200
Subject: [PATCH 13/53] KEYCLOAK-1358 docs for LDAP mappers

---
 .../modules/MigrationFromOlderVersions.xml    | 13 +++++
 .../en/en-US/modules/user-federation.xml      | 57 ++++++++++++++++++-
 2 files changed, 67 insertions(+), 3 deletions(-)

diff --git a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
index dc8e4404b6..68e48b4a1e 100755
--- a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
+++ b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
@@ -89,6 +89,19 @@
                     option to enable/disable for a realm is removed.
                 </para>
             </simplesect>
+            <simplesect>
+                <title>Database changed</title>
+                <para>
+                    There are again few database changes. Remember to backup your database prior to upgrading.
+                </para>
+            </simplesect>
+            <simplesect>
+                <title>UserFederationProvider changed</title>
+                <para>
+                    There are few minor changes in UserFederationProvider interface. You may need to sync your implementation when upgrade
+                    to newer version and upgrade few methods, which has changed signature. Changes are really minor, but were needed to improve performance of federation.
+                </para>
+            </simplesect>
         </section>
         <section>
             <title>Migrating from 1.2.0.Beta1 to 1.2.0.RC1</title>
diff --git a/docbook/reference/en/en-US/modules/user-federation.xml b/docbook/reference/en/en-US/modules/user-federation.xml
index a8e6c17358..c8e9856a3c 100755
--- a/docbook/reference/en/en-US/modules/user-federation.xml
+++ b/docbook/reference/en/en-US/modules/user-federation.xml
@@ -24,7 +24,8 @@
     <section>
         <title>LDAP and Active Directory Plugin</title>
         <para>
-            Keycloak comes with a built-in LDAP/AD plugin.  Currently it is set up only to import username, email, first and last name.
+            Keycloak comes with a built-in LDAP/AD plugin.  By default, it is set up only to import username, email, first and last name, but you are free
+            to configure <link linkend='ldap_mappers'>mappers</link> and add more attributes or delete default ones.
             It supports password validation via LDAP/AD protocols and different user metadata synchronization modes.  To configure
             a federated LDAP store go to the admin console.  Click on the <literal>Users</literal> menu option to get you
             to the user management page.  Then click on the <literal>Federation</literal> submenu option.  When
@@ -41,7 +42,7 @@
                         <term>READONLY</term>
                         <listitem>
                             <para>
-                                Username, email, first and last name will be unchangable.  Keycloak will show an error
+                                Username, email, first and last name and other mapped attributes will be unchangeable.  Keycloak will show an error
                                 anytime anybody tries to update these fields.  Also, password updates will not be supported.
                             </para>
                         </listitem>
@@ -50,7 +51,7 @@
                         <term>WRITABLE</term>
                         <listitem>
                             <para>
-                                Username, email, first and last name, and passwords can all be updated and will
+                                Username, email, first and last name, other mapped attributes and passwords can all be updated and will
                                 be synchronized automatically with your LDAP store.
                             </para>
                         </listitem>
@@ -158,6 +159,56 @@
         </para>
         <para>In admin console, you can trigger sync directly or you can enable periodic changed or full sync.</para>
     </section>
+    <section id="ldap_mappers">
+        <title>LDAP/Federation mappers</title>
+        <para>
+            LDAP mappers are <literal>listeners</literal>, which are triggered by LDAP Federation provider at various points and provide
+            another extension point to LDAP integration. They are triggered during import LDAP user into Keycloak, registration Keycloak user back to LDAP or when querying LDAP user from Keycloak.
+            When you create LDAP Federation provider, Keycloak will automatically provide set of builtin <literal>mappers</literal> for this provider.
+            You are free to change this set and create new mapper or update/delete existing ones.
+        </para>
+        <para>
+            By default, we have those implementation of LDAP federation mapper:
+            <variablelist>
+                <varlistentry>
+                    <term>User Attribute Mapper</term>
+                    <listitem>
+                        <para>
+                            This allows to specify which LDAP attribute is mapped to which attribute of Keycloak User. So for example you can configure
+                            that LDAP attribute <literal>mail</literal> is supposed to be mapped to the UserModel attribute <literal>email</literal> in Keycloak database.
+                            For this mapper implementation, there is always one-to-one mapping (one LDAP attribute mapped to one Keycloak UserModel attribute)
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>FullName Mapper</term>
+                    <listitem>
+                        <para>
+                            This allows to specify that fullname of user, which is saved in some LDAP attribute (usualy <literal>cn</literal> ) will be mapped to
+                            <literal>firstName</literal> and <literal>lastname</literal> attributes of UserModel. Having <literal>cn</literal> to contain full name of user
+                            is common case for some LDAP deployments.
+                        </para>
+                    </listitem>
+                </varlistentry>
+                <varlistentry>
+                    <term>Role Mapper</term>
+                    <listitem>
+                        <para>
+                            This allows to configure role mappings from LDAP into Keycloak role mappings. One Role mapper can be used to map LDAP roles
+                            (usually groups from particular branch of LDAP tree) into roles corresponding to either realm roles or client roles of specified client.
+                            It's not a problem to configure more Role mappers for same LDAP provider. So for example you can specify that role mappings from groups under
+                            <literal>ou=main,dc=example,dc=org</literal> will be mapped to realm role mappings and role mappings from
+                            groups under <literal>ou=finance,dc=example,dc=org</literal> will be mapped to client role mappings of client <literal>finance</literal> .
+                        </para>
+                    </listitem>
+                </varlistentry>
+            </variablelist>
+        </para>
+        <para>By default, there is set of User Attribute mappers to map basic UserModel attributes username, first name, lastname and email to corresponding LDAP attributes. You are free to extend this and provide
+            more attribute mappings (For example to street, postalCode etc), delete firstName/lastname mapper and put fullName mapper instead, add role mappers etc.
+            Admin console provides tooltips, which should help on how to configure corresponding mappers.
+        </para>
+    </section>
     <section>
         <title>Writing your own User Federation Provider</title>
         <para>

From c6e0195a3c67246c0a71209ec48f2cc629623d3e Mon Sep 17 00:00:00 2001
From: Vlastimil Elias <vlastimil.elias@worldonline.cz>
Date: Tue, 9 Jun 2015 13:49:58 +0200
Subject: [PATCH 14/53] KEYCLOAK-1373 - added attribute importer for other
 social providers, documented

---
 .../broker/oidc/OIDCIdentityProvider.java     |   4 +-
 .../AbstractJsonUserAttributeMapper.java      | 255 +++++++++++-------
 .../AbstractJsonUserAttributeMapperTest.java  | 120 +++++++++
 .../en/en-US/modules/identity-broker.xml      |  18 ++
 .../facebook/FacebookIdentityProvider.java    |  95 +++----
 .../facebook/FacebookUserAttributeMapper.java |  29 ++
 ...oak.broker.provider.IdentityProviderMapper |   1 +
 .../social/github/GitHubIdentityProvider.java |   2 +-
 .../google/GoogleUserAttributeMapper.java     |  29 ++
 ...oak.broker.provider.IdentityProviderMapper |   1 +
 .../linkedin/LinkedInIdentityProvider.java    |  17 +-
 .../linkedin/LinkedInUserAttributeMapper.java |  29 ++
 ...oak.broker.provider.IdentityProviderMapper |   1 +
 .../StackoverflowIdentityProvider.java        |  21 +-
 .../StackoverflowUserAttributeMapper.java     |  29 ++
 ...oak.broker.provider.IdentityProviderMapper |   1 +
 16 files changed, 495 insertions(+), 157 deletions(-)
 create mode 100644 broker/oidc/src/test/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapperTest.java
 create mode 100644 social/facebook/src/main/java/org/keycloak/social/facebook/FacebookUserAttributeMapper.java
 create mode 100755 social/facebook/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
 create mode 100644 social/google/src/main/java/org/keycloak/social/google/GoogleUserAttributeMapper.java
 create mode 100755 social/google/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
 create mode 100644 social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInUserAttributeMapper.java
 create mode 100755 social/linkedin/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
 create mode 100644 social/stackoverflow/src/main/java/org/keycloak/social/stackoverflow/StackoverflowUserAttributeMapper.java
 create mode 100755 social/stackoverflow/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper

diff --git a/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java b/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
index 01e6c418bd..c576a5d6cd 100755
--- a/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
+++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
@@ -19,6 +19,7 @@ package org.keycloak.broker.oidc;
 
 import org.codehaus.jackson.JsonNode;
 import org.jboss.logging.Logger;
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
 import org.keycloak.broker.oidc.util.JsonSimpleHttp;
 import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.broker.provider.AuthenticationRequest;
@@ -50,6 +51,7 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
+
 import java.io.IOException;
 import java.security.PublicKey;
 
@@ -224,7 +226,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
                 name = getJsonProperty(userInfo, "name");
                 preferredUsername = getJsonProperty(userInfo, "preferred_username");
                 email = getJsonProperty(userInfo, "email");
-                identity.getContextData().put(USER_INFO, userInfo);
+                AbstractJsonUserAttributeMapper.storeUserProfileForMapper(identity, userInfo, getConfig().getAlias());
             }
             identity.getContextData().put(FEDERATED_ACCESS_TOKEN_RESPONSE, tokenResponse);
             identity.getContextData().put(VALIDATED_ID_TOKEN, idToken);
diff --git a/broker/oidc/src/main/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapper.java b/broker/oidc/src/main/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapper.java
index 7f3817b1c4..9f5085e273 100755
--- a/broker/oidc/src/main/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapper.java
+++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapper.java
@@ -15,119 +15,192 @@ import org.keycloak.models.UserModel;
 import org.keycloak.provider.ProviderConfigProperty;
 
 /**
- * Abstract class for Social Provider mappers which allow mapping of JSON user profile field into Keycloak user attribute.
- * Concrete mapper classes with own ID and provider mapping must be implemented for each social provider who uses {@link JsonNode} user profile.
+ * Abstract class for Social Provider mappers which allow mapping of JSON user profile field into Keycloak user
+ * attribute. Concrete mapper classes with own ID and provider mapping must be implemented for each social provider who
+ * uses {@link JsonNode} user profile.
  * 
  * @author Vlastimil Elias (velias at redhat dot com)
  */
 public abstract class AbstractJsonUserAttributeMapper extends AbstractIdentityProviderMapper {
 
-    protected static final Logger logger = Logger.getLogger(AbstractJsonUserAttributeMapper.class);
 
-    protected static final Logger LOGGER_DUMP_USER_PROFILE = Logger.getLogger("org.keycloak.social.user_profile_dump");
+	protected static final Logger logger = Logger.getLogger(AbstractJsonUserAttributeMapper.class);
 
-    /**
-     * Config param where name of mapping source JSON User Profile field is stored.
-     */
-    public static final String CONF_JSON_FIELD = "jsonField";
-    /**
-     * Config param where name of mapping target USer attribute is stored.
-     */
-    public static final String CONF_USER_ATTRIBUTE = "userAttribute";
+	protected static final Logger LOGGER_DUMP_USER_PROFILE = Logger.getLogger("org.keycloak.social.user_profile_dump");
 
-    /**
-     * Key in {@link BrokeredIdentityContext#getContextData()} where {@link JsonNode} with user profile is stored.
-     */
-    public static final String CONTEXT_JSON_NODE = OIDCIdentityProvider.USER_INFO;
+	private static final String JSON_PATH_DELIMITER = ".";
 
-    private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
+	/**
+	 * Config param where name of mapping source JSON User Profile field is stored.
+	 */
+	public static final String CONF_JSON_FIELD = "jsonField";
+	/**
+	 * Config param where name of mapping target USer attribute is stored.
+	 */
+	public static final String CONF_USER_ATTRIBUTE = "userAttribute";
 
-    static {
-        ProviderConfigProperty property;
-        ProviderConfigProperty property1;
-        property1 = new ProviderConfigProperty();
-        property1.setName(CONF_JSON_FIELD);
-        property1.setLabel("Social Profile JSON Field Name");
-        property1.setHelpText("Name of field in Social provider User Profile JSON data to get value from.");
-        property1.setType(ProviderConfigProperty.STRING_TYPE);
-        configProperties.add(property1);
-        property = new ProviderConfigProperty();
-        property.setName(CONF_USER_ATTRIBUTE);
-        property.setLabel("User Attribute Name");
-        property.setHelpText("User attribute name to store information into.");
-        property.setType(ProviderConfigProperty.STRING_TYPE);
-        configProperties.add(property);
-    }
+	/**
+	 * Key in {@link BrokeredIdentityContext#getContextData()} where {@link JsonNode} with user profile is stored.
+	 */
+	public static final String CONTEXT_JSON_NODE = OIDCIdentityProvider.USER_INFO;
 
-    public static void storeUserProfileForMapper(BrokeredIdentityContext user, JsonNode profile) {
-        user.getContextData().put(AbstractJsonUserAttributeMapper.CONTEXT_JSON_NODE, profile);
-        if (LOGGER_DUMP_USER_PROFILE.isDebugEnabled())
-            LOGGER_DUMP_USER_PROFILE.debug("User Profile JSON Data: " + profile);
-    }
+	private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
 
-    @Override
-    public List<ProviderConfigProperty> getConfigProperties() {
-        return configProperties;
-    }
+	static {
+		ProviderConfigProperty property;
+		ProviderConfigProperty property1;
+		property1 = new ProviderConfigProperty();
+		property1.setName(CONF_JSON_FIELD);
+		property1.setLabel("Social Profile JSON Field Path");
+		property1.setHelpText("Path of field in Social provider User Profile JSON data to get value from. You can use dot notation for nesting and square brackets for array index. Eg. 'contact.address[0].country'.");
+		property1.setType(ProviderConfigProperty.STRING_TYPE);
+		configProperties.add(property1);
+		property = new ProviderConfigProperty();
+		property.setName(CONF_USER_ATTRIBUTE);
+		property.setLabel("User Attribute Name");
+		property.setHelpText("User attribute name to store information into.");
+		property.setType(ProviderConfigProperty.STRING_TYPE);
+		configProperties.add(property);
+	}
 
-    @Override
-    public String getDisplayCategory() {
-        return "Attribute Importer";
-    }
+	/**
+	 * Store used profile JsonNode into user context for later use by this mapper. Profile data are dumped into special logger if enabled also to allow investigation of the structure. 
+	 * 
+	 * @param user context to store profile data into
+	 * @param profile to store into context
+	 * @param provider identification of social provider to be used in log dump
+	 * 
+	 * @see #importNewUser(KeycloakSession, RealmModel, UserModel, IdentityProviderMapperModel, BrokeredIdentityContext)
+	 * @see BrokeredIdentityContext#getContextData()
+	 */
+	public static void storeUserProfileForMapper(BrokeredIdentityContext user, JsonNode profile, String provider) {
+		user.getContextData().put(AbstractJsonUserAttributeMapper.CONTEXT_JSON_NODE, profile);
+		if (LOGGER_DUMP_USER_PROFILE.isDebugEnabled())
+			LOGGER_DUMP_USER_PROFILE.debug("User Profile JSON Data for provider "+provider+": " + profile);
+	}
 
-    @Override
-    public String getDisplayType() {
-        return "Attribute Importer";
-    }
+	@Override
+	public List<ProviderConfigProperty> getConfigProperties() {
+		return configProperties;
+	}
 
-    @Override
-    public String getHelpText() {
-        return "Import user profile information if it exists in Social provider JSON data into the specified user attribute.";
-    }
+	@Override
+	public String getDisplayCategory() {
+		return "Attribute Importer";
+	}
 
-    @Override
-    public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
-        String attribute = mapperModel.getConfig().get(CONF_USER_ATTRIBUTE);
-        if (attribute == null) {
-            logger.debug("Attribute is not configured");
-            return;
-        }
+	@Override
+	public String getDisplayType() {
+		return "Attribute Importer";
+	}
 
-        String value = getJsonValue(mapperModel, context);
-        if (value != null) {
-            user.setAttribute(attribute, value);
-        }
-    }
+	@Override
+	public String getHelpText() {
+		return "Import user profile information if it exists in Social provider JSON data into the specified user attribute.";
+	}
 
-    @Override
-    public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
-        // we do not update user profile from social provider
-    }
+	@Override
+	public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+		String attribute = mapperModel.getConfig().get(CONF_USER_ATTRIBUTE);
+		if (attribute == null || attribute.trim().isEmpty()) {
+			logger.debug("Attribute is not configured");
+			return;
+		}
+		attribute = attribute.trim();
 
-    protected static String getJsonValue(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+		String value = getJsonValue(mapperModel, context);
+		if (value != null) {
+			user.setAttribute(attribute, value);
+		}
+	}
 
-        String jsonField = mapperModel.getConfig().get(CONF_JSON_FIELD);
-        if (jsonField == null) {
-            logger.debug("JSON field is not configured");
-            return null;
-        }
+	@Override
+	public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+		// we do not update user profile from social provider
+	}
 
-        JsonNode profileJsonNode = (JsonNode) context.getContextData().get(CONTEXT_JSON_NODE);
+	protected static String getJsonValue(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
 
-        if (profileJsonNode != null) {
-            JsonNode value = profileJsonNode.get(jsonField);
-            if (value != null) {
-                String ret = value.asText();
-                if (ret != null && !ret.trim().isEmpty())
-                    return ret.trim();
-                else
-                    return null;
-            }
-        } else {
-            logger.debug("User profile JSON node is not available.");
-        }
+		String jsonField = mapperModel.getConfig().get(CONF_JSON_FIELD);
+		if (jsonField == null || jsonField.trim().isEmpty()) {
+			logger.debug("JSON field path is not configured");
+			return null;
+		}
+		jsonField = jsonField.trim();
 
-        return null;
-    }
+		if (jsonField.startsWith(JSON_PATH_DELIMITER) || jsonField.endsWith(JSON_PATH_DELIMITER) || jsonField.startsWith("[")) {
+			logger.debug("JSON field path is invalid " + jsonField);
+			return null;
+		}
+
+		JsonNode profileJsonNode = (JsonNode) context.getContextData().get(CONTEXT_JSON_NODE);
+
+		String value = getJsonValue(profileJsonNode, jsonField);
+
+		if (value == null) {
+			logger.debug("User profile JSON value '" + jsonField + "' is not available.");
+		}
+
+		return value;
+	}
+
+	protected static String getJsonValue(JsonNode baseNode, String fieldPath) {
+		logger.debug("Going to process JsonNode path " + fieldPath + " on data " + baseNode);
+		if (baseNode != null) {
+
+			int idx = fieldPath.indexOf(JSON_PATH_DELIMITER);
+
+			String currentFieldName = fieldPath;
+			if (idx > 0) {
+				currentFieldName = fieldPath.substring(0, idx).trim();
+				if (currentFieldName.isEmpty()) {
+					logger.debug("JSON path is invalid " + fieldPath);
+					return null;
+				}
+			}
+
+			String currentNodeName = currentFieldName;
+			int arrayIndex = -1;
+			if (currentFieldName.endsWith("]")) {
+				int bi = currentFieldName.indexOf("[");
+				if (bi == -1) {
+					logger.debug("Invalid array index construct in " + currentFieldName);
+					return null;
+				}
+				try {
+				String is = currentFieldName.substring(bi+1, currentFieldName.length() - 1).trim();
+					arrayIndex = Integer.parseInt(is);
+				} catch (Exception e) {
+					logger.debug("Invalid array index construct in " + currentFieldName);
+					return null;
+				}
+				currentNodeName = currentFieldName.substring(0,bi).trim();
+			}
+
+			JsonNode currentNode = baseNode.get(currentNodeName);
+			if (arrayIndex > -1 && currentNode.isArray()) {
+				logger.debug("Going to take array node at index " + arrayIndex);
+				currentNode = currentNode.get(arrayIndex);
+			}
+
+			if (currentNode == null) {
+				logger.debug("JsonNode not found for name " + currentFieldName);
+				return null;
+			}
+
+			if (idx < 0) {
+				if (!currentNode.isValueNode()) {
+					logger.debug("JsonNode is not value node for name " + currentFieldName);
+					return null;
+				}
+				String ret = currentNode.asText();
+				if (ret != null && !ret.trim().isEmpty())
+					return ret.trim();
+			} else {
+				return getJsonValue(currentNode, fieldPath.substring(idx + 1));
+			}
+		}
+		return null;
+	}
 
 }
diff --git a/broker/oidc/src/test/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapperTest.java b/broker/oidc/src/test/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapperTest.java
new file mode 100644
index 0000000000..dcd1abebd8
--- /dev/null
+++ b/broker/oidc/src/test/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapperTest.java
@@ -0,0 +1,120 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @authors tag. All rights reserved.
+ */
+package org.keycloak.broker.oidc.mappers;
+
+import java.io.IOException;
+
+import org.codehaus.jackson.JsonNode;
+import org.codehaus.jackson.JsonProcessingException;
+import org.codehaus.jackson.map.ObjectMapper;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * Unit test for {@link AbstractJsonUserAttributeMapper}
+ * 
+ * @author Vlastimil Elias (velias at redhat dot com)
+ */
+public class AbstractJsonUserAttributeMapperTest {
+
+	private static ObjectMapper mapper = new ObjectMapper();
+
+	private static JsonNode baseNode;
+
+	private JsonNode getJsonNode() throws JsonProcessingException, IOException {
+		if (baseNode == null)
+			baseNode = mapper.readTree("{ \"value1\" : \"v1 \",\"value_empty\" : \"\", \"value_b\" : true, \"value_i\" : 454, " + " \"value_array\":[\"a1\",\"a2\"], " +" \"nest1\": {\"value1\": \" fgh \",\"value_empty\" : \"\", \"nest2\":{\"value_b\" : false, \"value_i\" : 43}}, "+ " \"nesta\": { \"a\":[{\"av1\": \"vala1\"},{\"av1\": \"vala2\"}]}"+" }");
+		return baseNode;
+	}
+
+	@Test
+	public void getJsonValue_invalidPath() throws JsonProcessingException, IOException {
+
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "."));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), ".."));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "...value1"));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), ".value1"));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value1."));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "[]"));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "[value1"));
+	}
+
+	@Test
+	public void getJsonValue_simpleValues() throws JsonProcessingException, IOException {
+
+		//unknown field returns null
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_unknown"));
+		
+		// we check value is trimmed also!
+		Assert.assertEquals("v1", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_empty"));
+
+		Assert.assertEquals("true", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_b"));
+		Assert.assertEquals("454", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_i"));
+
+	}
+
+	@Test
+	public void getJsonValue_nestedSimpleValues() throws JsonProcessingException, IOException {
+
+		// null if path points to JSON object
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.nest2"));
+
+		//unknown field returns null
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.value_unknown"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.nest2.value_unknown"));
+
+		// we check value is trimmed also!
+		Assert.assertEquals("fgh", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.value1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.value_empty"));
+
+		Assert.assertEquals("false", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.nest2.value_b"));
+		Assert.assertEquals("43", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.nest2.value_i"));
+
+		// null if invalid nested path
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1."));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.nest2."));
+	}
+
+	@Test
+	public void getJsonValue_simpleArray() throws JsonProcessingException, IOException {
+
+		// array field itself returns null if no index is provided
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array"));
+		// outside index returns null
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array[2]"));
+
+		//corect index
+		Assert.assertEquals("a1", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array[0]"));
+		Assert.assertEquals("a2", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array[1]"));
+		
+		//incorrect array constructs
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array[]"));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array]"));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array["));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array[a]"));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array[-2]"));
+	}
+
+	@Test
+	public void getJsonValue_nestedArrayWithObjects() throws JsonProcessingException, IOException {
+		Assert.assertEquals("vala1", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[0].av1"));
+		Assert.assertEquals("vala2", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[1].av1"));
+
+		//different path erros or nonexisting indexes or fields return null
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[2].av1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[0]"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[0].av_unknown"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[].av1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a.av1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a].av1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[.av1"));
+		
+	}
+
+}
diff --git a/docbook/reference/en/en-US/modules/identity-broker.xml b/docbook/reference/en/en-US/modules/identity-broker.xml
index 75df2c7572..2288ed75de 100755
--- a/docbook/reference/en/en-US/modules/identity-broker.xml
+++ b/docbook/reference/en/en-US/modules/identity-broker.xml
@@ -1246,6 +1246,24 @@ keycloak.createLoginUrl({
             the tool tips to see what each mapper can do for you.
         </para>
     </section>
+    
+    <section>
+        <title>Mapping/Importing User profile data from Social Identity Provider</title>
+        <para>
+            You can import user profile data provided by social identity providers like Google, GitHub, LinkedIn, Stackoverflow and Facebook 
+            into new Keycloak user created from given social accounts. After you configure a broker, you'll see a <literal>Mappers</literal>
+            button appear. Click on that and you'll get to the list of mappers that are assigned to this broker. There is a
+            <literal>Create</literal> button on this page. Clicking on this create button allows you to create a broker mapper.
+            "Attribute Importer" mapper allows you to define path in JSON user profile data provided by the provider to get value from. 
+            You can use dot notation for nesting and square brackets to access fields in array by index. For example 'contact.address[0].country'. 
+            Then you can define name of Keycloak's user profile attribute this value is stored into.
+				</para>
+				<para>             
+            To investigate structure of user profile JSON data provided by social providers you can enable <literal>DEBUG</literal> level for 
+            logger <literal>org.keycloak.social.user_profile_dump</literal> and login using given provider. Then you can find user profile 
+            JSON structure in Keycloak log file. 
+        </para>
+    </section>
 
     <section>
         <title>Examples</title>
diff --git a/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java b/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java
index ffce087c24..2c062124f3 100755
--- a/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java
+++ b/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java
@@ -3,10 +3,11 @@ package org.keycloak.social.facebook;
 import org.codehaus.jackson.JsonNode;
 import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
 import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
 import org.keycloak.broker.oidc.util.JsonSimpleHttp;
-import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.broker.provider.BrokeredIdentityContext;
 import org.keycloak.broker.provider.IdentityBrokerException;
+import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.social.SocialIdentityProvider;
 
 /**
@@ -14,63 +15,65 @@ import org.keycloak.social.SocialIdentityProvider;
  */
 public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider implements SocialIdentityProvider {
 
-    public static final String AUTH_URL = "https://graph.facebook.com/oauth/authorize";
-    public static final String TOKEN_URL = "https://graph.facebook.com/oauth/access_token";
-    public static final String PROFILE_URL = "https://graph.facebook.com/me";
-    public static final String DEFAULT_SCOPE = "email";
+	public static final String AUTH_URL = "https://graph.facebook.com/oauth/authorize";
+	public static final String TOKEN_URL = "https://graph.facebook.com/oauth/access_token";
+	public static final String PROFILE_URL = "https://graph.facebook.com/me";
+	public static final String DEFAULT_SCOPE = "email";
 
-    public FacebookIdentityProvider(OAuth2IdentityProviderConfig config) {
-        super(config);
-        config.setAuthorizationUrl(AUTH_URL);
-        config.setTokenUrl(TOKEN_URL);
-        config.setUserInfoUrl(PROFILE_URL);
-    }
+	public FacebookIdentityProvider(OAuth2IdentityProviderConfig config) {
+		super(config);
+		config.setAuthorizationUrl(AUTH_URL);
+		config.setTokenUrl(TOKEN_URL);
+		config.setUserInfoUrl(PROFILE_URL);
+	}
 
-    protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
-        try {
-            JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken));
+	protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
+		try {
+			JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken));
 
-            String id = getJsonProperty(profile, "id");
+			String id = getJsonProperty(profile, "id");
 
-            BrokeredIdentityContext user = new BrokeredIdentityContext(id);
+			BrokeredIdentityContext user = new BrokeredIdentityContext(id);
 
-            String email = getJsonProperty(profile, "email");
+			String email = getJsonProperty(profile, "email");
 
-            user.setEmail(email);
+			user.setEmail(email);
 
-            String username = getJsonProperty(profile, "username");
+			String username = getJsonProperty(profile, "username");
 
-            if (username == null) {
-                if (email != null) {
-                    username = email;
-                } else {
-                    username = id;
-                }
-            }
+			if (username == null) {
+				if (email != null) {
+					username = email;
+				} else {
+					username = id;
+				}
+			}
 
-            user.setUsername(username);
+			user.setUsername(username);
 
-            String firstName = getJsonProperty(profile, "first_name");
-            String lastName = getJsonProperty(profile, "last_name");
+			String firstName = getJsonProperty(profile, "first_name");
+			String lastName = getJsonProperty(profile, "last_name");
 
-            if (lastName == null) {
-                lastName = "";
-            } else {
-                lastName = " " + lastName;
-            }
+			if (lastName == null) {
+				lastName = "";
+			} else {
+				lastName = " " + lastName;
+			}
 
-            user.setName(firstName + lastName);
-            user.setIdpConfig(getConfig());
-            user.setIdp(this);
+			user.setName(firstName + lastName);
+			user.setIdpConfig(getConfig());
+			user.setIdp(this);
 
-            return user;
-        } catch (Exception e) {
-            throw new IdentityBrokerException("Could not obtain user profile from facebook.", e);
-        }
-    }
+			AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
 
-    @Override
-    protected String getDefaultScopes() {
-        return DEFAULT_SCOPE;
-    }
+			return user;
+		} catch (Exception e) {
+			throw new IdentityBrokerException("Could not obtain user profile from facebook.", e);
+		}
+	}
+
+	@Override
+	protected String getDefaultScopes() {
+		return DEFAULT_SCOPE;
+	}
 }
diff --git a/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookUserAttributeMapper.java b/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookUserAttributeMapper.java
new file mode 100644
index 0000000000..5a496573bb
--- /dev/null
+++ b/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookUserAttributeMapper.java
@@ -0,0 +1,29 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @authors tag. All rights reserved.
+ */
+package org.keycloak.social.facebook;
+
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
+
+/**
+ * User attribute mapper.
+ * 
+ * @author Vlastimil Elias (velias at redhat dot com)
+ */
+public class FacebookUserAttributeMapper extends AbstractJsonUserAttributeMapper {
+
+	private static final String[] cp = new String[] { FacebookIdentityProviderFactory.PROVIDER_ID };
+
+	@Override
+	public String[] getCompatibleProviders() {
+		return cp;
+	}
+
+	@Override
+	public String getId() {
+		return "facebook-user-attribute-mapper";
+	}
+
+}
diff --git a/social/facebook/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper b/social/facebook/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
new file mode 100755
index 0000000000..7e8f8aa9b6
--- /dev/null
+++ b/social/facebook/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
@@ -0,0 +1 @@
+org.keycloak.social.facebook.FacebookUserAttributeMapper
\ No newline at end of file
diff --git a/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java b/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
index cd36006976..b89d3b9c59 100755
--- a/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
+++ b/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
@@ -41,7 +41,7 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
 			user.setIdpConfig(getConfig());
 			user.setIdp(this);
 
-			AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile);
+			AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
 
 			return user;
 		} catch (Exception e) {
diff --git a/social/google/src/main/java/org/keycloak/social/google/GoogleUserAttributeMapper.java b/social/google/src/main/java/org/keycloak/social/google/GoogleUserAttributeMapper.java
new file mode 100644
index 0000000000..a2e7ef2946
--- /dev/null
+++ b/social/google/src/main/java/org/keycloak/social/google/GoogleUserAttributeMapper.java
@@ -0,0 +1,29 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @authors tag. All rights reserved.
+ */
+package org.keycloak.social.google;
+
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
+
+/**
+ * User attribute mapper.
+ * 
+ * @author Vlastimil Elias (velias at redhat dot com)
+ */
+public class GoogleUserAttributeMapper extends AbstractJsonUserAttributeMapper {
+
+	private static final String[] cp = new String[] { GoogleIdentityProviderFactory.PROVIDER_ID };
+
+	@Override
+	public String[] getCompatibleProviders() {
+		return cp;
+	}
+
+	@Override
+	public String getId() {
+		return "google-user-attribute-mapper";
+	}
+
+}
diff --git a/social/google/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper b/social/google/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
new file mode 100755
index 0000000000..f0a3d86a67
--- /dev/null
+++ b/social/google/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
@@ -0,0 +1 @@
+org.keycloak.social.google.GoogleUserAttributeMapper
\ No newline at end of file
diff --git a/social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java b/social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java
index d6b7108635..2f439c2135 100755
--- a/social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java
+++ b/social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java
@@ -25,10 +25,11 @@ import org.codehaus.jackson.JsonNode;
 import org.jboss.logging.Logger;
 import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
 import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
 import org.keycloak.broker.oidc.util.JsonSimpleHttp;
-import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.broker.provider.BrokeredIdentityContext;
 import org.keycloak.broker.provider.IdentityBrokerException;
+import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.social.SocialIdentityProvider;
 
 /**
@@ -58,16 +59,18 @@ public class LinkedInIdentityProvider extends AbstractOAuth2IdentityProvider imp
 		try {
 			JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken));
 
-            BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"));
+			BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"));
 
-            String username = extractUsernameFromProfileURL(getJsonProperty(profile, "publicProfileUrl"));
-            user.setUsername(username);
+			String username = extractUsernameFromProfileURL(getJsonProperty(profile, "publicProfileUrl"));
+			user.setUsername(username);
 			user.setName(getJsonProperty(profile, "formattedName"));
 			user.setEmail(getJsonProperty(profile, "emailAddress"));
-            user.setIdpConfig(getConfig());
-            user.setIdp(this);
+			user.setIdpConfig(getConfig());
+			user.setIdp(this);
 
-            return user;
+			AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
+
+			return user;
 		} catch (Exception e) {
 			throw new IdentityBrokerException("Could not obtain user profile from linkedIn.", e);
 		}
diff --git a/social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInUserAttributeMapper.java b/social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInUserAttributeMapper.java
new file mode 100644
index 0000000000..9bc89e7e50
--- /dev/null
+++ b/social/linkedin/src/main/java/org/keycloak/social/linkedin/LinkedInUserAttributeMapper.java
@@ -0,0 +1,29 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @authors tag. All rights reserved.
+ */
+package org.keycloak.social.linkedin;
+
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
+
+/**
+ * User attribute mapper.
+ * 
+ * @author Vlastimil Elias (velias at redhat dot com)
+ */
+public class LinkedInUserAttributeMapper extends AbstractJsonUserAttributeMapper {
+
+	private static final String[] cp = new String[] { LinkedInIdentityProviderFactory.PROVIDER_ID };
+
+	@Override
+	public String[] getCompatibleProviders() {
+		return cp;
+	}
+
+	@Override
+	public String getId() {
+		return "linkedin-user-attribute-mapper";
+	}
+
+}
diff --git a/social/linkedin/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper b/social/linkedin/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
new file mode 100755
index 0000000000..61b7730c0b
--- /dev/null
+++ b/social/linkedin/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
@@ -0,0 +1 @@
+org.keycloak.social.linkedin.LinkedInUserAttributeMapper
\ No newline at end of file
diff --git a/social/stackoverflow/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java b/social/stackoverflow/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java
index 280753bf21..ab9b97a609 100755
--- a/social/stackoverflow/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java
+++ b/social/stackoverflow/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java
@@ -26,10 +26,11 @@ import java.util.HashMap;
 import org.codehaus.jackson.JsonNode;
 import org.jboss.logging.Logger;
 import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
 import org.keycloak.broker.oidc.util.JsonSimpleHttp;
-import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.broker.provider.BrokeredIdentityContext;
 import org.keycloak.broker.provider.IdentityBrokerException;
+import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.social.SocialIdentityProvider;
 
 /**
@@ -37,8 +38,7 @@ import org.keycloak.social.SocialIdentityProvider;
  * 
  * @author Vlastimil Elias (velias at redhat dot com)
  */
-public class StackoverflowIdentityProvider extends AbstractOAuth2IdentityProvider<StackOverflowIdentityProviderConfig>
-		implements SocialIdentityProvider<StackOverflowIdentityProviderConfig> {
+public class StackoverflowIdentityProvider extends AbstractOAuth2IdentityProvider<StackOverflowIdentityProviderConfig> implements SocialIdentityProvider<StackOverflowIdentityProviderConfig> {
 
 	private static final Logger log = Logger.getLogger(StackoverflowIdentityProvider.class);
 
@@ -54,8 +54,6 @@ public class StackoverflowIdentityProvider extends AbstractOAuth2IdentityProvide
 		config.setUserInfoUrl(PROFILE_URL);
 	}
 
-
-
 	@Override
 	protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
 		log.debug("doGetFederatedIdentity()");
@@ -67,18 +65,19 @@ public class StackoverflowIdentityProvider extends AbstractOAuth2IdentityProvide
 			}
 			JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL)).get("items").get(0);
 
-            BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "user_id"));
+			BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "user_id"));
 
-            String username = extractUsernameFromProfileURL(getJsonProperty(profile, "link"));
-            user.setUsername(username);
+			String username = extractUsernameFromProfileURL(getJsonProperty(profile, "link"));
+			user.setUsername(username);
 			user.setName(unescapeHtml3(getJsonProperty(profile, "display_name")));
 			// email is not provided
 			// user.setEmail(getJsonProperty(profile, "email"));
-            user.setIdpConfig(getConfig());
-            user.setIdp(this);
+			user.setIdpConfig(getConfig());
+			user.setIdp(this);
 
+			AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
 
-            return user;
+			return user;
 		} catch (Exception e) {
 			throw new IdentityBrokerException("Could not obtain user profile from Stackoverflow: " + e.getMessage(), e);
 		}
diff --git a/social/stackoverflow/src/main/java/org/keycloak/social/stackoverflow/StackoverflowUserAttributeMapper.java b/social/stackoverflow/src/main/java/org/keycloak/social/stackoverflow/StackoverflowUserAttributeMapper.java
new file mode 100644
index 0000000000..5fe3b97cbd
--- /dev/null
+++ b/social/stackoverflow/src/main/java/org/keycloak/social/stackoverflow/StackoverflowUserAttributeMapper.java
@@ -0,0 +1,29 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @authors tag. All rights reserved.
+ */
+package org.keycloak.social.stackoverflow;
+
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
+
+/**
+ * User attribute mapper.
+ * 
+ * @author Vlastimil Elias (velias at redhat dot com)
+ */
+public class StackoverflowUserAttributeMapper extends AbstractJsonUserAttributeMapper {
+
+	private static final String[] cp = new String[] { StackoverflowIdentityProviderFactory.PROVIDER_ID };
+
+	@Override
+	public String[] getCompatibleProviders() {
+		return cp;
+	}
+
+	@Override
+	public String getId() {
+		return "stackoverflow-user-attribute-mapper";
+	}
+
+}
diff --git a/social/stackoverflow/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper b/social/stackoverflow/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
new file mode 100755
index 0000000000..b7a3a5e322
--- /dev/null
+++ b/social/stackoverflow/src/main/resources/META-INF/services/org.keycloak.broker.provider.IdentityProviderMapper
@@ -0,0 +1 @@
+org.keycloak.social.stackoverflow.StackoverflowUserAttributeMapper
\ No newline at end of file

From 01e232158b2670b7df9a91c5428c803a324000d4 Mon Sep 17 00:00:00 2001
From: Lukas Kubik <lkubik@redhat.com>
Date: Tue, 9 Jun 2015 15:16:34 +0200
Subject: [PATCH 15/53] Add new .gitattributes file

---
 .gitattributes | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 .gitattributes

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000000..357df818b2
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,42 @@
+# Handle line endings automatically for files detected as text
+# and leave all files detected as binary untouched.
+* text=auto
+
+#
+# The above will handle all files NOT found below
+#
+# These files are text and should be normalized (Convert crlf => lf)
+*.css           text
+*.df            text
+*.htm           text
+*.html          text
+*.java          text
+*.js            text
+*.json          text
+*.jsp           text
+*.jspf          text
+*.properties    text
+*.sh            text
+*.svg           text
+*.tld           text
+*.txt           text
+*.xml           text
+*.xsl           text
+
+# These files are binary and should be left untouched
+# (binary is a macro for -text -diff)
+*.class         binary
+*.dll           binary
+*.ear           binary
+*.gif           binary
+*.ico           binary
+*.jar           binary
+*.jpg           binary
+*.jpeg          binary
+*.png           binary
+*.so            binary
+*.war           binary
+*.ttf           binary
+*.eot           binary
+*.otf           binary
+*.wof           binary

From bf686bd7914deeea81420c60130e24164f576ab6 Mon Sep 17 00:00:00 2001
From: Lukas Kubik <lkubik@redhat.com>
Date: Tue, 9 Jun 2015 15:19:36 +0200
Subject: [PATCH 16/53] Revert "Add new .gitattributes file"

This reverts commit 01e232158b2670b7df9a91c5428c803a324000d4.
---
 .gitattributes | 42 ------------------------------------------
 1 file changed, 42 deletions(-)
 delete mode 100644 .gitattributes

diff --git a/.gitattributes b/.gitattributes
deleted file mode 100644
index 357df818b2..0000000000
--- a/.gitattributes
+++ /dev/null
@@ -1,42 +0,0 @@
-# Handle line endings automatically for files detected as text
-# and leave all files detected as binary untouched.
-* text=auto
-
-#
-# The above will handle all files NOT found below
-#
-# These files are text and should be normalized (Convert crlf => lf)
-*.css           text
-*.df            text
-*.htm           text
-*.html          text
-*.java          text
-*.js            text
-*.json          text
-*.jsp           text
-*.jspf          text
-*.properties    text
-*.sh            text
-*.svg           text
-*.tld           text
-*.txt           text
-*.xml           text
-*.xsl           text
-
-# These files are binary and should be left untouched
-# (binary is a macro for -text -diff)
-*.class         binary
-*.dll           binary
-*.ear           binary
-*.gif           binary
-*.ico           binary
-*.jar           binary
-*.jpg           binary
-*.jpeg          binary
-*.png           binary
-*.so            binary
-*.war           binary
-*.ttf           binary
-*.eot           binary
-*.otf           binary
-*.wof           binary

From bc93066fe3fac521899d00f55c52a85952623582 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Tue, 9 Jun 2015 15:34:52 +0200
Subject: [PATCH 17/53] KEYCLOAK-1401 Fix oracle and sybase - step 1

---
 .../main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml   | 6 +++---
 .../models/jpa/entities/IdentityProviderEntity.java         | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
index e7b9ade368..86b9d75fa2 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
@@ -112,13 +112,13 @@
         </addColumn>
         <addColumn tableName="IDENTITY_PROVIDER">
             <column name="TRUST_EMAIL" type="BOOLEAN" defaultValueBoolean="false"/>
-            <column name="UPDATE_PROFILE_FIRST_LOGIN_MODE" type="VARCHAR(10)" defaultValue="on">
+            <column name="UPDATE_PROFILE_FIRST_LGN_MD" type="VARCHAR(10)" defaultValue="on">
                 <constraints nullable="false"/>
             </column>
         </addColumn>
-        <!-- migrate value from UPDATE_PROFILE_FIRST_LOGIN to UPDATE_PROFILE_FIRST_LOGIN_MODE then drop it -->
+        <!-- migrate value from UPDATE_PROFILE_FIRST_LOGIN to UPDATE_PROFILE_FIRST_LGN_MD then drop it -->
         <update tableName="IDENTITY_PROVIDER">
-            <column name="UPDATE_PROFILE_FIRST_LOGIN_MODE" value="off"/>
+            <column name="UPDATE_PROFILE_FIRST_LGN_MD" value="off"/>
             <where>UPDATE_PROFILE_FIRST_LOGIN = false</where>
         </update>
         <dropColumn tableName="IDENTITY_PROVIDER" columnName="UPDATE_PROFILE_FIRST_LOGIN"/>
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java
index 4cfefb4ad1..eeef707d8c 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java
@@ -41,7 +41,7 @@ public class IdentityProviderEntity {
     @Column(name="ENABLED")
     private boolean enabled;
 
-    @Column(name = "UPDATE_PROFILE_FIRST_LOGIN_MODE")
+    @Column(name = "UPDATE_PROFILE_FIRST_LGN_MD")
     private String updateProfileFirstLoginMode;
 
     @Column(name = "TRUST_EMAIL")

From 245edcb5b92eaf38ad5856aa12b94f0c09521889 Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Tue, 9 Jun 2015 11:54:42 +0200
Subject: [PATCH 18/53] KEYCLOAK-1418 Re-enable server-overlay  - it's based on
 server-dist for Wildfly 9 in order to reuse server-feature-pack - no
 dependency on distribution/modules

---
 .../layers/base/sun/jdk/jgss/main/module.xml  | 19 +++++
 distribution/pom.xml                          |  2 +-
 distribution/server-overlay/assembly.xml      | 40 +++++++----
 distribution/server-overlay/pom.xml           | 67 +++--------------
 .../src/main/keycloak-server.json             | 72 -------------------
 .../src/main/providers/README.txt             |  2 -
 .../server-overlay/src/main/themes/README.txt |  3 -
 .../src/main/xslt/standalone.xsl              | 54 --------------
 8 files changed, 57 insertions(+), 202 deletions(-)
 create mode 100644 distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/sun/jdk/jgss/main/module.xml
 delete mode 100644 distribution/server-overlay/src/main/keycloak-server.json
 delete mode 100644 distribution/server-overlay/src/main/providers/README.txt
 delete mode 100644 distribution/server-overlay/src/main/themes/README.txt
 delete mode 100755 distribution/server-overlay/src/main/xslt/standalone.xsl

diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/sun/jdk/jgss/main/module.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/sun/jdk/jgss/main/module.xml
new file mode 100644
index 0000000000..6df03ff4ba
--- /dev/null
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/sun/jdk/jgss/main/module.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="sun.jdk.jgss">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <system export="true">
+            <paths>
+                <path name="sun/security/jgss" />
+                <path name="sun/security/jgss/spi" />
+                <path name="sun/security/jgss/krb5" />
+            </paths>
+        </system>
+    </dependencies>
+
+</module>
\ No newline at end of file
diff --git a/distribution/pom.xml b/distribution/pom.xml
index 3b7a66f869..02718299de 100755
--- a/distribution/pom.xml
+++ b/distribution/pom.xml
@@ -34,7 +34,7 @@
         <module>modules</module>
         <module>proxy-dist</module>
         <module>server-dist</module>
-        <!--<module>server-overlay</module>-->
+        <module>server-overlay</module>
         <module>src-dist</module>
         <module>subsystem-war</module>
         <module>feature-packs</module>
diff --git a/distribution/server-overlay/assembly.xml b/distribution/server-overlay/assembly.xml
index f8424b1d93..6efb409247 100755
--- a/distribution/server-overlay/assembly.xml
+++ b/distribution/server-overlay/assembly.xml
@@ -10,20 +10,38 @@
 
     <fileSets>
         <fileSet>
-            <directory>${project.build.directory}/unpacked/modules</directory>
-            <outputDirectory>modules</outputDirectory>
+            <directory>${project.build.directory}/unpacked/keycloak-${project.version}/modules/system/layers/base</directory>
+            <outputDirectory>modules/system/layers/base</outputDirectory>
+            <includes>
+                <include>com/google/zxing/**</include>
+                <include>de/idyl/winzipaes/**</include>
+                <include>net/iharder/**</include>
+                <include>org/freemarker/**</include>
+                <include>org/keycloak/**</include>
+                <include>org/liquibase/**</include>
+                <include>org/mongodb/**</include>
+                <include>org/twitter4j/**</include>
+                <include>sun/jdk/jgss/**</include>
+            </includes>
         </fileSet>
         <fileSet>
-            <directory>${project.build.directory}/unpacked/content</directory>
+            <directory>${project.build.directory}/unpacked/keycloak-${project.version}/content</directory>
             <outputDirectory></outputDirectory>
         </fileSet>
         <fileSet>
-            <directory>../../forms/common-themes/src/main/resources/theme</directory>
+            <directory>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/themes</directory>
             <outputDirectory>standalone/configuration/themes</outputDirectory>
             <includes>
                 <include>**/**</include>
             </includes>
         </fileSet>
+        <fileSet>
+            <directory>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/providers</directory>
+            <outputDirectory>standalone/configuration/providers</outputDirectory>
+            <includes>
+                <include>**/**</include>
+            </includes>
+        </fileSet>
         <fileSet>
             <directory>../../</directory>
             <includes>
@@ -31,25 +49,19 @@
             </includes>
             <outputDirectory></outputDirectory>
         </fileSet>
+
     </fileSets>
 
     <files>
         <file>
-            <source>${project.build.directory}/unpacked/wildfly-${wildfly.version}/standalone/configuration/standalone.xml</source>
+            <source>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/standalone.xml</source>
             <outputDirectory>standalone/configuration</outputDirectory>
             <destName>standalone-keycloak.xml</destName>
         </file>
         <file>
-            <source>src/main/keycloak-server.json</source>
+            <source>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/keycloak-server.json</source>
             <outputDirectory>standalone/configuration</outputDirectory>
         </file>
-        <file>
-            <source>src/main/themes/README.txt</source>
-            <outputDirectory>standalone/configuration/themes</outputDirectory>
-        </file>
-        <file>
-            <source>src/main/providers/README.txt</source>
-            <outputDirectory>standalone/configuration/providers</outputDirectory>
-        </file>
     </files>
+
 </assembly>
diff --git a/distribution/server-overlay/pom.xml b/distribution/server-overlay/pom.xml
index a066b2c095..7ab8862188 100755
--- a/distribution/server-overlay/pom.xml
+++ b/distribution/server-overlay/pom.xml
@@ -10,49 +10,27 @@
 
     <artifactId>keycloak-server-overlay</artifactId>
     <packaging>pom</packaging>
-    <name>Keycloak Server Overlay</name>
+    <name>Keycloak Server Overlay Distribution</name>
     <description/>
 
     <dependencies>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-jboss-modules</artifactId>
-            <type>zip</type>
-        </dependency>
-        <dependency>
-            <groupId>org.wildfly</groupId>
-            <artifactId>wildfly-dist</artifactId>
+            <artifactId>keycloak-server-dist</artifactId>
             <type>zip</type>
         </dependency>
     </dependencies>
 
     <build>
         <finalName>keycloak-overlay-${project.version}</finalName>
+
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-dependency-plugin</artifactId>
                 <executions>
                     <execution>
-                        <id>unpack-standalone-xml</id>
-                        <phase>prepare-package</phase>
-                        <goals>
-                            <goal>unpack</goal>
-                        </goals>
-                        <configuration>
-                            <artifactItems>
-                                <artifactItem>
-                                    <groupId>org.wildfly</groupId>
-                                    <artifactId>wildfly-dist</artifactId>
-                                    <type>zip</type>
-                                    <outputDirectory>${project.build.directory}/unpacked</outputDirectory>
-                                </artifactItem>
-                            </artifactItems>
-                            <includes>*/standalone/configuration/standalone.xml</includes>
-                        </configuration>
-                    </execution>
-                    <execution>
-                        <id>unpack-module</id>
+                        <id>unpack-server-dist</id>
                         <phase>prepare-package</phase>
                         <goals>
                             <goal>unpack</goal>
@@ -61,9 +39,9 @@
                             <artifactItems>
                                 <artifactItem>
                                     <groupId>org.keycloak</groupId>
-                                    <artifactId>keycloak-jboss-modules</artifactId>
+                                    <artifactId>keycloak-server-dist</artifactId>
                                     <type>zip</type>
-                                    <outputDirectory>${project.build.directory}/unpacked/modules</outputDirectory>
+                                    <outputDirectory>${project.build.directory}/unpacked</outputDirectory>
                                 </artifactItem>
                             </artifactItems>
                         </configuration>
@@ -71,32 +49,7 @@
                 </executions>
             </plugin>
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>xml-maven-plugin</artifactId>
-                <version>1.0</version>
-                <executions>
-                    <execution>
-                        <id>generate-resources</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>transform</goal>
-                        </goals>
-                        <configuration>
-                            <transformationSets>
-                                <transformationSet>
-                                    <dir>${project.build.directory}/unpacked/wildfly-${wildfly.version}/standalone/configuration</dir>
-                                    <stylesheet>src/main/xslt/standalone.xsl</stylesheet>
-                                    <includes>
-                                        <include>standalone.xml</include>
-                                    </includes>
-                                    <outputDir>${project.build.directory}/unpacked/wildfly-${wildfly.version}/standalone/configuration</outputDir>
-                                </transformationSet>
-                            </transformationSets>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-assembly-plugin</artifactId>
                 <executions>
                     <execution>
@@ -109,9 +62,11 @@
                             <descriptors>
                                 <descriptor>assembly.xml</descriptor>
                             </descriptors>
-                            <outputDirectory>target</outputDirectory>
-                            <workDirectory>target/assembly/work</workDirectory>
+                            <recompressZippedFiles>true</recompressZippedFiles>
+                            <finalName>${project.build.finalName}</finalName>
                             <appendAssemblyId>false</appendAssemblyId>
+                            <outputDirectory>${project.build.directory}</outputDirectory>
+                            <workDirectory>${project.build.directory}/assembly/work</workDirectory>
                             <tarLongFileMode>gnu</tarLongFileMode>
                         </configuration>
                     </execution>
diff --git a/distribution/server-overlay/src/main/keycloak-server.json b/distribution/server-overlay/src/main/keycloak-server.json
deleted file mode 100644
index 9f0d03ea5d..0000000000
--- a/distribution/server-overlay/src/main/keycloak-server.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-    "admin": {
-        "realm": "master"
-    },
-
-    "eventsStore": {
-        "provider": "jpa",
-        "jpa": {
-            "exclude-events": [ "REFRESH_TOKEN" ]
-        }
-    },
-
-    "realm": {
-        "provider": "jpa"
-    },
-
-    "user": {
-        "provider": "jpa"
-    },
-
-    "userSessions": {
-        "provider" : "mem"
-    },
-
-    "realmCache": {
-        "provider": "mem"
-    },
-
-    "userCache": {
-        "provider": "mem",
-        "mem": {
-            "maxSize": 20000
-        }
-    },
-
-    "timer": {
-        "provider": "basic"
-    },
-
-    "theme": {
-        "default": "keycloak",
-        "staticMaxAge": 2592000,
-        "cacheTemplates": true,
-        "cacheThemes": true,
-        "folder": {
-          "dir": "${jboss.server.config.dir}/themes"
-        }
-    },
-
-    "login": {
-        "provider": "freemarker"
-    },
-
-    "account": {
-        "provider": "freemarker"
-    },
-
-    "email": {
-        "provider": "freemarker"
-    },
-
-    "scheduled": {
-        "interval": 900
-    },
-
-    "connectionsJpa": {
-        "default": {
-            "dataSource": "java:jboss/datasources/KeycloakDS",
-            "databaseSchema": "update"
-        }
-    }
-}
\ No newline at end of file
diff --git a/distribution/server-overlay/src/main/providers/README.txt b/distribution/server-overlay/src/main/providers/README.txt
deleted file mode 100644
index a6d523b43f..0000000000
--- a/distribution/server-overlay/src/main/providers/README.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Any provider implementation jars and libraries in this folder will be loaded by Keycloak. See the providers
-section in the documentation for more details.
\ No newline at end of file
diff --git a/distribution/server-overlay/src/main/themes/README.txt b/distribution/server-overlay/src/main/themes/README.txt
deleted file mode 100644
index 705b73ac69..0000000000
--- a/distribution/server-overlay/src/main/themes/README.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Themes to configure the look and feel of login pages and account management console. It's not recommended to
-modify existing the built-in themes, instead you should create a new theme that extends a built-in theme. See the theme
-section in the documentation for more details.
\ No newline at end of file
diff --git a/distribution/server-overlay/src/main/xslt/standalone.xsl b/distribution/server-overlay/src/main/xslt/standalone.xsl
deleted file mode 100755
index dd17b23830..0000000000
--- a/distribution/server-overlay/src/main/xslt/standalone.xsl
+++ /dev/null
@@ -1,54 +0,0 @@
-<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
-                xmlns:xalan="http://xml.apache.org/xalan"
-                xmlns:j="urn:jboss:domain:3.0"
-                xmlns:ds="urn:jboss:domain:datasources:3.0"
-                xmlns:k="urn:jboss:domain:keycloak:1.1"
-                version="2.0"
-                exclude-result-prefixes="xalan j ds k">
-
-    <xsl:param name="config"/>
-
-    <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
-    <xsl:strip-space elements="*"/>
-
-    <xsl:template match="//j:extensions">
-        <xsl:copy>
-            <xsl:apply-templates select="node()|@*"/>
-            <extension module="org.keycloak.keycloak-server-subsystem"/>
-        </xsl:copy>
-    </xsl:template>
-
-    <xsl:template match="//ds:datasources">
-        <xsl:copy>
-            <xsl:apply-templates select="node()[name(.)='datasource']"/>
-            <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
-                <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
-                <driver>h2</driver>
-                <security>
-                    <user-name>sa</user-name>
-                    <password>sa</password>
-                </security>
-            </datasource>
-            <xsl:apply-templates select="node()[name(.)='drivers']"/>
-        </xsl:copy>
-    </xsl:template>
-
-    <xsl:template match="//j:profile">
-        <xsl:copy>
-            <xsl:apply-templates select="node()|@*"/>
-            <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
-                <auth-server name="main-auth-server">
-                    <enabled>true</enabled>
-                    <web-context>auth</web-context>
-                </auth-server>
-            </subsystem>
-        </xsl:copy>
-    </xsl:template>
-
-    <xsl:template match="@*|node()">
-        <xsl:copy>
-            <xsl:apply-templates select="@*|node()" />
-        </xsl:copy>
-    </xsl:template>
-
-</xsl:stylesheet>
\ No newline at end of file

From e6928c6456d59bd840ca446bee7008ed9374750b Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Tue, 9 Jun 2015 15:50:01 +0200
Subject: [PATCH 19/53] KEYCLOAK-1417 Re-enable demo-dist

---
 distribution/demo-dist/assembly.xml           | 21 +++++-
 distribution/demo-dist/pom.xml                | 30 ++++++--
 .../demo-dist/src/main/keycloak-server.json   | 72 -------------------
 .../demo-dist/src/main/providers/README.txt   |  2 -
 .../demo-dist/src/main/themes/README.txt      |  3 -
 .../demo-dist/src/main/xslt/standalone.xsl    |  6 +-
 distribution/pom.xml                          |  2 +-
 pom.xml                                       |  6 ++
 8 files changed, 55 insertions(+), 87 deletions(-)
 delete mode 100644 distribution/demo-dist/src/main/keycloak-server.json
 delete mode 100644 distribution/demo-dist/src/main/providers/README.txt
 delete mode 100644 distribution/demo-dist/src/main/themes/README.txt

diff --git a/distribution/demo-dist/assembly.xml b/distribution/demo-dist/assembly.xml
index f00bfea444..5a6be78a2a 100755
--- a/distribution/demo-dist/assembly.xml
+++ b/distribution/demo-dist/assembly.xml
@@ -14,7 +14,6 @@
             <outputDirectory>keycloak</outputDirectory>
             <excludes>
                 <exclude>**/*.sh</exclude>
-                <exclude>standalone/configuration/standalone-keycloak.xml</exclude>
             </excludes>
         </fileSet>
         <fileSet>
@@ -25,6 +24,20 @@
             </includes>
             <fileMode>0755</fileMode>
         </fileSet>
+        <fileSet>
+            <directory>${project.build.directory}/unpacked/keycloak-server-overlay-${project.version}</directory>
+            <outputDirectory>keycloak</outputDirectory>
+            <excludes>
+                <exclude>standalone/configuration/standalone-keycloak.xml</exclude>
+            </excludes>
+        </fileSet>
+        <fileSet>
+            <directory>${project.build.directory}/unpacked/keycloak-wf9-adapter-${project.version}</directory>
+            <outputDirectory>keycloak</outputDirectory>
+            <excludes>
+                <exclude>standalone/configuration/standalone-keycloak.xml</exclude>
+            </excludes>
+        </fileSet>
         <fileSet>
             <directory>${project.build.directory}/unpacked/keycloak-docs-${project.version}</directory>
             <outputDirectory>docs</outputDirectory>
@@ -34,5 +47,11 @@
             <outputDirectory>examples</outputDirectory>
         </fileSet>
     </fileSets>
+    <files>
+        <file>
+            <source>${project.build.directory}/unpacked/standalone.xml</source>
+            <outputDirectory>keycloak/standalone/configuration</outputDirectory>
+        </file>
+    </files>
 
 </assembly>
diff --git a/distribution/demo-dist/pom.xml b/distribution/demo-dist/pom.xml
index 37e4bdc727..e5394f1f84 100755
--- a/distribution/demo-dist/pom.xml
+++ b/distribution/demo-dist/pom.xml
@@ -16,7 +16,12 @@
     <dependencies>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-server-dist</artifactId>
+            <artifactId>keycloak-server-overlay</artifactId>
+            <type>zip</type>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-wf9-adapter-dist</artifactId>
             <type>zip</type>
         </dependency>
         <dependency>
@@ -63,7 +68,7 @@
                         </configuration>
                     </execution>
                     <execution>
-                        <id>unpack-server-overlay</id>
+                        <id>unpack-server</id>
                         <phase>prepare-package</phase>
                         <goals>
                             <goal>unpack</goal>
@@ -74,7 +79,24 @@
                                     <groupId>org.keycloak</groupId>
                                     <artifactId>keycloak-server-overlay</artifactId>
                                     <type>zip</type>
-                                    <outputDirectory>${project.build.directory}/unpacked/wildfly-${wildfly.version}</outputDirectory>
+                                    <outputDirectory>${project.build.directory}/unpacked/keycloak-server-overlay-${project.version}</outputDirectory>
+                                </artifactItem>
+                            </artifactItems>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>unpack-adapter</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>unpack</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.keycloak</groupId>
+                                    <artifactId>keycloak-wf9-adapter-dist</artifactId>
+                                    <type>zip</type>
+                                    <outputDirectory>${project.build.directory}/unpacked/keycloak-wf9-adapter-${project.version}</outputDirectory>
                                 </artifactItem>
                             </artifactItems>
                         </configuration>
@@ -134,7 +156,7 @@
                                     <includes>
                                         <include>standalone.xml</include>
                                     </includes>
-                                    <outputDir>${project.build.directory}/unpacked/wildfly-${wildfly.version}/standalone/configuration</outputDir>
+                                    <outputDir>${project.build.directory}/unpacked/</outputDir>
                                 </transformationSet>
                             </transformationSets>
                         </configuration>
diff --git a/distribution/demo-dist/src/main/keycloak-server.json b/distribution/demo-dist/src/main/keycloak-server.json
deleted file mode 100644
index 9f0d03ea5d..0000000000
--- a/distribution/demo-dist/src/main/keycloak-server.json
+++ /dev/null
@@ -1,72 +0,0 @@
-{
-    "admin": {
-        "realm": "master"
-    },
-
-    "eventsStore": {
-        "provider": "jpa",
-        "jpa": {
-            "exclude-events": [ "REFRESH_TOKEN" ]
-        }
-    },
-
-    "realm": {
-        "provider": "jpa"
-    },
-
-    "user": {
-        "provider": "jpa"
-    },
-
-    "userSessions": {
-        "provider" : "mem"
-    },
-
-    "realmCache": {
-        "provider": "mem"
-    },
-
-    "userCache": {
-        "provider": "mem",
-        "mem": {
-            "maxSize": 20000
-        }
-    },
-
-    "timer": {
-        "provider": "basic"
-    },
-
-    "theme": {
-        "default": "keycloak",
-        "staticMaxAge": 2592000,
-        "cacheTemplates": true,
-        "cacheThemes": true,
-        "folder": {
-          "dir": "${jboss.server.config.dir}/themes"
-        }
-    },
-
-    "login": {
-        "provider": "freemarker"
-    },
-
-    "account": {
-        "provider": "freemarker"
-    },
-
-    "email": {
-        "provider": "freemarker"
-    },
-
-    "scheduled": {
-        "interval": 900
-    },
-
-    "connectionsJpa": {
-        "default": {
-            "dataSource": "java:jboss/datasources/KeycloakDS",
-            "databaseSchema": "update"
-        }
-    }
-}
\ No newline at end of file
diff --git a/distribution/demo-dist/src/main/providers/README.txt b/distribution/demo-dist/src/main/providers/README.txt
deleted file mode 100644
index a6d523b43f..0000000000
--- a/distribution/demo-dist/src/main/providers/README.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Any provider implementation jars and libraries in this folder will be loaded by Keycloak. See the providers
-section in the documentation for more details.
\ No newline at end of file
diff --git a/distribution/demo-dist/src/main/themes/README.txt b/distribution/demo-dist/src/main/themes/README.txt
deleted file mode 100644
index 705b73ac69..0000000000
--- a/distribution/demo-dist/src/main/themes/README.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Themes to configure the look and feel of login pages and account management console. It's not recommended to
-modify existing the built-in themes, instead you should create a new theme that extends a built-in theme. See the theme
-section in the documentation for more details.
\ No newline at end of file
diff --git a/distribution/demo-dist/src/main/xslt/standalone.xsl b/distribution/demo-dist/src/main/xslt/standalone.xsl
index 5de72afe94..bc0233a99e 100755
--- a/distribution/demo-dist/src/main/xslt/standalone.xsl
+++ b/distribution/demo-dist/src/main/xslt/standalone.xsl
@@ -39,11 +39,9 @@
         <xsl:copy>
             <xsl:apply-templates select="node()|@*"/>
             <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
-                <auth-server name="main-auth-server">
-                    <enabled>true</enabled>
-                    <web-context>auth</web-context>
-                </auth-server>
+                <web-context>auth</web-context>
             </subsystem>
+            <subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>
         </xsl:copy>
     </xsl:template>
 
diff --git a/distribution/pom.xml b/distribution/pom.xml
index 02718299de..68f19b540e 100755
--- a/distribution/pom.xml
+++ b/distribution/pom.xml
@@ -28,7 +28,7 @@
 
     <modules>
         <module>adapters</module>
-        <!--<module>demo-dist</module>-->
+        <module>demo-dist</module>
         <module>docs-dist</module>
         <module>examples-dist</module>
         <module>modules</module>
diff --git a/pom.xml b/pom.xml
index 68471dc512..a8dcdb715b 100755
--- a/pom.xml
+++ b/pom.xml
@@ -1106,6 +1106,12 @@
                 <version>${project.version}</version>
                 <type>zip</type>
             </dependency>
+            <dependency>
+                <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-wf9-adapter-dist</artifactId>
+                <version>${project.version}</version>
+                <type>zip</type>
+            </dependency>
             <dependency>
                 <groupId>org.keycloak</groupId>
                 <artifactId>keycloak-server-overlay</artifactId>

From 9a5ca4d36715bbb9cb5df1b945c47f54688a2589 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Tue, 9 Jun 2015 15:58:13 +0200
Subject: [PATCH 20/53] Minor improve in error messages and tests

---
 .../oidc/endpoints/TokenEndpoint.java         |   2 +-
 .../oidc/utils/AuthorizeClientUtil.java       |   2 +-
 .../org/keycloak/testsuite/OAuthClient.java   | 258 ++++++++++--------
 ...urceOwnerPasswordCredentialsGrantTest.java |  22 ++
 4 files changed, 164 insertions(+), 120 deletions(-)

diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
index 53c74c96b1..66d399592d 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
@@ -151,7 +151,7 @@ public class TokenEndpoint {
             if (legacyGrantType != null) {
                 grantType = legacyGrantType;
             } else {
-                throw new ErrorResponseException("invalid_request", "Missing query parameter: " + OIDCLoginProtocol.GRANT_TYPE_PARAM, Response.Status.BAD_REQUEST);
+                throw new ErrorResponseException("invalid_request", "Missing form parameter: " + OIDCLoginProtocol.GRANT_TYPE_PARAM, Response.Status.BAD_REQUEST);
             }
         }
 
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/utils/AuthorizeClientUtil.java b/services/src/main/java/org/keycloak/protocol/oidc/utils/AuthorizeClientUtil.java
index a8a9e2a495..0626f1c015 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/utils/AuthorizeClientUtil.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/utils/AuthorizeClientUtil.java
@@ -39,7 +39,7 @@ public class AuthorizeClientUtil {
         if (client_id == null) {
             Map<String, String> error = new HashMap<String, String>();
             error.put(OAuth2Constants.ERROR, "invalid_client");
-            error.put(OAuth2Constants.ERROR_DESCRIPTION, "Could not find client");
+            error.put(OAuth2Constants.ERROR_DESCRIPTION, "Missing client_id parameter");
             throw new BadRequestException("Could not find client", Response.status(Response.Status.BAD_REQUEST).entity(error).type(MediaType.APPLICATION_JSON_TYPE).build());
         }
 
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
index 4e4f57a030..2ad8e1be87 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
@@ -28,6 +28,7 @@ import org.apache.http.client.HttpClient;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.utils.URLEncodedUtils;
+import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.message.BasicNameValuePair;
 import org.json.JSONObject;
@@ -113,143 +114,164 @@ public class OAuthClient {
     }
 
     public AccessTokenResponse doAccessTokenRequest(String code, String password) {
-        HttpClient client = new DefaultHttpClient();
-        HttpPost post = new HttpPost(getAccessTokenUrl());
-
-        List<NameValuePair> parameters = new LinkedList<NameValuePair>();
-        parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.AUTHORIZATION_CODE));
-
-        if (code != null) {
-            parameters.add(new BasicNameValuePair(OAuth2Constants.CODE, code));
-        }
-        if (redirectUri != null) {
-            parameters.add(new BasicNameValuePair(OAuth2Constants.REDIRECT_URI, redirectUri));
-        }
-        if (clientId != null && password != null) {
-            String authorization = BasicAuthHelper.createHeader(clientId, password);
-            post.setHeader("Authorization", authorization);
-        }
-        else if (clientId != null) {
-            parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
-        }
-
-        if(clientSessionState != null) {
-            parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState));
-        }
-
-        if(clientSessionHost != null) {
-            parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost));
-        }
-
-        UrlEncodedFormEntity formEntity = null;
+        CloseableHttpClient client = new DefaultHttpClient();
         try {
-            formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
-        } catch (UnsupportedEncodingException e) {
-            throw new RuntimeException(e);
-        }
-        post.setEntity(formEntity);
+            HttpPost post = new HttpPost(getAccessTokenUrl());
 
-        try {
-            return new AccessTokenResponse(client.execute(post));
-        } catch (Exception e) {
-            throw new RuntimeException("Failed to retrieve access token", e);
+            List<NameValuePair> parameters = new LinkedList<NameValuePair>();
+            parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.AUTHORIZATION_CODE));
+
+            if (code != null) {
+                parameters.add(new BasicNameValuePair(OAuth2Constants.CODE, code));
+            }
+            if (redirectUri != null) {
+                parameters.add(new BasicNameValuePair(OAuth2Constants.REDIRECT_URI, redirectUri));
+            }
+            if (clientId != null && password != null) {
+                String authorization = BasicAuthHelper.createHeader(clientId, password);
+                post.setHeader("Authorization", authorization);
+            } else if (clientId != null) {
+                parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
+            }
+
+            if (clientSessionState != null) {
+                parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState));
+            }
+
+            if (clientSessionHost != null) {
+                parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost));
+            }
+
+            UrlEncodedFormEntity formEntity = null;
+            try {
+                formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
+            } catch (UnsupportedEncodingException e) {
+                throw new RuntimeException(e);
+            }
+            post.setEntity(formEntity);
+
+            try {
+                return new AccessTokenResponse(client.execute(post));
+            } catch (Exception e) {
+                throw new RuntimeException("Failed to retrieve access token", e);
+            }
+        } finally {
+            closeClient(client);
         }
     }
 
     public AccessTokenResponse doGrantAccessTokenRequest(String clientSecret, String username,  String password) throws Exception {
-        HttpClient client = new DefaultHttpClient();
-        HttpPost post = new HttpPost(getResourceOwnerPasswordCredentialGrantUrl());
-
-        String authorization = BasicAuthHelper.createHeader(clientId, clientSecret);
-        post.setHeader("Authorization", authorization);
-
-        List<NameValuePair> parameters = new LinkedList<NameValuePair>();
-        parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD));
-        parameters.add(new BasicNameValuePair("username", username));
-        parameters.add(new BasicNameValuePair("password", password));
-
-        if(clientSessionState != null) {
-            parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState));
-        }
-        if(clientSessionHost != null) {
-            parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost));
-        }
-
-        UrlEncodedFormEntity formEntity;
+        CloseableHttpClient client = new DefaultHttpClient();
         try {
-            formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
-        } catch (UnsupportedEncodingException e) {
-            throw new RuntimeException(e);
-        }
-        post.setEntity(formEntity);
+            HttpPost post = new HttpPost(getResourceOwnerPasswordCredentialGrantUrl());
 
-        return new AccessTokenResponse(client.execute(post));
+            String authorization = BasicAuthHelper.createHeader(clientId, clientSecret);
+            post.setHeader("Authorization", authorization);
+
+            List<NameValuePair> parameters = new LinkedList<NameValuePair>();
+            parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD));
+            parameters.add(new BasicNameValuePair("username", username));
+            parameters.add(new BasicNameValuePair("password", password));
+
+            if (clientSessionState != null) {
+                parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState));
+            }
+            if (clientSessionHost != null) {
+                parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost));
+            }
+
+            UrlEncodedFormEntity formEntity;
+            try {
+                formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
+            } catch (UnsupportedEncodingException e) {
+                throw new RuntimeException(e);
+            }
+            post.setEntity(formEntity);
+
+            return new AccessTokenResponse(client.execute(post));
+        } finally {
+            closeClient(client);
+        }
     }
 
     public HttpResponse doLogout(String refreshToken, String clientSecret) throws IOException {
-        HttpClient client = new DefaultHttpClient();
-        HttpPost post = new HttpPost(getLogoutUrl(null, null));
-
-        List<NameValuePair> parameters = new LinkedList<NameValuePair>();
-        if (refreshToken != null) {
-            parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
-        }
-        if (clientId != null && clientSecret != null) {
-            String authorization = BasicAuthHelper.createHeader(clientId, clientSecret);
-            post.setHeader("Authorization", authorization);
-        }
-        else if (clientId != null) {
-            parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
-        }
-
-        UrlEncodedFormEntity formEntity;
+        CloseableHttpClient client = new DefaultHttpClient();
         try {
-            formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
-        } catch (UnsupportedEncodingException e) {
-            throw new RuntimeException(e);
-        }
-        post.setEntity(formEntity);
+            HttpPost post = new HttpPost(getLogoutUrl(null, null));
 
-        return client.execute(post);
+            List<NameValuePair> parameters = new LinkedList<NameValuePair>();
+            if (refreshToken != null) {
+                parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
+            }
+            if (clientId != null && clientSecret != null) {
+                String authorization = BasicAuthHelper.createHeader(clientId, clientSecret);
+                post.setHeader("Authorization", authorization);
+            } else if (clientId != null) {
+                parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
+            }
+
+            UrlEncodedFormEntity formEntity;
+            try {
+                formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
+            } catch (UnsupportedEncodingException e) {
+                throw new RuntimeException(e);
+            }
+            post.setEntity(formEntity);
+
+            return client.execute(post);
+        } finally {
+            closeClient(client);
+        }
     }
 
     public AccessTokenResponse doRefreshTokenRequest(String refreshToken, String password) {
-        HttpClient client = new DefaultHttpClient();
-        HttpPost post = new HttpPost(getRefreshTokenUrl());
-
-        List<NameValuePair> parameters = new LinkedList<NameValuePair>();
-        parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN));
-
-        if (refreshToken != null) {
-            parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
-        }
-        if (clientId != null && password != null) {
-            String authorization = BasicAuthHelper.createHeader(clientId, password);
-            post.setHeader("Authorization", authorization);
-        }
-        else if (clientId != null) {
-            parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
-        }
-
-        if(clientSessionState != null) {
-            parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState));
-        }
-        if(clientSessionHost != null) {
-            parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost));
-        }
-
-        UrlEncodedFormEntity formEntity;
+        CloseableHttpClient client = new DefaultHttpClient();
         try {
-            formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
-        } catch (UnsupportedEncodingException e) {
-            throw new RuntimeException(e);
-        }
-        post.setEntity(formEntity);
+            HttpPost post = new HttpPost(getRefreshTokenUrl());
 
+            List<NameValuePair> parameters = new LinkedList<NameValuePair>();
+            parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN));
+
+            if (refreshToken != null) {
+                parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
+            }
+            if (clientId != null && password != null) {
+                String authorization = BasicAuthHelper.createHeader(clientId, password);
+                post.setHeader("Authorization", authorization);
+            } else if (clientId != null) {
+                parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
+            }
+
+            if (clientSessionState != null) {
+                parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_STATE, clientSessionState));
+            }
+            if (clientSessionHost != null) {
+                parameters.add(new BasicNameValuePair(AdapterConstants.CLIENT_SESSION_HOST, clientSessionHost));
+            }
+
+            UrlEncodedFormEntity formEntity;
+            try {
+                formEntity = new UrlEncodedFormEntity(parameters, "UTF-8");
+            } catch (UnsupportedEncodingException e) {
+                throw new RuntimeException(e);
+            }
+            post.setEntity(formEntity);
+
+            try {
+                return new AccessTokenResponse(client.execute(post));
+            } catch (Exception e) {
+                throw new RuntimeException("Failed to retrieve access token", e);
+            }
+        } finally {
+            closeClient(client);
+        }
+    }
+
+    private void closeClient(CloseableHttpClient client) {
         try {
-            return new AccessTokenResponse(client.execute(post));
-        } catch (Exception e) {
-            throw new RuntimeException("Failed to retrieve access token", e);
+            client.close();
+        } catch (IOException ioe) {
+            throw new RuntimeException(ioe);
         }
     }
 
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
index cadeb9ed89..59ba8aabd7 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
@@ -1,6 +1,10 @@
 package org.keycloak.testsuite.oauth;
 
 import org.apache.http.HttpResponse;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.DefaultHttpClient;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
@@ -203,4 +207,22 @@ public class ResourceOwnerPasswordCredentialsGrantTest {
                 .assertEvent();
     }
 
+    @Test
+    public void grantAccessTokenMissingGrantType() throws Exception {
+        oauth.clientId("resource-owner");
+
+        DefaultHttpClient client = new DefaultHttpClient();
+        try {
+            HttpPost post = new HttpPost(oauth.getResourceOwnerPasswordCredentialGrantUrl());
+            OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(client.execute(post));
+
+            assertEquals(400, response.getStatusCode());
+
+            assertEquals("invalid_request", response.getError());
+            assertEquals("Missing form parameter: grant_type", response.getErrorDescription());
+        } finally {
+            client.close();
+        }
+    }
+
 }

From e96ba202e94ce127aee2de5dd2a05b90d0b1910b Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Tue, 9 Jun 2015 17:44:07 +0200
Subject: [PATCH 21/53] Fix AdminRecoveryTest to not break admin tests

---
 .../offlineconfig/AdminRecoveryTest.java      | 24 ++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/offlineconfig/AdminRecoveryTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/offlineconfig/AdminRecoveryTest.java
index 7e070dd607..506a154a69 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/offlineconfig/AdminRecoveryTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/offlineconfig/AdminRecoveryTest.java
@@ -24,11 +24,13 @@ import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserCredentialValueModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserModel.RequiredAction;
 import org.keycloak.offlineconfig.AdminRecovery;
 import org.keycloak.offlineconfig.OfflineConfigException;
+import org.keycloak.services.managers.RealmManager;
 import org.keycloak.testsuite.rule.KeycloakRule;
 import org.keycloak.testsuite.rule.WebRule;
 
@@ -39,7 +41,27 @@ import org.keycloak.testsuite.rule.WebRule;
  */
 public class AdminRecoveryTest {
     @ClassRule
-    public static KeycloakRule keycloakRule = new KeycloakRule();
+    public static KeycloakRule keycloakRule = new KeycloakRule() {
+
+        @Override
+        protected void after() {
+
+            // Need to reset admin user to default password and remove required action to not break next tests
+            update(new KeycloakSetup() {
+
+                @Override
+                public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+                    UserModel adminUser = session.users().getUserByUsername("admin", adminstrationRealm);
+                    UserCredentialModel password = UserCredentialModel.password("admin");
+                    adminUser.updateCredential(password);
+
+                    adminUser.removeRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
+                }
+            });
+
+            super.after();
+        }
+    };
 
     @Rule
     public WebRule webRule = new WebRule(this);

From d3e9b29d78ee2f93f966fd7179fd18198e637d0a Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Tue, 9 Jun 2015 20:37:01 +0200
Subject: [PATCH 22/53] KEYCLOAK-1088 Audit of user grants during login

---
 .../java/org/keycloak/events/Details.java     |  5 +++
 .../managers/AuthenticationManager.java       |  8 ++++-
 .../resources/LoginActionsService.java        |  5 +--
 .../org/keycloak/testsuite/AssertEvents.java  |  3 +-
 .../testsuite/account/AccountTest.java        |  4 ++-
 .../keycloak/testsuite/forms/LoginTest.java   | 30 ++++++++++++----
 .../testsuite/forms/LoginTotpTest.java        | 11 ++++--
 .../oauth/AuthorizationCodeTest.java          |  1 +
 .../testsuite/oauth/OAuthGrantTest.java       | 34 ++++++++++++++-----
 ...urceOwnerPasswordCredentialsGrantTest.java |  4 +++
 10 files changed, 83 insertions(+), 22 deletions(-)

diff --git a/events/api/src/main/java/org/keycloak/events/Details.java b/events/api/src/main/java/org/keycloak/events/Details.java
index 1a9c479b35..4a0a1ad007 100755
--- a/events/api/src/main/java/org/keycloak/events/Details.java
+++ b/events/api/src/main/java/org/keycloak/events/Details.java
@@ -27,4 +27,9 @@ public interface Details {
     String CLIENT_SESSION_STATE = "client_session_state";
     String CLIENT_SESSION_HOST = "client_session_host";
 
+    String CONSENT = "consent";
+    String CONSENT_VALUE_NO_CONSENT_REQUIRED = "no_consent_required"; // No consent is required by client
+    String CONSENT_VALUE_CONSENT_GRANTED = "consent_granted";         // Consent granted by user
+    String CONSENT_VALUE_PERSISTED_CONSENT = "persistent_consent";    // Persistent consent used (was already granted by user before)
+
 }
diff --git a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
index e76ab3aee9..f200130794 100755
--- a/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
@@ -465,7 +465,6 @@ public class AuthenticationManager {
         }
 
         if (client.isConsentRequired()) {
-            accessCode.setAction(ClientSessionModel.Action.OAUTH_GRANT);
 
             UserConsentModel grantedConsent = user.getConsentByClient(client.getId());
 
@@ -496,11 +495,18 @@ public class AuthenticationManager {
 
             // Skip grant screen if everything was already approved by this user
             if (realmRoles.size() > 0 || resourceRoles.size() > 0 || protocolMappers.size() > 0) {
+                accessCode.setAction(ClientSessionModel.Action.OAUTH_GRANT);
+
                 return session.getProvider(LoginFormsProvider.class)
                         .setClientSessionCode(accessCode.getCode())
                         .setAccessRequest(realmRoles, resourceRoles, protocolMappers)
                         .createOAuthGrant(clientSession);
+            } else {
+                String consentDetail = (grantedConsent != null) ? Details.CONSENT_VALUE_PERSISTED_CONSENT : Details.CONSENT_VALUE_NO_CONSENT_REQUIRED;
+                event.detail(Details.CONSENT, consentDetail);
             }
+        } else {
+            event.detail(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED);
         }
 
         event.success();
diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
index c2571d9e8c..08a05c9d5e 100755
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@@ -316,7 +316,7 @@ public class LoginActionsService {
             return ErrorPage.error(session, Messages.UNKNOWN_LOGIN_REQUESTER);
         }
         if (!client.isEnabled()) {
-            event.error(Errors.CLIENT_NOT_FOUND);
+            event.error(Errors.CLIENT_DISABLED);
             return ErrorPage.error(session, Messages.LOGIN_REQUESTER_NOT_ENABLED);
         }
 
@@ -443,7 +443,7 @@ public class LoginActionsService {
             return ErrorPage.error(session, Messages.UNKNOWN_LOGIN_REQUESTER);
         }
         if (!client.isEnabled()) {
-            event.error(Errors.CLIENT_NOT_FOUND);
+            event.error(Errors.CLIENT_DISABLED);
             return ErrorPage.error(session, Messages.LOGIN_REQUESTER_NOT_ENABLED);
         }
 
@@ -741,6 +741,7 @@ public class LoginActionsService {
         }
         user.updateConsent(grantedConsent);
 
+        event.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
         event.success();
 
         return authManager.redirectAfterSuccessfulFlow(session, realm, userSession, clientSession, request, uriInfo, clientConnection);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java
index ce805271c6..21e51907e6 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/AssertEvents.java
@@ -113,7 +113,7 @@ public class AssertEvents implements TestRule, EventListenerProviderFactory {
     }
 
     public ExpectedEvent expectRequiredAction(EventType event) {
-        return expectLogin().event(event).session(isUUID());
+        return expectLogin().event(event).removeDetail(Details.CONSENT).session(isUUID());
     }
 
     public ExpectedEvent expectLogin() {
@@ -123,6 +123,7 @@ public class AssertEvents implements TestRule, EventListenerProviderFactory {
                 .detail(Details.RESPONSE_TYPE, "code")
                 .detail(Details.AUTH_METHOD, "form")
                 .detail(Details.REDIRECT_URI, DEFAULT_REDIRECT_URI)
+                .detail(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED)
                 .session(isUUID());
     }
 
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
index 0f1eba124e..4fafbb300f 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
@@ -242,7 +242,9 @@ public class AccountTest {
 
         Assert.assertEquals("Invalid username or password.", loginPage.getError());
 
-        events.expectLogin().session((String) null).error("invalid_user_credentials").assertEvent();
+        events.expectLogin().session((String) null).error("invalid_user_credentials")
+                .removeDetail(Details.CONSENT)
+                .assertEvent();
 
         loginPage.open();
         loginPage.login("test-user@localhost", "new-password");
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
index 644fff31bf..03da92f0b8 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
@@ -127,7 +127,10 @@ public class LoginTest {
 
         Assert.assertEquals("Invalid username or password.", loginPage.getError());
 
-        events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials").detail(Details.USERNAME, "login-test").assertEvent();
+        events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials")
+                .detail(Details.USERNAME, "login-test")
+                .removeDetail(Details.CONSENT)
+                .assertEvent();
     }
 
     @Test
@@ -147,7 +150,10 @@ public class LoginTest {
 
             Assert.assertEquals("Invalid username or password.", loginPage.getError());
 
-            events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials").detail(Details.USERNAME, "login-test").assertEvent();
+            events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials")
+                    .detail(Details.USERNAME, "login-test")
+                    .removeDetail(Details.CONSENT)
+                    .assertEvent();
         } finally {
             keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
                 @Override
@@ -175,7 +181,10 @@ public class LoginTest {
 
             Assert.assertEquals("Account is disabled, contact admin.", loginPage.getError());
 
-            events.expectLogin().user(userId).session((String) null).error("user_disabled").detail(Details.USERNAME, "login-test").assertEvent();
+            events.expectLogin().user(userId).session((String) null).error("user_disabled")
+                    .detail(Details.USERNAME, "login-test")
+                    .removeDetail(Details.CONSENT)
+                    .assertEvent();
         } finally {
             keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
                 @Override
@@ -195,7 +204,10 @@ public class LoginTest {
 
         Assert.assertEquals("Invalid username or password.", loginPage.getError());
 
-        events.expectLogin().user((String) null).session((String) null).error("user_not_found").detail(Details.USERNAME, "invalid").assertEvent();
+        events.expectLogin().user((String) null).session((String) null).error("user_not_found")
+                .detail(Details.USERNAME, "invalid")
+                .removeDetail(Details.CONSENT)
+                .assertEvent();
     }
 
     @Test
@@ -413,7 +425,10 @@ public class LoginTest {
         Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
         Assert.assertEquals("access_denied", oauth.getCurrentQuery().get(OAuth2Constants.ERROR));
 
-        events.expectLogin().error("rejected_by_user").user((String) null).session((String) null).removeDetail(Details.USERNAME).assertEvent();
+        events.expectLogin().error("rejected_by_user").user((String) null).session((String) null)
+                .removeDetail(Details.USERNAME)
+                .removeDetail(Details.CONSENT)
+                .assertEvent();
     }
 
     // KEYCLOAK-1037
@@ -427,7 +442,10 @@ public class LoginTest {
             loginPage.assertCurrent();
             Assert.assertEquals("Login timeout. Please login again.", loginPage.getError());
 
-            events.expectLogin().user((String) null).session((String) null).error("expired_code").clearDetails().detail(Details.CODE_ID, AssertEvents.isCodeId()).assertEvent();
+            events.expectLogin().user((String) null).session((String) null).error("expired_code").clearDetails()
+                    .detail(Details.CODE_ID, AssertEvents.isCodeId())
+                    .removeDetail(Details.CONSENT)
+                    .assertEvent();
 
         } finally {
             Time.setOffset(0);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java
index 45795dac81..8eea530409 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java
@@ -114,7 +114,9 @@ public class LoginTotpTest {
         loginPage.assertCurrent();
         Assert.assertEquals("Invalid username or password.", loginPage.getError());
 
-        events.expectLogin().error("invalid_user_credentials").session((String) null).assertEvent();
+        events.expectLogin().error("invalid_user_credentials").session((String) null)
+                .removeDetail(Details.CONSENT)
+                .assertEvent();
     }
 
     @Test
@@ -140,7 +142,9 @@ public class LoginTotpTest {
 
         Assert.assertEquals("Invalid username or password.", loginPage.getError());
 
-        events.expectLogin().error("invalid_user_credentials").session((String) null).assertEvent();
+        events.expectLogin().error("invalid_user_credentials").session((String) null)
+                .removeDetail(Details.CONSENT)
+                .assertEvent();
     }
 
     @Test
@@ -159,7 +163,8 @@ public class LoginTotpTest {
             Assert.assertEquals("Invalid username or password.", loginPage.getError());
 
             AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().error("invalid_user_credentials")
-                    .session((String) null);
+                    .session((String) null)
+                    .removeDetail(Details.CONSENT);
             expectedEvent.assertEvent();
         } finally {
             Time.setOffset(0);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
index 0a70da0ef9..784318f5f4 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
@@ -141,6 +141,7 @@ public class AuthorizationCodeTest {
 
         events.expectLogin().error("rejected_by_user").user((String) null).session((String) null)
                 .removeDetail(Details.USERNAME)
+                .removeDetail(Details.CONSENT)
                 .detail(Details.REDIRECT_URI, "http://localhost:8081/auth/realms/test/protocol/openid-connect/oauth/oob")
                 .assertEvent().getDetails().get(Details.CODE_ID);
 
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
index 939231f031..bfff4bda6a 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
@@ -36,7 +36,6 @@ import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
-import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
 import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.services.managers.RealmManager;
@@ -51,7 +50,6 @@ import org.keycloak.testsuite.rule.WebResource;
 import org.keycloak.testsuite.rule.WebRule;
 import org.openqa.selenium.WebDriver;
 
-import java.io.IOException;
 import java.util.Map;
 
 import static org.junit.Assert.assertEquals;
@@ -104,7 +102,10 @@ public class OAuthGrantTest {
 
         Assert.assertTrue(oauth.getCurrentQuery().containsKey(OAuth2Constants.CODE));
 
-        Event loginEvent = events.expectLogin().client("third-party").assertEvent();
+        Event loginEvent = events.expectLogin()
+                .client("third-party")
+                .detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
+                .assertEvent();
         String codeId = loginEvent.getDetails().get(Details.CODE_ID);
         String sessionId = loginEvent.getSessionId();
 
@@ -147,7 +148,11 @@ public class OAuthGrantTest {
         Assert.assertTrue(oauth.getCurrentQuery().containsKey(OAuth2Constants.ERROR));
         assertEquals("access_denied", oauth.getCurrentQuery().get(OAuth2Constants.ERROR));
 
-        events.expectLogin().client("third-party").error("rejected_by_user").assertEvent();
+        events.expectLogin()
+                .client("third-party")
+                .error("rejected_by_user")
+                .removeDetail(Details.CONSENT)
+                .assertEvent();
     }
 
     @Test
@@ -159,7 +164,10 @@ public class OAuthGrantTest {
         grantPage.assertCurrent();
         grantPage.accept();
 
-        events.expectLogin().client("third-party").assertEvent();
+        events.expectLogin()
+                .client("third-party")
+                .detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
+                .assertEvent();
 
         // Assert permissions granted on Account mgmt. applications page
         accountAppsPage.open();
@@ -172,7 +180,11 @@ public class OAuthGrantTest {
         // Open login form and assert grantPage not shown
         oauth.openLoginForm();
         appPage.assertCurrent();
-        events.expectLogin().detail(Details.AUTH_METHOD, "sso").removeDetail(Details.USERNAME).client("third-party").assertEvent();
+        events.expectLogin()
+                .detail(Details.AUTH_METHOD, "sso")
+                .detail(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT)
+                .removeDetail(Details.USERNAME)
+                .client("third-party").assertEvent();
 
         // Revoke grant in account mgmt.
         accountAppsPage.open();
@@ -219,7 +231,10 @@ public class OAuthGrantTest {
         // Confirm grant page
         grantPage.assertCurrent();
         grantPage.accept();
-        events.expectLogin().client("third-party").assertEvent();
+        events.expectLogin()
+                .client("third-party")
+                .detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
+                .assertEvent();
 
         // Assert new role and protocol mapper not in account mgmt.
         accountAppsPage.open();
@@ -235,7 +250,10 @@ public class OAuthGrantTest {
         Assert.assertTrue(driver.getPageSource().contains("new-role"));
         Assert.assertTrue(driver.getPageSource().contains(KerberosConstants.GSS_DELEGATION_CREDENTIAL_DISPLAY_NAME));
         grantPage.accept();
-        events.expectLogin().client("third-party").assertEvent();
+        events.expectLogin()
+                .client("third-party")
+                .detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
+                .assertEvent();
 
         // Go to account mgmt. Everything is granted now
         accountAppsPage.open();
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
index 59ba8aabd7..23d2e5e907 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
@@ -93,6 +93,7 @@ public class ResourceOwnerPasswordCredentialsGrantTest {
                 .detail(Details.USERNAME, login)
                 .removeDetail(Details.CODE_ID)
                 .removeDetail(Details.REDIRECT_URI)
+                .removeDetail(Details.CONSENT)
                 .assertEvent();
 
         assertEquals(accessToken.getSessionState(), refreshToken.getSessionState());
@@ -128,6 +129,7 @@ public class ResourceOwnerPasswordCredentialsGrantTest {
                 .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
                 .removeDetail(Details.CODE_ID)
                 .removeDetail(Details.REDIRECT_URI)
+                .removeDetail(Details.CONSENT)
                 .assertEvent();
 
         HttpResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret");
@@ -180,6 +182,7 @@ public class ResourceOwnerPasswordCredentialsGrantTest {
                 .detail(Details.RESPONSE_TYPE, "token")
                 .removeDetail(Details.CODE_ID)
                 .removeDetail(Details.REDIRECT_URI)
+                .removeDetail(Details.CONSENT)
                 .error(Errors.INVALID_USER_CREDENTIALS)
                 .assertEvent();
     }
@@ -203,6 +206,7 @@ public class ResourceOwnerPasswordCredentialsGrantTest {
                 .detail(Details.USERNAME, "invalid")
                 .removeDetail(Details.CODE_ID)
                 .removeDetail(Details.REDIRECT_URI)
+                .removeDetail(Details.CONSENT)
                 .error(Errors.INVALID_USER_CREDENTIALS)
                 .assertEvent();
     }

From 557edbec6d2425c8a5a0838b5a79b224b088e910 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Tue, 9 Jun 2015 23:15:43 +0200
Subject: [PATCH 23/53] KEYCLOAK-1416 federation provider/mapper model fixes

---
 .../org/keycloak/models/jpa/RealmAdapter.java | 20 +++---
 .../mongo/keycloak/adapters/RealmAdapter.java | 62 ++++++++++++++++---
 .../resources/admin/RealmAdminResource.java   |  5 +-
 .../model/UserFederationModelTest.java        | 41 ++++++++++++
 4 files changed, 111 insertions(+), 17 deletions(-)

diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
index 7db1b47010..8cd0678960 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
@@ -804,18 +804,23 @@ public class RealmAdapter implements RealmModel {
             if (entity.getId().equals(provider.getId())) {
 
                 session.users().preRemove(this, provider);
+                removeFederationMappersForProvider(provider.getId());
 
-                Set<UserFederationMapperEntity> mappers = getUserFederationMapperEntitiesByFederationProvider(provider.getId());
-                for (UserFederationMapperEntity mapper : mappers) {
-                    realm.getUserFederationMappers().remove(mapper);
-                    em.remove(mapper);
-                }
                 it.remove();
                 em.remove(entity);
                 return;
             }
         }
     }
+
+    private void removeFederationMappersForProvider(String federationProviderId) {
+        Set<UserFederationMapperEntity> mappers = getUserFederationMapperEntitiesByFederationProvider(federationProviderId);
+        for (UserFederationMapperEntity mapper : mappers) {
+            realm.getUserFederationMappers().remove(mapper);
+            em.remove(mapper);
+        }
+    }
+
     @Override
     public void updateUserFederationProvider(UserFederationProviderModel model) {
         KeycloakModelUtils.ensureUniqueDisplayName(model.getDisplayName(), model, getUserFederationProviders());
@@ -855,10 +860,9 @@ public class RealmAdapter implements RealmModel {
                     entity.setConfig(model.getConfig());
                     entity.setPriority(model.getPriority());
                     entity.setProviderName(model.getProviderName());
-                    entity.setPriority(model.getPriority());
                     String displayName = model.getDisplayName();
                     if (displayName != null) {
-                        entity.setDisplayName(model.getDisplayName());
+                        entity.setDisplayName(displayName);
                     }
                     entity.setFullSyncPeriod(model.getFullSyncPeriod());
                     entity.setChangedSyncPeriod(model.getChangedSyncPeriod());
@@ -871,6 +875,8 @@ public class RealmAdapter implements RealmModel {
             if (found) continue;
             session.users().preRemove(this, new UserFederationProviderModel(entity.getId(), entity.getProviderName(), entity.getConfig(), entity.getPriority(), entity.getDisplayName(),
                     entity.getFullSyncPeriod(), entity.getChangedSyncPeriod(), entity.getLastSync()));
+            removeFederationMappersForProvider(entity.getId());
+
             it.remove();
             em.remove(entity);
         }
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index aa25be77b5..2b8c397f04 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -877,11 +877,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
             if (entity.getId().equals(provider.getId())) {
                 session.users().preRemove(this, new UserFederationProviderModel(entity.getId(), entity.getProviderName(), entity.getConfig(), entity.getPriority(), entity.getDisplayName(),
                         entity.getFullSyncPeriod(), entity.getChangedSyncPeriod(), entity.getLastSync()));
-
-                Set<UserFederationMapperEntity> mappers = getUserFederationMapperEntitiesByFederationProvider(provider.getId());
-                for (UserFederationMapperEntity mapper : mappers) {
-                    getMongoEntity().getUserFederationMappers().remove(mapper);
-                }
+                removeFederationMappersForProvider(provider.getId());
 
                 it.remove();
             }
@@ -889,6 +885,13 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
         updateRealm();
     }
 
+    private void removeFederationMappersForProvider(String federationProviderId) {
+        Set<UserFederationMapperEntity> mappers = getUserFederationMapperEntitiesByFederationProvider(federationProviderId);
+        for (UserFederationMapperEntity mapper : mappers) {
+            getMongoEntity().getUserFederationMappers().remove(mapper);
+        }
+    }
+
     @Override
     public void updateUserFederationProvider(UserFederationProviderModel model) {
         KeycloakModelUtils.ensureUniqueDisplayName(model.getDisplayName(), model, getUserFederationProviders());
@@ -943,8 +946,52 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
             KeycloakModelUtils.ensureUniqueDisplayName(currentProvider.getDisplayName(), currentProvider, providers);
         }
 
-        List<UserFederationProviderEntity> entities = new LinkedList<UserFederationProviderEntity>();
+        List<UserFederationProviderEntity> existingProviders = realm.getUserFederationProviders();
+        List<UserFederationProviderEntity> toRemove = new LinkedList<>();
+        for (UserFederationProviderEntity entity : existingProviders) {
+            boolean found = false;
+            for (UserFederationProviderModel model : providers) {
+                if (entity.getId().equals(model.getId())) {
+                    entity.setConfig(model.getConfig());
+                    entity.setPriority(model.getPriority());
+                    entity.setProviderName(model.getProviderName());
+                    String displayName = model.getDisplayName();
+                    if (displayName != null) {
+                        entity.setDisplayName(displayName);
+                    }
+                    entity.setFullSyncPeriod(model.getFullSyncPeriod());
+                    entity.setChangedSyncPeriod(model.getChangedSyncPeriod());
+                    entity.setLastSync(model.getLastSync());
+                    found = true;
+                    break;
+                }
+
+            }
+            if (found) continue;
+            session.users().preRemove(this, new UserFederationProviderModel(entity.getId(), entity.getProviderName(), entity.getConfig(), entity.getPriority(), entity.getDisplayName(),
+                    entity.getFullSyncPeriod(), entity.getChangedSyncPeriod(), entity.getLastSync()));
+            removeFederationMappersForProvider(entity.getId());
+
+            toRemove.add(entity);
+        }
+
+        for (UserFederationProviderEntity entity : toRemove) {
+            realm.getUserFederationProviders().remove(entity);
+        }
+
+        List<UserFederationProviderModel> add = new LinkedList<UserFederationProviderModel>();
         for (UserFederationProviderModel model : providers) {
+            boolean found = false;
+            for (UserFederationProviderEntity entity : realm.getUserFederationProviders()) {
+                if (entity.getId().equals(model.getId())) {
+                    found = true;
+                    break;
+                }
+            }
+            if (!found) add.add(model);
+        }
+
+        for (UserFederationProviderModel model : add) {
             UserFederationProviderEntity entity = new UserFederationProviderEntity();
             if (model.getId() != null) {
                 entity.setId(model.getId());
@@ -964,12 +1011,11 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
             entity.setFullSyncPeriod(model.getFullSyncPeriod());
             entity.setChangedSyncPeriod(model.getChangedSyncPeriod());
             entity.setLastSync(model.getLastSync());
-            entities.add(entity);
+            realm.getUserFederationProviders().add(entity);
 
             session.getKeycloakSessionFactory().publish(new UserFederationProviderCreationEventImpl(this, model));
         }
 
-        realm.setUserFederationProviders(entities);
         updateRealm();
     }
 
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
index b27ce49430..c94fa6ec7c 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@@ -193,8 +193,9 @@ public class RealmAdminResource {
         } catch (PatternSyntaxException e) {
             return ErrorResponse.error("Specified regex pattern(s) is invalid.", Response.Status.BAD_REQUEST);
         } catch (ModelDuplicateException e) {
-            return ErrorResponse.exists("Realm " + rep.getRealm() + " already exists.");
-        }  catch (Exception e) {
+            throw e;
+        } catch (Exception e) {
+            logger.error(e);
             return ErrorResponse.error("Failed to update " + rep.getRealm() + " Realm.", Response.Status.INTERNAL_SERVER_ERROR);
         }
     }
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserFederationModelTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserFederationModelTest.java
index 51fc446caf..17e0e31c3e 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserFederationModelTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserFederationModelTest.java
@@ -1,5 +1,9 @@
 package org.keycloak.testsuite.model;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.TreeMap;
@@ -97,6 +101,43 @@ public class UserFederationModelTest extends AbstractModelTest {
         commit();
     }
 
+    @Test
+    public void federationProvidersSetTest() {
+        RealmModel realm = realmManager.createRealm("test-realm");
+        UserFederationProviderModel ldapProvider = new UserFederationProviderModel(null, "ldap", new TreeMap<String, String>(), 1, "my-cool-provider", -1, -1, 0);
+        realm.setUserFederationProviders(Arrays.asList(ldapProvider));
+
+        commit();
+
+        realm = realmManager.getRealmByName("test-realm");
+        List<UserFederationProviderModel> fedProviders = realm.getUserFederationProviders();
+        Assert.assertEquals(1, fedProviders.size());
+        ldapProvider = fedProviders.get(0);
+        Set<UserFederationMapperModel> fedMappers = realmManager.getRealmByName("test-realm").getUserFederationMappersByFederationProvider(ldapProvider.getId());
+
+        UserFederationProviderModel dummyProvider = new UserFederationProviderModel(null, "dummy", new TreeMap<String, String>(), 1, "my-cool-provider", -1, -1, 0);
+        try {
+            realm.setUserFederationProviders(Arrays.asList(ldapProvider, dummyProvider));
+            commit();
+            Assert.fail("Don't expect to end here");
+        } catch (ModelDuplicateException expected) {
+        }
+
+        dummyProvider.setDisplayName("my-cool-provider2");
+        realm.setUserFederationProviders(Arrays.asList(ldapProvider, dummyProvider));
+
+        commit();
+
+        realm = realmManager.getRealmByName("test-realm");
+        Assert.assertEquals(fedMappers.size(), realm.getUserFederationMappersByFederationProvider(ldapProvider.getId()).size());
+        realm.setUserFederationProviders(new ArrayList<UserFederationProviderModel>());
+
+        commit();
+
+        realm = realmManager.getRealmByName("test-realm");
+        Assert.assertTrue(realm.getUserFederationMappersByFederationProvider(ldapProvider.getId()).isEmpty());
+    }
+
     private UserFederationMapperModel createMapper(String name, String fedProviderId, String... config) {
         UserFederationMapperModel mapperModel = new UserFederationMapperModel();
         mapperModel.setName(name);

From 1ba5ea411b614e398dae936452db6858829f2534 Mon Sep 17 00:00:00 2001
From: girirajsharma <giriraj.sharma27@gmail.com>
Date: Wed, 10 Jun 2015 16:14:19 +0530
Subject: [PATCH 24/53] [KEYCLOAK-1424] Login button on login screen should be
 on the left

---
 .../resources/theme/keycloak/login/resources/css/login.css   | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/forms/common-themes/src/main/resources/theme/keycloak/login/resources/css/login.css b/forms/common-themes/src/main/resources/theme/keycloak/login/resources/css/login.css
index 18d97e09a3..b64bdc70da 100644
--- a/forms/common-themes/src/main/resources/theme/keycloak/login/resources/css/login.css
+++ b/forms/common-themes/src/main/resources/theme/keycloak/login/resources/css/login.css
@@ -121,11 +121,6 @@
     display: block;
 }
 
-#kc-login {
-    float: right;
-    margin-left: 10px;
-}
-
 #kc-feedback-wrapper {
     display: inline-block;
     width: auto;

From 30405804bcb571e427d395787835b1484c1c2108 Mon Sep 17 00:00:00 2001
From: girirajsharma <giriraj.sharma27@gmail.com>
Date: Wed, 10 Jun 2015 17:42:22 +0530
Subject: [PATCH 25/53] [KEYCLOAK-1425] Remove address options on registration
 screen

---
 .../resources/theme/base/login/register.ftl   | 47 -------------------
 .../FederationProvidersIntegrationTest.java   |  4 +-
 .../testsuite/pages/RegisterPage.java         | 19 --------
 3 files changed, 1 insertion(+), 69 deletions(-)

diff --git a/forms/common-themes/src/main/resources/theme/base/login/register.ftl b/forms/common-themes/src/main/resources/theme/base/login/register.ftl
index 63d8c22098..aadd022cce 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/register.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/register.ftl
@@ -61,53 +61,6 @@
                 </div>
             </div>
 
-            <div class="form-group">
-                <div class="${properties.kcLabelWrapperClass!}">
-                    <label for="user.attributes.street" class="${properties.kcLabelClass!}">${msg("street")}</label>
-                </div>
-
-                <div class="${properties.kcInputWrapperClass!}">
-                    <input type="text" class="${properties.kcInputClass!}"  id="user.attributes.street" name="user.attributes.street"/>
-                </div>
-            </div>
-            <div class="form-group">
-                <div class="${properties.kcLabelWrapperClass!}">
-                    <label for="user.attributes.locality" class="${properties.kcLabelClass!}">${msg("locality")}</label>
-                </div>
-
-                <div class="${properties.kcInputWrapperClass!}">
-                    <input type="text" class="${properties.kcInputClass!}"  id="user.attributes.locality" name="user.attributes.locality"/>
-                </div>
-            </div>
-            <div class="form-group">
-                <div class="${properties.kcLabelWrapperClass!}">
-                    <label for="user.attributes.region" class="${properties.kcLabelClass!}">${msg("region")}</label>
-                </div>
-
-                <div class="${properties.kcInputWrapperClass!}">
-                    <input type="text" class="${properties.kcInputClass!}"  id="user.attributes.region" name="user.attributes.region"/>
-                </div>
-            </div>
-            <div class="form-group">
-                <div class="${properties.kcLabelWrapperClass!}">
-                    <label for="user.attributes.postal_code" class="${properties.kcLabelClass!}">${msg("postal_code")}</label>
-                </div>
-
-                <div class="${properties.kcInputWrapperClass!}">
-                    <input type="text" class="${properties.kcInputClass!}"  id="user.attributes.postal_code" name="user.attributes.postal_code"/>
-                </div>
-            </div>
-            <div class="form-group">
-                <div class="${properties.kcLabelWrapperClass!}">
-                    <label for="user.attributes.country" class="${properties.kcLabelClass!}">${msg("country")}</label>
-                </div>
-
-                <div class="${properties.kcInputWrapperClass!}">
-                    <input type="text" class="${properties.kcInputClass!}"  id="user.attributes.country" name="user.attributes.country"/>
-                </div>
-            </div>
-
-
             <div class="${properties.kcFormGroupClass!}">
                 <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
                     <div class="${properties.kcFormOptionsWrapperClass!}">
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
index c384651fcd..4ed0d28372 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/FederationProvidersIntegrationTest.java
@@ -247,7 +247,7 @@ public class FederationProvidersIntegrationTest {
         loginPage.clickRegister();
         registerPage.assertCurrent();
 
-        registerPage.register("firstName", "lastName", "email2@check.cz", "registerUserSuccess2", "Password1", "Password1", "non-LDAP-Mapped street", null, null, "78910", null);
+        registerPage.register("firstName", "lastName", "email2@check.cz", "registerUserSuccess2", "Password1", "Password1");
         Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
 
         KeycloakSession session = keycloakRule.startSession();
@@ -257,8 +257,6 @@ public class FederationProvidersIntegrationTest {
             Assert.assertNotNull(user);
             Assert.assertNotNull(user.getFederationLink());
             Assert.assertEquals(user.getFederationLink(), ldapModel.getId());
-            Assert.assertEquals("78910", user.getAttribute("postal_code"));
-            Assert.assertEquals("non-LDAP-Mapped street", user.getAttribute("street"));
         } finally {
             keycloakRule.stopSession(session, false);
         }
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java
index 28c37963d1..5904da1a3a 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/RegisterPage.java
@@ -57,25 +57,6 @@ public class RegisterPage extends AbstractPage {
     @FindBy(className = "feedback-error")
     private WebElement loginErrorMessage;
 
-    public void register(String firstName, String lastName, String email, String username, String password, String passwordConfirm,
-                         String street, String cityOrLocality, String stateOrRegion, String zipOrPostalCode, String country) {
-        fillExtendedField("street", street);
-        fillExtendedField("locality", cityOrLocality);
-        fillExtendedField("region", stateOrRegion);
-        fillExtendedField("postal_code", zipOrPostalCode);
-        fillExtendedField("country", country);
-
-        register(firstName, lastName, email, username, password, passwordConfirm);
-    }
-
-    private void fillExtendedField(String fieldName, String value) {
-        WebElement field = driver.findElement(By.id("user.attributes." + fieldName));
-        field.clear();
-        if (value != null) {
-            field.sendKeys(value);
-        }
-    }
-
     public void register(String firstName, String lastName, String email, String username, String password, String passwordConfirm) {
         firstNameInput.clear();
         if (firstName != null) {

From 15f8e83d4ac44393b16a993bf28f8c2642056547 Mon Sep 17 00:00:00 2001
From: fkiss <fkiss@redhat.com>
Date: Wed, 10 Jun 2015 15:02:25 +0200
Subject: [PATCH 26/53] added initial tests and page for assigning user role
 mappings

---
 .../page/settings/user/RoleMappingsPage.java  | 71 +++++++++++++++++++
 .../ui/page/settings/{ => user}/UserPage.java |  2 +-
 .../ui/test/role/AddNewRoleTest.java          |  2 +-
 .../ui/test/user/AddNewUserTest.java          |  2 +-
 .../ui/test/user/RegisterNewUserTest.java     |  2 +-
 .../ui/test/user/RoleMappingsTest.java        | 70 ++++++++++++++++++
 6 files changed, 145 insertions(+), 4 deletions(-)
 create mode 100644 testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/user/RoleMappingsPage.java
 rename testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/{ => user}/UserPage.java (98%)
 create mode 100644 testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java

diff --git a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/user/RoleMappingsPage.java b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/user/RoleMappingsPage.java
new file mode 100644
index 0000000000..3b92314e10
--- /dev/null
+++ b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/user/RoleMappingsPage.java
@@ -0,0 +1,71 @@
+package org.keycloak.testsuite.ui.page.settings.user;
+
+import org.keycloak.testsuite.ui.page.AbstractPage;
+import org.openqa.selenium.By;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.ui.Select;
+
+import static org.keycloak.testsuite.ui.util.SeleniumUtils.waitGuiForElement;
+
+/**
+ * Created by fkiss.
+ */
+public class RoleMappingsPage extends AbstractPage {
+
+    @FindBy(id = "available")
+    private Select availableRolesSelect;
+
+    @FindBy(id = "assigned")
+    private Select assignedRolesSelect;
+
+    @FindBy(id = "realm-composite")
+    private Select effectiveRolesSelect;
+
+    @FindBy(id = "available-client")
+    private Select availableClientRolesSelect;
+
+    @FindBy(id = "assigned-client")
+    private Select assignedClientRolesSelect;
+
+    @FindBy(css = "button[ng-click*='addRealm']")
+    private WebElement addSelected;
+
+    @FindBy(css = "button[ng-click*='addRealm']")
+    private WebElement addSelectedButton;
+
+    @FindBy(css = "button[ng-click*='deleteRealm']")
+    private WebElement removeSelectedButton;
+
+    @FindBy(id = "clients")
+    private Select clientRolesSelect;
+
+    public void addAvailableRole(String role){
+        waitGuiForElement(By.id("available"));
+        availableRolesSelect.selectByVisibleText(role);
+        addSelected.click();
+    }
+
+    public void removeAssignedRole(String client){
+        waitGuiForElement(By.id("assigned"));
+        assignedRolesSelect.selectByVisibleText(client);
+        removeSelectedButton.click();
+    }
+
+    public void selectClientRole(String client){
+        waitGuiForElement(By.id("clients"));
+        clientRolesSelect.selectByVisibleText(client);
+    }
+
+    public void addAvailableClientRole(String role){
+        waitGuiForElement(By.id("available-client"));
+        availableRolesSelect.selectByVisibleText(role);
+        addSelected.click();
+    }
+
+    public void removeAssignedClientRole(String client){
+        waitGuiForElement(By.id("assigned-client"));
+        assignedClientRolesSelect.selectByVisibleText(client);
+        removeSelectedButton.click();
+    }
+}
diff --git a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/UserPage.java b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/user/UserPage.java
similarity index 98%
rename from testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/UserPage.java
rename to testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/user/UserPage.java
index 18450b413c..2068879992 100644
--- a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/UserPage.java
+++ b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/page/settings/user/UserPage.java
@@ -16,7 +16,7 @@
  * limitations under the License.
  */
 
-package org.keycloak.testsuite.ui.page.settings;
+package org.keycloak.testsuite.ui.page.settings.user;
 
 import org.jboss.arquillian.graphene.findby.FindByJQuery;
 import org.keycloak.testsuite.ui.model.User;
diff --git a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/role/AddNewRoleTest.java b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/role/AddNewRoleTest.java
index 7bcd681d7b..03066e602f 100644
--- a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/role/AddNewRoleTest.java
+++ b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/role/AddNewRoleTest.java
@@ -17,7 +17,7 @@ import org.junit.Before;
 import org.junit.Ignore;
 import org.keycloak.testsuite.ui.AbstractKeyCloakTest;
 import org.keycloak.testsuite.ui.fragment.FlashMessage;
-import org.keycloak.testsuite.ui.page.settings.UserPage;
+import org.keycloak.testsuite.ui.page.settings.user.UserPage;
 import static org.openqa.selenium.By.id;
 import org.openqa.selenium.support.ui.Select;
 
diff --git a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/AddNewUserTest.java b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/AddNewUserTest.java
index c59cd30b16..f65cc15846 100644
--- a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/AddNewUserTest.java
+++ b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/AddNewUserTest.java
@@ -22,7 +22,7 @@ import org.jboss.arquillian.graphene.findby.FindByJQuery;
 import org.junit.Test;
 import org.keycloak.testsuite.ui.fragment.FlashMessage;
 import org.keycloak.testsuite.ui.model.User;
-import org.keycloak.testsuite.ui.page.settings.UserPage;
+import org.keycloak.testsuite.ui.page.settings.user.UserPage;
 
 
 import static org.junit.Assert.*;
diff --git a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RegisterNewUserTest.java b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RegisterNewUserTest.java
index 834ba25263..981c531cd1 100644
--- a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RegisterNewUserTest.java
+++ b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RegisterNewUserTest.java
@@ -25,7 +25,7 @@ import org.junit.Test;
 import org.keycloak.testsuite.ui.fragment.FlashMessage;
 import org.keycloak.testsuite.ui.model.User;
 import org.keycloak.testsuite.ui.page.RegisterPage;
-import org.keycloak.testsuite.ui.page.settings.UserPage;
+import org.keycloak.testsuite.ui.page.settings.user.UserPage;
 
 import static org.junit.Assert.*;
 import org.junit.Before;
diff --git a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java
new file mode 100644
index 0000000000..4c727b5dfd
--- /dev/null
+++ b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java
@@ -0,0 +1,70 @@
+package org.keycloak.testsuite.ui.test.user;
+
+import org.jboss.arquillian.graphene.findby.FindByJQuery;
+import org.jboss.arquillian.graphene.page.Page;
+import org.junit.Before;
+import org.junit.Test;
+import org.keycloak.testsuite.ui.AbstractKeyCloakTest;
+import org.keycloak.testsuite.ui.fragment.FlashMessage;
+import org.keycloak.testsuite.ui.model.User;
+import org.keycloak.testsuite.ui.page.settings.user.RoleMappingsPage;
+import org.keycloak.testsuite.ui.page.settings.user.UserPage;
+
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.openqa.selenium.By.linkText;
+
+/**
+ * Created by fkiss.
+ */
+public class RoleMappingsTest extends AbstractKeyCloakTest<RoleMappingsPage> {
+
+    @Page
+    private UserPage userPage;
+
+    @FindByJQuery(".alert")
+    private FlashMessage flashMessage;
+
+    @Before
+    public void beforeAddNewUserTest() {
+        navigation.users();
+    }
+
+    @Test
+    public void addUserAndAssignRole() {
+        String testUsername = "tester1";
+        User testUser = new User(testUsername, "pass");
+        userPage.addUser(testUser);
+        flashMessage.waitUntilPresent();
+        assertTrue(flashMessage.getText(), flashMessage.isSuccess());
+        navigation.users();
+        userPage.findUser(testUsername);
+        driver.findElement(linkText(testUsername)).click();
+        navigation.roleMappings();
+
+        page.addAvailableRole("create-realm");
+        assertTrue(flashMessage.getText(), flashMessage.isSuccess());
+        navigation.users();
+        userPage.deleteUser(testUsername);
+    }
+
+    @Test
+    public void addAndRemoveUserAndAssignRole() {
+        String testUsername = "tester2";
+        User testUser = new User(testUsername, "pass");
+        userPage.addUser(testUser);
+        flashMessage.waitUntilPresent();
+        assertTrue(flashMessage.getText(), flashMessage.isSuccess());
+        navigation.users();
+        userPage.findUser(testUsername);
+        driver.findElement(linkText(testUsername)).click();
+        navigation.roleMappings();
+
+        page.addAvailableRole("create-realm");
+        assertTrue(flashMessage.getText(), flashMessage.isSuccess());
+        page.removeAssignedRole("create-realm");
+        assertTrue(flashMessage.getText(), flashMessage.isSuccess());
+        navigation.users();
+        userPage.deleteUser(testUsername);
+    }
+}

From 92efe8441e2f90ef4b8776fff8f0e2751645e712 Mon Sep 17 00:00:00 2001
From: girirajsharma <giriraj.sharma27@gmail.com>
Date: Wed, 10 Jun 2015 20:23:39 +0530
Subject: [PATCH 27/53] [KEYCLOAK-1431] Update page titles

---
 .../base/admin/resources/partials/brute-force.html |  2 +-
 .../resources/partials/client-clustering.html      |  2 +-
 .../resources/partials/client-credentials.html     |  2 +-
 .../admin/resources/partials/client-detail.html    |  4 ++--
 .../admin/resources/partials/client-import.html    |  2 +-
 .../resources/partials/client-installation.html    |  2 +-
 .../base/admin/resources/partials/client-keys.html |  2 +-
 .../base/admin/resources/partials/client-list.html |  2 +-
 .../resources/partials/client-mappers-add.html     |  2 +-
 .../admin/resources/partials/client-mappers.html   |  2 +-
 .../resources/partials/client-revocation.html      |  2 +-
 .../resources/partials/client-role-detail.html     |  4 ++--
 .../admin/resources/partials/client-role-list.html |  2 +-
 .../resources/partials/client-saml-key-export.html |  2 +-
 .../resources/partials/client-saml-key-import.html |  2 +-
 .../admin/resources/partials/client-saml-keys.html |  2 +-
 .../resources/partials/client-scope-mappings.html  |  2 +-
 .../admin/resources/partials/client-sessions.html  |  2 +-
 .../admin/resources/partials/defense-headers.html  |  2 +-
 .../resources/partials/federated-generic.html      |  4 ++--
 .../resources/partials/federated-kerberos.html     |  4 ++--
 .../admin/resources/partials/federated-ldap.html   |  4 ++--
 .../partials/federated-mapper-detail.html          |  4 ++--
 .../resources/partials/federated-mappers.html      |  2 +-
 .../partials/identity-provider-mapper-detail.html  |  6 +++---
 .../partials/identity-provider-mappers.html        |  2 +-
 .../resources/partials/protocol-mapper-detail.html |  4 ++--
 .../resources/partials/realm-cache-settings.html   |  2 +-
 .../resources/partials/realm-credentials.html      |  2 +-
 .../resources/partials/realm-default-roles.html    |  2 +-
 .../admin/resources/partials/realm-detail.html     |  2 +-
 .../resources/partials/realm-events-admin.html     |  2 +-
 .../resources/partials/realm-events-config.html    |  4 ++--
 .../admin/resources/partials/realm-events.html     |  2 +-
 .../partials/realm-identity-provider-export.html   |  4 ++--
 .../partials/realm-identity-provider-oidc.html     |  4 ++--
 .../partials/realm-identity-provider-saml.html     |  4 ++--
 .../partials/realm-identity-provider-social.html   |  4 ++--
 .../realm-identity-provider-stackoverflow-ext.html | 14 +++++++-------
 .../partials/realm-identity-provider.html          |  2 +-
 .../base/admin/resources/partials/realm-keys.html  |  2 +-
 .../resources/partials/realm-login-settings.html   |  2 +-
 .../base/admin/resources/partials/realm-smtp.html  |  2 +-
 .../resources/partials/realm-theme-settings.html   |  2 +-
 .../admin/resources/partials/realm-tokens.html     |  2 +-
 .../base/admin/resources/partials/role-detail.html |  4 ++--
 .../base/admin/resources/partials/role-list.html   |  2 +-
 .../admin/resources/partials/role-mappings.html    |  2 +-
 .../admin/resources/partials/session-realm.html    |  2 +-
 .../resources/partials/session-revocation.html     |  2 +-
 .../admin/resources/partials/user-consents.html    |  2 +-
 .../admin/resources/partials/user-credentials.html |  2 +-
 .../base/admin/resources/partials/user-detail.html |  2 +-
 .../partials/user-federated-identity.html          |  2 +-
 .../admin/resources/partials/user-federation.html  |  2 +-
 .../base/admin/resources/partials/user-list.html   |  2 +-
 .../admin/resources/partials/user-sessions.html    |  2 +-
 57 files changed, 78 insertions(+), 78 deletions(-)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/brute-force.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/brute-force.html
index ebaa6b4a89..cd1c7546bf 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/brute-force.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/brute-force.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Settings</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Settings</h1>
 
     <kc-tabs-realm></kc-tabs-realm>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-clustering.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-clustering.html
index c805ccbea8..71e08501bf 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-clustering.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-clustering.html
@@ -5,7 +5,7 @@
         <li>{{client.clientId}}</li>
     </ol>
 
-    <h1><strong>Client</strong> {{client.clientId|capitalize}}</h1>
+    <h1>{{client.clientId|capitalize}}</h1>
 
     <kc-tabs-client></kc-tabs-client>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials.html
index cc6daae8da..efdc15d4ab 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-credentials.html
@@ -5,7 +5,7 @@
         <li>{{client.clientId}}</li>
     </ol>
 
-    <h1><strong>Client</strong> {{client.clientId|capitalize}}</h1>
+    <h1>{{client.clientId|capitalize}}</h1>
 
     <kc-tabs-client></kc-tabs-client>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html
index f3b4739272..e7e40962a7 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-detail.html
@@ -6,8 +6,8 @@
         <li data-ng-hide="create">{{client.clientId}}</li>
     </ol>
 
-    <h1 data-ng-show="create"><strong>Add Client</strong></h1>
-    <h1 data-ng-hide="create"><strong>Client</strong> {{client.clientId|capitalize}}</h1>
+    <h1 data-ng-show="create">Add Client</h1>
+    <h1 data-ng-hide="create">{{client.clientId|capitalize}}</h1>
 
     <kc-tabs-client></kc-tabs-client>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-import.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-import.html
index bba026b6ec..50cfc0ea76 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-import.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-import.html
@@ -5,7 +5,7 @@
         <li>Import Client</li>
     </ol>
 
-    <h1><strong>Import Client</strong></h1>
+    <h1>Import Client</h1>
 
     <form class="form-horizontal" name="realmForm" novalidate>
         <fieldset class="border-top">
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-installation.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-installation.html
index e6dd11b608..55581c3ce0 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-installation.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-installation.html
@@ -5,7 +5,7 @@
         <li>{{client.clientId}}</li>
     </ol>
 
-    <h1><strong>Client</strong> {{client.clientId|capitalize}}</h1>
+    <h1>{{client.clientId|capitalize}}</h1>
 
     <kc-tabs-client></kc-tabs-client>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-keys.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-keys.html
index e7fead233f..549b0565ff 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-keys.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-keys.html
@@ -5,7 +5,7 @@
         <li>{{client.clientId}}</li>
     </ol>
 
-    <h1><strong>Client</strong> {{client.clientId|capitalize}}</h1>
+    <h1>{{client.clientId|capitalize}}</h1>
 
     <kc-tabs-client></kc-tabs-client>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-list.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-list.html
index 782c782732..36696f769c 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-list.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-list.html
@@ -1,6 +1,6 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
     <h1>
-        <span><strong>Clients</strong> {{realm.realm|capitalize}}</span>
+        <span>Clients</span>
         <kc-tooltip>Clients are trusted browser apps and web services in a realm.  These clients can request a login. You can also define client specific roles.</kc-tooltip>
     </h1>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-mappers-add.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-mappers-add.html
index a7a3b11d1e..c3fda83833 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-mappers-add.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-mappers-add.html
@@ -7,7 +7,7 @@
         <li class="active">Add Builtin Protocol Mappers</li>
     </ol>
 
-    <h1><strong>Add Builtin Protocol Mapper</strong></h1>
+    <h1>Add Builtin Protocol Mapper</h1>
 
     <table class="table table-striped table-bordered">
         <thead>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-mappers.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-mappers.html
index 0f1f27481e..1e418b4de7 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-mappers.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-mappers.html
@@ -5,7 +5,7 @@
         <li>{{client.clientId}}</li>
     </ol>
 
-    <h1><strong>Client</strong> {{client.clientId|capitalize}}</h1>
+    <h1>{{client.clientId|capitalize}}</h1>
 
     <kc-tabs-client></kc-tabs-client>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-revocation.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-revocation.html
index 38ce042096..522f554549 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-revocation.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-revocation.html
@@ -5,7 +5,7 @@
         <li>{{client.clientId}}</li>
     </ol>
 
-    <h1><strong>Client</strong> {{client.clientId|capitalize}}</h1>
+    <h1>{{client.clientId|capitalize}}</h1>
 
     <kc-tabs-client></kc-tabs-client>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-role-detail.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-role-detail.html
index 706c2d3cee..2c267ca122 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-role-detail.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-role-detail.html
@@ -8,8 +8,8 @@
         <li data-ng-hide="create">{{role.name}}</li>
     </ol>
 
-    <h1 data-ng-show="create"><strong>Add Role</strong></h1>
-    <h1 data-ng-hide="create"><strong>Role</strong> {{role.name}}</h1>
+    <h1 data-ng-show="create">Add Role</h1>
+    <h1 data-ng-hide="create">{{role.name|capitalize}}</h1>
 
     <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageClients">
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-role-list.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-role-list.html
index e892d35b18..c9ec943773 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-role-list.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-role-list.html
@@ -5,7 +5,7 @@
         <li>{{client.clientId}}</li>
     </ol>
 
-    <h1><strong>Client</strong> {{client.clientId|capitalize}}</h1>
+    <h1>{{client.clientId|capitalize}}</h1>
 
     <kc-tabs-client></kc-tabs-client>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-saml-key-export.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-saml-key-export.html
index 7d0facbe56..70a4c7d048 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-saml-key-export.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-saml-key-export.html
@@ -7,7 +7,7 @@
         <li class="active">SAML {{keyType}} Key Export</li>
     </ol>
 
-    <h1><strong>Export SAML Key</strong> {{client.clientId|capitalize}}</h1>
+    <h1>Export SAML Key {{client.clientId|capitalize}}</h1>
 
     <form class="form-horizontal" name="keyForm" novalidate kc-read-only="!access.manageRealm">
         <fieldset class="form-group col-sm-10">
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-saml-key-import.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-saml-key-import.html
index 76ee50d12c..8ea421b864 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-saml-key-import.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-saml-key-import.html
@@ -7,7 +7,7 @@
         <li class="active">SAML {{keyType}} Key Import</li>
     </ol>
 
-    <h1><strong>Import SAML Key</strong> {{client.clientId|capitalize}}</h1>
+    <h1>Import SAML Key {{client.clientId|capitalize}}</h1>
 
     <form class="form-horizontal" name="keyForm" novalidate kc-read-only="!access.manageRealm">
         <fieldset>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-saml-keys.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-saml-keys.html
index 5f0f1ef7fe..74eb8401d4 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-saml-keys.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-saml-keys.html
@@ -5,7 +5,7 @@
         <li>{{client.clientId}}</li>
     </ol>
 
-    <h1><strong>Client</strong> {{client.clientId|capitalize}}</h1>
+    <h1>{{client.clientId|capitalize}}</h1>
 
     <kc-tabs-client></kc-tabs-client>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-scope-mappings.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-scope-mappings.html
index 5340685558..79eccd5aa8 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-scope-mappings.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-scope-mappings.html
@@ -5,7 +5,7 @@
         <li>{{client.clientId}}</li>
     </ol>
 
-    <h1><strong>Client</strong> {{client.clientId|capitalize}}</h1>
+    <h1>{{client.clientId|capitalize}}</h1>
 
     <kc-tabs-client></kc-tabs-client>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-sessions.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-sessions.html
index f93670351a..838b166d55 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-sessions.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/client-sessions.html
@@ -5,7 +5,7 @@
         <li>{{client.clientId}}</li>
     </ol>
 
-    <h1><strong>Client</strong> {{client.clientId|capitalize}}</h1>
+    <h1>{{client.clientId|capitalize}}</h1>
 
     <kc-tabs-client></kc-tabs-client>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/defense-headers.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/defense-headers.html
index f7cda2793a..ca8511c208 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/defense-headers.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/defense-headers.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Settings</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Settings</h1>
 
     <kc-tabs-realm></kc-tabs-realm>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-generic.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-generic.html
index f0d8774f43..bff634aeb1 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-generic.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-generic.html
@@ -5,8 +5,8 @@
         <li data-ng-show="create">Add User Federation Provider</li>
     </ol>
 
-    <h1 data-ng-hide="create"><strong>{{instance.providerName|capitalize}} User Federation Provider</strong> {{instance.displayName|capitalize}}</h1>
-    <h1 data-ng-show="create"><strong>Add {{instance.providerName|capitalize}} User Federation Provider</strong></h1>
+    <h1 data-ng-hide="create">{{instance.providerName|capitalize}}</h1>
+    <h1 data-ng-show="create">Add {{instance.providerName|capitalize}} User Federation Provide</h1>
 
     <ul class="nav nav-tabs" data-ng-hide="create">
         <li class="active"><a href="#/realms/{{realm.realm}}/user-federation/providers/{{instance.providerName}}/{{instance.id}}">Settings</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-kerberos.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-kerberos.html
index b2f4701793..34510fff8a 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-kerberos.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-kerberos.html
@@ -5,8 +5,8 @@
         <li data-ng-show="create">Add User Federation Provider</li>
     </ol>
 
-    <h1 data-ng-hide="create"><strong>Kerberos User Federation Provider</strong> {{instance.displayName|capitalize}}</h1>
-    <h1 data-ng-show="create"><strong>Add Kerberos User Federation Provider</strong></h1>
+    <h1 data-ng-hide="create">Kerberos</h1>
+    <h1 data-ng-show="create">Add Kerberos User Federation Provider</h1>
 
     <ul class="nav nav-tabs" data-ng-hide="create">
         <li class="active"><a href="#/realms/{{realm.realm}}/user-federation/providers/{{instance.providerName}}/{{instance.id}}">Settings</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html
index a3710c80d1..5c8bf46bd0 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-ldap.html
@@ -5,8 +5,8 @@
         <li data-ng-show="create">Add User Federation Provider</li>
     </ol>
 
-    <h1 data-ng-hide="create"><strong>LDAP User Federation Provider</strong> {{instance.displayName|capitalize}}</h1>
-    <h1 data-ng-show="create"><strong>Add LDAP User Federation Provider</strong></h1>
+    <h1 data-ng-hide="create">LDAP</h1>
+    <h1 data-ng-show="create">Add LDAP User Federation Provider</h1>
 
     <ul class="nav nav-tabs" data-ng-hide="create">
         <li class="active"><a href="#/realms/{{realm.realm}}/user-federation/providers/{{instance.providerName}}/{{instance.id}}">Settings</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mapper-detail.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mapper-detail.html
index f06d032257..d57d6ea758 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mapper-detail.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mapper-detail.html
@@ -7,8 +7,8 @@
         <li class="active" data-ng-hide="create">{{mapper.name}}</li>
     </ol>
 
-    <h1 data-ng-hide="create"><strong>User Federation Mapper</strong> {{mapper.name}}</h1>
-    <h1 data-ng-show="create"><strong>Add User Federation Mapper</strong></h1>
+    <h1 data-ng-hide="create">{{mapper.name|capitalize}}</h1>
+    <h1 data-ng-show="create">Add User Federation Mapper</h1>
 
     <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
         <fieldset>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mappers.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mappers.html
index d650100b44..2401b47b9b 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mappers.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/federated-mappers.html
@@ -5,7 +5,7 @@
         <li>User Federation Mappers</li>
     </ol>
 
-    <h1><strong>{{provider.providerName === 'ldap' ? 'LDAP' : (provider.providerName|capitalize)}} User Federation Provider</strong> {{provider.displayName|capitalize}}</h1>
+    <h1>{{provider.providerName === 'ldap' ? 'LDAP' : (provider.providerName|capitalize)}}</h1>
 
     <ul class="nav nav-tabs" data-ng-hide="create">
         <li><a href="#/realms/{{realm.realm}}/user-federation/providers/{{provider.providerName}}/{{provider.id}}">Settings</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mapper-detail.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mapper-detail.html
index e9eef495f8..14bdd02f61 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mapper-detail.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mapper-detail.html
@@ -4,11 +4,11 @@
         <li><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}">{{identityProvider.alias}}</a></li>
         <li><a href="#/realms/{{realm.realm}}/identity-provider-mappers/{{identityProvider.alias}}/mappers">Identity Provider Mappers</a></li>
         <li class="active" data-ng-show="create">Create IdentityProvider Mapper</li>
-        <li class="active" data-ng-hide="create">{{mapper.name}}</li>
+        <li class="active" data-ng-hide="create">{{mapper.name|capitalize}}</li>
     </ol>
 
-    <h1 data-ng-hide="create"><strong>Identity Provider Mapper</strong> {{mapper.name}}</h1>
-    <h1 data-ng-show="create"><strong>Add Identity Provider Mapper</strong></h1>
+    <h1 data-ng-hide="create">{{mapper.name|capitalize}}</h1>
+    <h1 data-ng-show="create">Add Identity Provider Mapper</h1>
 
     <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
         <fieldset>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mappers.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mappers.html
index e1012efece..20339e11f2 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mappers.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/identity-provider-mappers.html
@@ -4,7 +4,7 @@
         <li>{{identityProvider.alias}}</li>
     </ol>
 
-    <h1><strong>Identity Provider</strong> {{identityProvider.alias|capitalize}}</h1>
+    <h1>{{identityProvider.alias|capitalize}}</h1>
 
     <ul class="nav nav-tabs" data-ng-hide="newIdentityProvider">
         <li><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}">Settings</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/protocol-mapper-detail.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/protocol-mapper-detail.html
index 4c519dcf6f..3877ff7d9b 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/protocol-mapper-detail.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/protocol-mapper-detail.html
@@ -8,8 +8,8 @@
         <li class="active" data-ng-hide="create">{{mapper.name}}</li>
     </ol>
 
-    <h1 data-ng-show="create"><strong>Create Protocol Mapper</strong></h1>
-    <h1 data-ng-hide="create"><strong>Protocol Mapper</strong> {{mapper.name}}</h1>
+    <h1 data-ng-show="create">Create Protocol Mapper</h1>
+    <h1 data-ng-hide="create">{{mapper.name|capitalize}}</h1>
 
     <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-cache-settings.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-cache-settings.html
index 78e190b46e..aa829d7235 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-cache-settings.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-cache-settings.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Settings</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Settings</h1>
 
     <kc-tabs-realm></kc-tabs-realm>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-credentials.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-credentials.html
index 9c6c39a476..aca4d4d6d2 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-credentials.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-credentials.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Settings</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Settings</h1>
 
     <kc-tabs-realm></kc-tabs-realm>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-default-roles.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-default-roles.html
index 732aeeacbd..33fec9e9c5 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-default-roles.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-default-roles.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Roles</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Roles</h1>
 
     <ul class="nav nav-tabs">
         <li><a href="#/realms/{{realm.realm}}/roles">Realm Roles</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-detail.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-detail.html
index d966acd34c..67d7534ca1 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-detail.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-detail.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1 data-ng-hide="createRealm"><strong>Settings</strong> {{realm.realm|capitalize}}</h1>
+    <h1 data-ng-hide="createRealm">Settings</h1>
     <h1 data-ng-show="createRealm">Add Realm</h1>
 
     <kc-tabs-realm></kc-tabs-realm>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html
index cb32dc4d3e..57996c8dd9 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-admin.html
@@ -1,6 +1,6 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
     <h1>
-        <span><strong>Admin Events</strong> {{realm.realm|capitalize}}</span>
+        <span>Admin Events</span>
         <kc-tooltip>Displays saved admin events for the realm. Events are related to admin account, for example a realm creation. To enable persisted events go to config.</kc-tooltip>
     </h1>
     
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-config.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-config.html
index 11c2f0074d..06cd18a01f 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-config.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events-config.html
@@ -1,6 +1,6 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
     <h1>
-        <span><strong>Events Config</strong> {{realm.realm|capitalize}}</span>
+        <span>Events Config</span>
         <kc-tooltip>Displays configuration options to enable persistence of user and admin events.</kc-tooltip>
     </h1>
 
@@ -10,7 +10,7 @@
         <li data-ng-class="(path[2] == 'events-settings') && 'active'"><a href="#/realms/{{realm.realm}}/events-settings">Config</a></li>
     </ul>
     <div id="content">
-        <h2><span>{{realm.realm}}</span> Events Config</h2>
+        <h2>Events Config</h2>
 
         <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageEvents">
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html
index 2540603894..406f312e8f 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-events.html
@@ -1,6 +1,6 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
     <h1>
-        <span><strong>Events</strong> {{realm.realm|capitalize}}</span>
+        <span>Events</span>
         <kc-tooltip>Displays saved events for the realm. Events are related to user accounts, for example a user login. To enable persisted events go to config.</kc-tooltip>
     </h1>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-export.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-export.html
index 3ddb6123a6..37302a288a 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-export.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-export.html
@@ -4,8 +4,8 @@
         <li>{{identityProvider.alias}}</li>
     </ol>
 
-    <h1 data-ng-hide="create"><strong>Identity Provider</strong> {{identityProvider.alias|capitalize}}</h1>
-    <h1 data-ng-show="create"><strong>Add OpenID Connect Identity Provider</strong></h1>
+    <h1 data-ng-hide="create">{{identityProvider.alias|capitalize}}</h1>
+    <h1 data-ng-show="create">Add OpenID Connect Identity Provider</h1>
 
     <ul class="nav nav-tabs" data-ng-hide="newIdentityProvider">
         <li><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}">Settings</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html
index d2a267bfad..9d3eec2099 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html
@@ -4,8 +4,8 @@
         <li>{{identityProvider.alias}}</li>
     </ol>
 
-    <h1 data-ng-hide="create"><strong>Identity Provider</strong> {{identityProvider.alias|capitalize}}</h1>
-    <h1 data-ng-show="create"><strong>Add OpenID Connect Identity Provider</strong></h1>
+    <h1 data-ng-hide="create">{{identityProvider.alias|capitalize}}</h1>
+    <h1 data-ng-show="create">Add OpenID Connect Identity Provider</h1>
 
     <ul class="nav nav-tabs" data-ng-hide="newIdentityProvider">
         <li class="active"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}">Settings</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html
index d2aaf4e137..21000f75d5 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html
@@ -4,8 +4,8 @@
         <li>{{identityProvider.alias}}</li>
     </ol>
 
-    <h1 data-ng-hide="create"><strong>Identity Provider</strong> {{identityProvider.alias|capitalize}}</h1>
-    <h1 data-ng-show="create"><strong>Add SAML Identity Provider</strong></h1>
+    <h1 data-ng-hide="create">{{identityProvider.alias|capitalize}}</h1>
+    <h1 data-ng-show="create">Add SAML Identity Provider</h1>
 
     <ul class="nav nav-tabs" data-ng-hide="newIdentityProvider">
         <li class="active"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}">Settings</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html
index 623bcf0432..bf48cf7def 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html
@@ -4,8 +4,8 @@
         <li>{{identityProvider.alias}}</li>
     </ol>
 
-    <h1 data-ng-hide="create"><strong>Identity Provider</strong> {{identityProvider.alias|capitalize}}</h1>
-    <h1 data-ng-show="create"><strong>Add Social Identity Provider</strong></h1>
+    <h1 data-ng-hide="create">{{identityProvider.alias|capitalize}}</h1>
+    <h1 data-ng-show="create">Add Social Identity Provider</h1>
 
     <ul class="nav nav-tabs" data-ng-hide="newIdentityProvider">
         <li class="active"><a href="#/realms/{{realm.realm}}/identity-provider-settings/provider/{{identityProvider.providerId}}/{{identityProvider.alias}}">Settings</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-stackoverflow-ext.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-stackoverflow-ext.html
index fe676a45ff..af49b3b862 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-stackoverflow-ext.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-stackoverflow-ext.html
@@ -1,7 +1,7 @@
-                    <div class="form-group clearfix">
-                        <label class="col-md-2 control-label" for="clientId">Key <span class="required">*</span></label>
-                        <div class="col-md-6">
-                            <input class="form-control" id="clientId" type="text" ng-model="identityProvider.config.key" required>
-                        </div>
-                        <kc-tooltip>The Key obtained from Stack Overflow client registration.</kc-tooltip>
-                    </div>
+<div class="form-group clearfix">
+	<label class="col-md-2 control-label" for="clientId">Key <span class="required">*</span></label>
+	<div class="col-md-6">
+		<input class="form-control" id="clientId" type="text" ng-model="identityProvider.config.key" required>
+	</div>
+	<kc-tooltip>The Key obtained from Stack Overflow client registration.</kc-tooltip>
+</div>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html
index 9a2a28f74c..3d82adc989 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Identity Providers</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Identity Providers</h1>
 
     <form name="realmForm" novalidate class="form-horizontal">
         <fieldset>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-keys.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-keys.html
index ddaf0698b3..c89adf9afe 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-keys.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-keys.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Settings</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Settings</h1>
 
     <kc-tabs-realm></kc-tabs-realm>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-login-settings.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-login-settings.html
index 34679aefe4..024e0c10df 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-login-settings.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-login-settings.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Settings</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Settings</h1>
 
     <kc-tabs-realm></kc-tabs-realm>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-smtp.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-smtp.html
index eb2759bbe2..30ad48d51f 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-smtp.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-smtp.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Settings</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Settings</h1>
 
     <kc-tabs-realm></kc-tabs-realm>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-theme-settings.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-theme-settings.html
index f4b72344aa..5c51bba826 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-theme-settings.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-theme-settings.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Settings</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Settings</h1>
 
     <kc-tabs-realm></kc-tabs-realm>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-tokens.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-tokens.html
index 6fd68b7ac2..c23fa66e25 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-tokens.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-tokens.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Settings</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Settings</h1>
 
     <kc-tabs-realm></kc-tabs-realm>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-detail.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-detail.html
index aa21bd8b28..6c80c970ad 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-detail.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-detail.html
@@ -6,8 +6,8 @@
         <li data-ng-show="create">Add Role</li>
     </ol>
 
-    <h1 data-ng-hide="create"><strong>Role</strong> {{role.name}}</h1>
-    <h1 data-ng-show="create"><strong>Add Role</strong></h1>
+    <h1 data-ng-hide="create">{{role.name|capitalize}}</h1>
+    <h1 data-ng-show="create">Add Role</h1>
 
     <form class="form-horizontal clearfix" name="realmForm" novalidate kc-read-only="!access.manageRealm">
         <fieldset>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-list.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-list.html
index 010b29eb72..0c44d31856 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-list.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-list.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Roles</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Roles</h1>
 
     <ul class="nav nav-tabs">
         <li class="active"><a href="#/realms/{{realm.realm}}/roles">Realm Roles</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-mappings.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-mappings.html
index 0bdc22e818..94bf8996ea 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-mappings.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/role-mappings.html
@@ -4,7 +4,7 @@
         <li>{{user.username}}</li>
     </ol>
 
-    <h1><strong>User</strong> {{user.username|capitalize}}</h1>
+    <h1>{{user.username|capitalize}}</h1>
 
     <kc-tabs-user></kc-tabs-user>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/session-realm.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/session-realm.html
index 58085d59a3..8b62f1a859 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/session-realm.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/session-realm.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Sessions</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Sessions</h1>
 
     <ul class="nav nav-tabs">
         <li class="active"><a href="#/realms/{{realm.realm}}/sessions/realm">Realm Sessions</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/session-revocation.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/session-revocation.html
index 9743018cb8..d16b22fe22 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/session-revocation.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/session-revocation.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Sessions</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Sessions</h1>
 
     <ul class="nav nav-tabs">
         <li><a href="#/realms/{{realm.realm}}/sessions/realm">Realm Sessions</a></li>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-consents.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-consents.html
index 5b9a7a805c..a22d0aa12c 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-consents.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-consents.html
@@ -4,7 +4,7 @@
         <li>{{user.username}}</li>
     </ol>
 
-    <h1><strong>User</strong> {{user.username|capitalize}}</h1>
+    <h1>{{user.username|capitalize}}</h1>
 
     <kc-tabs-user></kc-tabs-user>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-credentials.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-credentials.html
index a564144f81..7c12f48278 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-credentials.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-credentials.html
@@ -4,7 +4,7 @@
         <li>{{user.username}}</li>
     </ol>
 
-    <h1><strong>User</strong> {{user.username|capitalize}}</h1>
+    <h1>{{user.username|capitalize}}</h1>
 
     <kc-tabs-user></kc-tabs-user>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-detail.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-detail.html
index 1dcadd4f1b..09a3fc4f02 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-detail.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-detail.html
@@ -5,7 +5,7 @@
         <li data-ng-show="create">Add User</li>
     </ol>
 
-    <h1 data-ng-hide="create"><strong>User</strong> {{user.username|capitalize}}</h1>
+    <h1 data-ng-hide="create">{{user.username|capitalize}}</h1>
     <h1 data-ng-show="create">Add User</h1>
 
     <kc-tabs-user></kc-tabs-user>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-federated-identity.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-federated-identity.html
index 0a22aeb70b..14d8d67d89 100644
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-federated-identity.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-federated-identity.html
@@ -4,7 +4,7 @@
         <li>{{user.username}}</li>
     </ol>
 
-    <h1><strong>User</strong> {{user.username|capitalize}}</h1>
+    <h1>{{user.username|capitalize}}</h1>
 
     <kc-tabs-user></kc-tabs-user>
 
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-federation.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-federation.html
index 63c89c0111..2162127364 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-federation.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-federation.html
@@ -1,6 +1,6 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
     <h1>
-        <span><strong>User Federation</strong> {{realm.realm|capitalize}}</span>
+        <span>User Federation</span>
     </h1>
 
     <table class="table table-striped table-bordered">
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-list.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-list.html
index 4498988665..9a042e39a3 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-list.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-list.html
@@ -1,5 +1,5 @@
 <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
-    <h1><strong>Users</strong> {{realm.realm|capitalize}}</h1>
+    <h1>Users</h1>
 
     <table class="table table-striped table-bordered">
         <caption data-ng-show="users" class="hidden">Table of realm users</caption>
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-sessions.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-sessions.html
index ee472355a1..762dda9243 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-sessions.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/user-sessions.html
@@ -4,7 +4,7 @@
         <li>{{user.username}}</li>
     </ol>
 
-    <h1><strong>User</strong> {{user.username|capitalize}}</h1>
+    <h1>{{user.username|capitalize}}</h1>
 
     <kc-tabs-user></kc-tabs-user>
 

From abfec234040463afbbcd7c2c6d0427910ac908d0 Mon Sep 17 00:00:00 2001
From: Scott Rossillo <srossillo@smartling.com>
Date: Wed, 10 Jun 2015 12:21:43 -0400
Subject: [PATCH 28/53] Fix Spring Security adapter logout handling

Stops KeycloakLogoutHandler from throwing an exception if the
authentication is not of type KeycloakAuthenticationToken.

Fixes KEYCLOAK-1438.
---
 .../authentication/KeycloakLogoutHandler.java | 27 ++----
 .../KeycloakLogoutHandlerTest.java            | 96 +++++++++++++++++++
 2 files changed, 102 insertions(+), 21 deletions(-)
 create mode 100644 integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java

diff --git a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java
index 6a64765dd6..d843aa7d41 100644
--- a/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java
+++ b/integration/spring-security/src/main/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandler.java
@@ -6,15 +6,12 @@ import org.keycloak.adapters.springsecurity.AdapterDeploymentContextBean;
 import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
 import org.springframework.util.Assert;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
 
 /**
  * Logs the current user out of Keycloak.
@@ -36,29 +33,17 @@ public class KeycloakLogoutHandler implements LogoutHandler {
     @Override
     public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
 
-        if (authentication instanceof AnonymousAuthenticationToken) {
-            log.warn("Attempt to log out an anonymous authentication");
+        if (!KeycloakAuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
+            log.warn("Cannot log out a non-Keycloak authentication: {}", authentication);
             return;
         }
 
-        try {
-            handleSingleSignOut(request, response);
-        } catch (IOException e) {
-            throw new IllegalStateException("Unable to make logout admin request!", e);
-        }
-
+        handleSingleSignOut(request, response, (KeycloakAuthenticationToken) authentication);
     }
 
-    protected void handleSingleSignOut(HttpServletRequest request, HttpServletResponse response) throws IOException {
-
-        KeycloakAuthenticationToken authentication = (KeycloakAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
+    protected void handleSingleSignOut(HttpServletRequest request, HttpServletResponse response, KeycloakAuthenticationToken authenticationToken) {
         KeycloakDeployment deployment = deploymentContextBean.getDeployment();
-        RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) authentication.getAccount().getKeycloakSecurityContext();
-
-        try {
-            session.logout(deployment);
-        } catch (Exception e) {
-            log.error("Unable to complete Keycloak single sign out", e);
-        }
+        RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) authenticationToken.getAccount().getKeycloakSecurityContext();
+        session.logout(deployment);
     }
 }
diff --git a/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java b/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java
new file mode 100644
index 0000000000..2ee32af85e
--- /dev/null
+++ b/integration/spring-security/src/test/java/org/keycloak/adapters/springsecurity/authentication/KeycloakLogoutHandlerTest.java
@@ -0,0 +1,96 @@
+package org.keycloak.adapters.springsecurity.authentication;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.keycloak.adapters.KeycloakAccount;
+import org.keycloak.adapters.KeycloakDeployment;
+import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
+import org.keycloak.adapters.springsecurity.AdapterDeploymentContextBean;
+import org.keycloak.adapters.springsecurity.account.KeycloakRole;
+import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.authentication.RememberMeAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.UUID;
+
+import static org.mockito.Mockito.*;
+
+/**
+ * Keycloak logout handler tests.
+ */
+public class KeycloakLogoutHandlerTest {
+
+    private KeycloakAuthenticationToken keycloakAuthenticationToken;
+    private KeycloakLogoutHandler keycloakLogoutHandler;
+
+    private MockHttpServletRequest request;
+    private MockHttpServletResponse response;
+
+    @Mock
+    private AdapterDeploymentContextBean adapterDeploymentContextBean;
+
+    @Mock
+    private KeycloakAccount keycloakAccount;
+
+    @Mock
+    private KeycloakDeployment keycloakDeployment;
+
+    @Mock
+    private RefreshableKeycloakSecurityContext session;
+
+    private Collection<KeycloakRole> authorities = Collections.singleton(new KeycloakRole(UUID.randomUUID().toString()));
+
+    @Before
+    public void setUp() throws Exception {
+        MockitoAnnotations.initMocks(this);
+        keycloakAuthenticationToken = mock(KeycloakAuthenticationToken.class);
+        keycloakLogoutHandler = new KeycloakLogoutHandler(adapterDeploymentContextBean);
+        request = new MockHttpServletRequest();
+        response = new MockHttpServletResponse();
+
+        when(adapterDeploymentContextBean.getDeployment()).thenReturn(keycloakDeployment);
+        when(keycloakAuthenticationToken.getAccount()).thenReturn(keycloakAccount);
+        when(keycloakAccount.getKeycloakSecurityContext()).thenReturn(session);
+    }
+
+    @Test
+    public void testLogout() throws Exception {
+        keycloakLogoutHandler.logout(request, response, keycloakAuthenticationToken);
+        verify(session).logout(eq(keycloakDeployment));
+    }
+
+    @Test
+    public void testLogoutAnonymousAuthentication() throws Exception {
+        Authentication authentication = new AnonymousAuthenticationToken(UUID.randomUUID().toString(), UUID.randomUUID().toString(), authorities);
+        keycloakLogoutHandler.logout(request, response, authentication);
+        verifyZeroInteractions(session);
+    }
+
+    @Test
+    public void testLogoutUsernamePasswordAuthentication() throws Exception {
+        Authentication authentication = new UsernamePasswordAuthenticationToken(UUID.randomUUID().toString(), UUID.randomUUID().toString(), authorities);
+        keycloakLogoutHandler.logout(request, response, authentication);
+        verifyZeroInteractions(session);
+    }
+
+    @Test
+    public void testLogoutRememberMeAuthentication() throws Exception {
+        Authentication authentication = new RememberMeAuthenticationToken(UUID.randomUUID().toString(), UUID.randomUUID().toString(), authorities);
+        keycloakLogoutHandler.logout(request, response, authentication);
+        verifyZeroInteractions(session);
+    }
+
+    @Test
+    public void testHandleSingleSignOut() throws Exception {
+        keycloakLogoutHandler.handleSingleSignOut(request, response, keycloakAuthenticationToken);
+        verify(session).logout(eq(keycloakDeployment));
+    }
+}

From 03b521926a444336b78aab7fb4c4db492416b110 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Wed, 10 Jun 2015 17:00:56 +0200
Subject: [PATCH 29/53] KEYCLOAK-1260 Fix saml backchannel logout with JPA
 UserSession provider on MySQL + PostgreSQL

---
 .../java/org/keycloak/protocol/saml/SamlService.java | 12 +++++++++++-
 .../SAMLKeyCloakServerBrokerWithSignatureTest.java   |  5 +++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
index 09b033b9d7..40ea8fdadb 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
@@ -374,11 +374,21 @@ public class SamlService {
                 for (String sessionIndex : logoutRequest.getSessionIndex()) {
                     ClientSessionModel clientSession = session.sessions().getClientSession(realm, sessionIndex);
                     if (clientSession == null) continue;
+                    UserSessionModel userSession = clientSession.getUserSession();
                     if (clientSession.getClient().getClientId().equals(client.getClientId())) {
                         // remove requesting client from logout
                         clientSession.setAction(ClientSessionModel.Action.LOGGED_OUT);
+
+                        // Remove also other clientSessions of this client as there could be more in this UserSession
+                        if (userSession != null) {
+                            for (ClientSessionModel clientSession2 : userSession.getClientSessions()) {
+                                if (clientSession2.getClient().getId().equals(client.getId())) {
+                                    clientSession2.setAction(ClientSessionModel.Action.LOGGED_OUT);
+                                }
+                            }
+                        }
                     }
-                    UserSessionModel userSession = clientSession.getUserSession();
+
                     try {
                         authManager.backchannelLogout(session, realm, userSession, uriInfo, clientConnection, headers, true);
                     } catch (Exception e) {
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
index 34c10d5e3f..b94f4df193 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
@@ -45,6 +45,11 @@ public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityP
         }
     };
 
+    // @Test
+    public void testSleep() throws Exception {
+        Thread.sleep(100000000);
+    }
+
     @Override
     protected String getProviderId() {
         return "kc-saml-signed-idp";

From 0e1a059d8d796e6c958158ba99a7abbfba422d71 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Thu, 11 Jun 2015 08:15:25 +0200
Subject: [PATCH 30/53] KEYCLOAK-1439 Admin Console is not loaded when Keycloak
 is installed as root context

---
 .../common-themes/src/main/resources/theme/base/admin/index.ftl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/index.ftl b/forms/common-themes/src/main/resources/theme/base/admin/index.ftl
index 2cfe1289d3..60edadf79c 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/index.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/admin/index.ftl
@@ -27,7 +27,7 @@
     <script src="${resourceUrl}/lib/fileupload/angular-file-upload.min.js"></script>
     <script src="${resourceUrl}/lib/filesaver/FileSaver.js"></script>
 
-    <script src="/auth/js/${resourceVersion}/keycloak.js" type="text/javascript"></script>
+    <script src="${authUrl}/js/${resourceVersion}/keycloak.js" type="text/javascript"></script>
 
     <script src="${resourceUrl}/js/app.js" type="text/javascript"></script>
     <script src="${resourceUrl}/js/controllers/realm.js" type="text/javascript"></script>

From d3e178d459f92a2bcf9575a0ac88c8fb26663613 Mon Sep 17 00:00:00 2001
From: Matthias Wessendorf <matzew@apache.org>
Date: Thu, 11 Jun 2015 08:52:53 +0200
Subject: [PATCH 31/53] Applying suggested import change from mstruk :lipstick:

---
 .../keycloak/services/resources/admin/RealmAdminResource.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
index c94fa6ec7c..45fb45e216 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@@ -2,6 +2,7 @@ package org.keycloak.services.resources.admin;
 
 import org.jboss.logging.Logger;
 import org.jboss.resteasy.annotations.cache.NoCache;
+import org.jboss.resteasy.spi.BadRequestException;
 import org.jboss.resteasy.spi.NotFoundException;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
 import org.keycloak.ClientConnection;
@@ -35,7 +36,6 @@ import org.keycloak.services.managers.UsersSyncManager;
 import org.keycloak.services.ErrorResponse;
 import org.keycloak.timer.TimerProvider;
 
-import javax.ws.rs.BadRequestException;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;

From 92e17f4b40366132fb78bd3d117279c6d650fbb4 Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Thu, 11 Jun 2015 00:00:24 +0200
Subject: [PATCH 32/53] KEYCLOAK-1412 Server-overlay for EAP 6.4  - Added
 as7-server-subsystem  - Added eap6-server-overlay  - Moved modules to
 eap6-server-modules  - Renamed wildfly-server-subsystem to
 wf9-server-subsystem for consistency

---
 .../as7-eap6-adapter/as7-modules/pom.xml      |   1 -
 distribution/demo-dist/pom.xml                |   4 +-
 .../feature-packs/server-feature-pack/pom.xml |   9 +-
 .../keycloak-server-subsystem/main/module.xml |  16 +-
 .../main/module.xml                           |  52 +++
 distribution/pom.xml                          |   1 -
 .../eap6/eap6-server-modules}/assembly.xml    |  44 +--
 .../eap6/eap6-server-modules}/build.xml       |  12 +-
 .../eap6/eap6-server-modules}/lib.xml         |   0
 .../eap6/eap6-server-modules}/pom.xml         | 313 +++++++++---------
 .../com/google/zxing/core/main/module.xml     |  26 +-
 .../com/google/zxing/javase/main/module.xml   |  28 +-
 .../modules/de/idyl/winzipaes/main/module.xml |  26 +-
 .../modules/javax/ws/rs/api/2.0/module.xml    |  12 +
 .../net/iharder/base64/main/module.xml        |  26 +-
 .../modules/org/bouncycastle/main/module.xml  |  10 +
 .../modules/org/freemarker/main/module.xml    |  28 +-
 .../keycloak-account-api/main/module.xml      |  36 +-
 .../main/module.xml                           |  48 +--
 .../main/module.xml                           |   2 +-
 .../keycloak-broker-core/main/module.xml      |  34 +-
 .../keycloak-broker-oidc/main/module.xml      |  44 +--
 .../keycloak-broker-saml/main/module.xml      |  38 +--
 .../keycloak-connections-file/main/module.xml |   0
 .../main/module.xml                           |  40 +--
 .../main/module.xml                           |  34 +-
 .../main/module.xml                           |  40 +--
 .../keycloak-connections-jpa/main/module.xml  |  46 +--
 .../main/module.xml                           |   0
 .../main/module.xml                           |  34 +-
 .../keycloak-core-jaxrs/main/module.xml       |  40 +--
 .../keycloak/keycloak-core/main/module.xml    |  42 +--
 .../keycloak-email-api/main/module.xml        |  34 +-
 .../keycloak-email-freemarker/main/module.xml |  48 +--
 .../keycloak-events-api/main/module.xml       |  32 +-
 .../keycloak-events-email/main/module.xml     |  38 +--
 .../main/module.xml                           |  36 +-
 .../keycloak-events-jpa/main/module.xml       |  48 +--
 .../keycloak-events-mongo/main/module.xml     |  44 +--
 .../main/module.xml                           |  48 +--
 .../main/module.xml                           |  50 +--
 .../main/module.xml                           |  50 +--
 .../main/module.xml                           |  52 +--
 .../main/module.xml                           |  36 +-
 .../main/module.xml                           |  38 +--
 .../main/module.xml                           |  38 +--
 .../main/module.xml                           |  40 +--
 .../keycloak-js-adapter/main/module.xml       |  24 +-
 .../main/module.xml                           |   0
 .../keycloak-ldap-federation/main/module.xml  |  38 +--
 .../keycloak-login-api/main/module.xml        |  36 +-
 .../keycloak-login-freemarker/main/module.xml |  52 +--
 .../keycloak-model-api/main/module.xml        |  34 +-
 .../keycloak-model-file/main/module.xml       |   0
 .../keycloak-model-jpa/main/module.xml        |  44 +--
 .../keycloak-model-mongo/main/module.xml      |  38 +--
 .../main/module.xml                           |  36 +-
 .../main/module.xml                           |  40 +--
 .../main/module.xml                           |  32 +-
 .../main/module.xml                           |  36 +-
 .../keycloak-saml-core/main/module.xml        |  38 +--
 .../keycloak-saml-protocol/main/module.xml    |  58 ++--
 .../keycloak-server-subsystem/main/module.xml |  39 +++
 .../keycloak/keycloak-server/main/module.xml  | 122 +++----
 .../keycloak-services/main/module.xml         | 164 ++++-----
 .../keycloak-social-core/main/module.xml      |  40 +--
 .../keycloak-social-facebook/main/module.xml  |  44 +--
 .../keycloak-social-github/main/module.xml    |  44 +--
 .../keycloak-social-google/main/module.xml    |  44 +--
 .../keycloak-social-linkedin/main/module.xml  |  44 +--
 .../main/module.xml                           |  44 +--
 .../keycloak-social-twitter/main/module.xml   |  50 +--
 .../keycloak-timer-api/main/module.xml        |  32 +-
 .../keycloak-timer-basic/main/module.xml      |  34 +-
 .../modules/org/liquibase/main/module.xml     |  28 +-
 .../mongodb/mongo-java-driver/main/module.xml |  26 +-
 .../modules/org/twitter4j/main/module.xml     |  26 +-
 .../modules/sun/jdk/jgss/main/module.xml      |   0
 .../eap6/eap6-server-overlay/assembly.xml     |  45 +++
 .../eap6/eap6-server-overlay/pom.xml          | 128 +++++++
 .../src/main/keycloak-server.json             |  72 ++++
 .../src/main/providers/README.txt             |   2 +
 .../src/main/themes/README.txt                |   3 +
 .../src/main/xslt/standalone.xsl              |  68 ++++
 distribution/server-overlay/eap6/pom.xml      |  21 ++
 distribution/server-overlay/pom.xml           |  99 ++----
 .../{ => wf9-server-overlay}/assembly.xml     | 134 ++++----
 .../server-overlay/wf9-server-overlay/pom.xml |  78 +++++
 .../as7-eap6/as7-server-subsystem/pom.xml     | 104 ++++++
 .../as7/KeycloakAdapterConfigService.java     |  48 +++
 .../server/as7/KeycloakExtension.java         |  75 +++++
 .../KeycloakServerDeploymentProcessor.java    |  53 +++
 .../server/as7/KeycloakSubsystemAdd.java      |  86 +++++
 .../as7/KeycloakSubsystemDefinition.java      |  87 +++++
 .../server/as7/KeycloakSubsystemParser.java   |  82 +++++
 .../as7/KeycloakSubsystemRemoveHandler.java   |  65 ++++
 ...eycloakSubsystemWriteAttributeHandler.java |  71 ++++
 .../subsystem/server/as7/ServerUtil.java      | 163 +++++++++
 .../server/logging/KeycloakLogger.java        |   0
 .../server/logging/KeycloakMessages.java      |   0
 .../org.jboss.as.controller.Extension         |   1 +
 .../server/as7}/LocalDescriptions.properties  |   0
 .../schema/wildfly-keycloak-server_1_1.xsd    |   0
 .../keycloak-datasources.xml                  |   0
 .../subsystem-templates/keycloak-server.xml   |   0
 .../server/extension/keycloak-server-1.1.xml  |   0
 integration/as7-eap6/pom.xml                  |   1 +
 integration/wildfly/pom.xml                   |   2 +-
 .../pom.xml                                   |   4 +-
 .../KeycloakAdapterConfigService.java         |   0
 .../server/extension/KeycloakExtension.java   |   0
 .../KeycloakServerDeploymentProcessor.java    |   0
 .../extension/KeycloakSubsystemAdd.java       |   0
 .../KeycloakSubsystemDefinition.java          |   0
 .../extension/KeycloakSubsystemParser.java    |   0
 .../KeycloakSubsystemRemoveHandler.java       |   0
 ...eycloakSubsystemWriteAttributeHandler.java |   0
 .../server/extension/ServerUtil.java          |   0
 .../server/logging/KeycloakLogger.java        |  39 +++
 .../server/logging/KeycloakMessages.java      |  34 ++
 .../org.jboss.as.controller.Extension         |   0
 .../extension/LocalDescriptions.properties    |   4 +
 .../schema/wildfly-keycloak-server_1_1.xsd    |  25 ++
 .../keycloak-datasources.xml                  |  22 ++
 .../subsystem-templates/keycloak-server.xml   |   8 +
 .../extension/SubsystemParsingTestCase.java   |   0
 .../server/extension/keycloak-server-1.1.xml  |   3 +
 pom.xml                                       |  13 +-
 128 files changed, 3044 insertions(+), 1601 deletions(-)
 create mode 100644 distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-wf9-server-subsystem/main/module.xml
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/assembly.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/build.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/lib.xml (100%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/pom.xml (90%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/com/google/zxing/core/main/module.xml (95%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/com/google/zxing/javase/main/module.xml (95%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/de/idyl/winzipaes/main/module.xml (95%)
 create mode 100644 distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/javax/ws/rs/api/2.0/module.xml
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/net/iharder/base64/main/module.xml (95%)
 create mode 100644 distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/bouncycastle/main/module.xml
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/freemarker/main/module.xml (95%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-account-api/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-account-freemarker/main/module.xml (97%)
 rename distribution/{modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem => server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-as7-server-subsystem}/main/module.xml (98%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-broker-core/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-broker-oidc/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-broker-saml/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-connections-file/main/module.xml (100%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-connections-http-client/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-connections-infinispan/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-connections-jpa-liquibase/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-connections-jpa/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-connections-mongo-update/main/module.xml (100%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-connections-mongo/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-core-jaxrs/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-email-api/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-email-freemarker/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-events-api/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-events-email/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-events-jboss-logging/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-events-jpa/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-events-mongo/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-export-import-api/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-export-import-dir/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-export-import-single-file/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-export-import-zip/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-forms-common-freemarker/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-forms-common-themes/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-infinispan/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-model/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-js-adapter/main/module.xml (95%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-kerberos-federation/main/module.xml (100%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-ldap-federation/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-login-api/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-login-freemarker/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-model-api/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-model-file/main/module.xml (100%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-model-jpa/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-model-mongo/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-model-sessions-infinispan/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-model-sessions-jpa/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mem/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mongo/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml (97%)
 create mode 100755 distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem/main/module.xml
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-server/main/module.xml (98%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml (98%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-social-core/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-social-facebook/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-social-github/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-social-google/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-social-linkedin/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-social-stackoverflow/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-social-twitter/main/module.xml (97%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-timer-api/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/keycloak/keycloak-timer-basic/main/module.xml (96%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/liquibase/main/module.xml (95%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/mongodb/mongo-java-driver/main/module.xml (95%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/org/twitter4j/main/module.xml (95%)
 rename distribution/{modules => server-overlay/eap6/eap6-server-modules}/src/main/resources/modules/sun/jdk/jgss/main/module.xml (100%)
 create mode 100755 distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml
 create mode 100755 distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
 create mode 100644 distribution/server-overlay/eap6/eap6-server-overlay/src/main/keycloak-server.json
 create mode 100644 distribution/server-overlay/eap6/eap6-server-overlay/src/main/providers/README.txt
 create mode 100644 distribution/server-overlay/eap6/eap6-server-overlay/src/main/themes/README.txt
 create mode 100755 distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone.xsl
 create mode 100755 distribution/server-overlay/eap6/pom.xml
 rename distribution/server-overlay/{ => wf9-server-overlay}/assembly.xml (97%)
 create mode 100755 distribution/server-overlay/wf9-server-overlay/pom.xml
 create mode 100755 integration/as7-eap6/as7-server-subsystem/pom.xml
 create mode 100755 integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakAdapterConfigService.java
 create mode 100755 integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakExtension.java
 create mode 100644 integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakServerDeploymentProcessor.java
 create mode 100755 integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemAdd.java
 create mode 100644 integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemDefinition.java
 create mode 100755 integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemParser.java
 create mode 100644 integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemRemoveHandler.java
 create mode 100755 integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemWriteAttributeHandler.java
 create mode 100644 integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/ServerUtil.java
 rename integration/{wildfly/wildfly-server-subsystem => as7-eap6/as7-server-subsystem}/src/main/java/org/keycloak/subsystem/server/logging/KeycloakLogger.java (100%)
 rename integration/{wildfly/wildfly-server-subsystem => as7-eap6/as7-server-subsystem}/src/main/java/org/keycloak/subsystem/server/logging/KeycloakMessages.java (100%)
 create mode 100644 integration/as7-eap6/as7-server-subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension
 rename integration/{wildfly/wildfly-server-subsystem/src/main/resources/org/keycloak/subsystem/server/extension => as7-eap6/as7-server-subsystem/src/main/resources/org/keycloak/subsystem/server/as7}/LocalDescriptions.properties (100%)
 rename integration/{wildfly/wildfly-server-subsystem => as7-eap6/as7-server-subsystem}/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd (100%)
 rename integration/{wildfly/wildfly-server-subsystem => as7-eap6/as7-server-subsystem}/src/main/resources/subsystem-templates/keycloak-datasources.xml (100%)
 rename integration/{wildfly/wildfly-server-subsystem => as7-eap6/as7-server-subsystem}/src/main/resources/subsystem-templates/keycloak-server.xml (100%)
 rename integration/{wildfly/wildfly-server-subsystem => as7-eap6/as7-server-subsystem}/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml (100%)
 rename integration/wildfly/{wildfly-server-subsystem => wf9-server-subsystem}/pom.xml (97%)
 rename integration/wildfly/{wildfly-server-subsystem => wf9-server-subsystem}/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java (100%)
 rename integration/wildfly/{wildfly-server-subsystem => wf9-server-subsystem}/src/main/java/org/keycloak/subsystem/server/extension/KeycloakExtension.java (100%)
 rename integration/wildfly/{wildfly-server-subsystem => wf9-server-subsystem}/src/main/java/org/keycloak/subsystem/server/extension/KeycloakServerDeploymentProcessor.java (100%)
 rename integration/wildfly/{wildfly-server-subsystem => wf9-server-subsystem}/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java (100%)
 rename integration/wildfly/{wildfly-server-subsystem => wf9-server-subsystem}/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemDefinition.java (100%)
 rename integration/wildfly/{wildfly-server-subsystem => wf9-server-subsystem}/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemParser.java (100%)
 rename integration/wildfly/{wildfly-server-subsystem => wf9-server-subsystem}/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemRemoveHandler.java (100%)
 rename integration/wildfly/{wildfly-server-subsystem => wf9-server-subsystem}/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemWriteAttributeHandler.java (100%)
 rename integration/wildfly/{wildfly-server-subsystem => wf9-server-subsystem}/src/main/java/org/keycloak/subsystem/server/extension/ServerUtil.java (100%)
 create mode 100755 integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakLogger.java
 create mode 100755 integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakMessages.java
 rename integration/wildfly/{wildfly-server-subsystem => wf9-server-subsystem}/src/main/resources/META-INF/services/org.jboss.as.controller.Extension (100%)
 create mode 100755 integration/wildfly/wf9-server-subsystem/src/main/resources/org/keycloak/subsystem/server/extension/LocalDescriptions.properties
 create mode 100755 integration/wildfly/wf9-server-subsystem/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd
 create mode 100644 integration/wildfly/wf9-server-subsystem/src/main/resources/subsystem-templates/keycloak-datasources.xml
 create mode 100644 integration/wildfly/wf9-server-subsystem/src/main/resources/subsystem-templates/keycloak-server.xml
 rename integration/wildfly/{wildfly-server-subsystem => wf9-server-subsystem}/src/test/java/org/keycloak/subsystem/server/extension/SubsystemParsingTestCase.java (100%)
 create mode 100644 integration/wildfly/wf9-server-subsystem/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml

diff --git a/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml b/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
index 694fd45a56..a6dafdbbea 100755
--- a/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
@@ -56,7 +56,6 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>${bouncycastle.crypto.version}</version>
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
diff --git a/distribution/demo-dist/pom.xml b/distribution/demo-dist/pom.xml
index e5394f1f84..7f1e17a2cf 100755
--- a/distribution/demo-dist/pom.xml
+++ b/distribution/demo-dist/pom.xml
@@ -16,7 +16,7 @@
     <dependencies>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-server-overlay</artifactId>
+            <artifactId>keycloak-wf9-server-overlay</artifactId>
             <type>zip</type>
         </dependency>
         <dependency>
@@ -77,7 +77,7 @@
                             <artifactItems>
                                 <artifactItem>
                                     <groupId>org.keycloak</groupId>
-                                    <artifactId>keycloak-server-overlay</artifactId>
+                                    <artifactId>keycloak-wf9-server-overlay</artifactId>
                                     <type>zip</type>
                                     <outputDirectory>${project.build.directory}/unpacked/keycloak-server-overlay-${project.version}</outputDirectory>
                                 </artifactItem>
diff --git a/distribution/feature-packs/server-feature-pack/pom.xml b/distribution/feature-packs/server-feature-pack/pom.xml
index 9925f5f337..2ea0d5ec86 100644
--- a/distribution/feature-packs/server-feature-pack/pom.xml
+++ b/distribution/feature-packs/server-feature-pack/pom.xml
@@ -34,20 +34,17 @@
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-dependencies-server-all</artifactId>
-            <version>${project.version}</version>
             <type>pom</type>
         </dependency>
         <dependency>
             <groupId>org.keycloak.subsystem</groupId>
             <artifactId>keycloak-server</artifactId>
-            <version>${project.version}</version>
             <type>war</type>
         </dependency>   
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-server-subsystem</artifactId>
-            <version>${project.version}</version>
-        </dependency>      
+            <artifactId>keycloak-wf9-server-subsystem</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.wildfly</groupId>
             <artifactId>wildfly-feature-pack</artifactId>
@@ -57,7 +54,6 @@
             <groupId>org.keycloak.subsystem</groupId>
             <artifactId>keycloak-server</artifactId>
             <type>war</type>
-            <version>${project.version}</version>
         </dependency>
     </dependencies>
 
@@ -123,7 +119,6 @@
                                 <artifactItem>
                                     <groupId>org.keycloak.subsystem</groupId>
                                     <artifactId>keycloak-server</artifactId>
-                                    <version>${project.version}</version>
                                     <type>war</type>
                                     <overWrite>true</overWrite>
                                     <outputDirectory>${project.build.directory}/${project.build.finalName}/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/server-war</outputDirectory>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/module.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/module.xml
index 0d0c336440..646c6d6b40 100644
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/module.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/module.xml
@@ -30,23 +30,9 @@
 
     <resources>
         <resource-root path="."/>
-        <artifact name="${org.keycloak:keycloak-wildfly-server-subsystem}"/>
     </resources>
 
     <dependencies>
-        <module name="javax.api"/>
-        <module name="org.jboss.staxmapper"/>
-        <module name="org.jboss.as.controller"/>
-        <module name="org.jboss.as.ee"/>
-        <module name="org.jboss.as.server"/>
-        <module name="org.jboss.modules"/>
-        <module name="org.jboss.msc"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.jboss.vfs"/>
-        <module name="org.jboss.as.web-common" optional="true"/>
-        <module name="org.jboss.as.web" optional="true"/>
-        <module name="org.jboss.as.version" optional="true"/>
-        <module name="org.keycloak.keycloak-wildfly-adapter" optional="true"/>
-        <module name="org.jboss.metadata"/>
+        <module name="org.keycloak.keycloak-wf9-server-subsystem" services="export" export="true"/>
     </dependencies>
 </module>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-wf9-server-subsystem/main/module.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-wf9-server-subsystem/main/module.xml
new file mode 100644
index 0000000000..61d3858ed7
--- /dev/null
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-wf9-server-subsystem/main/module.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2014, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-wf9-server-subsystem">
+    <properties>
+        <property name="keycloak-version" value="${project.version}"/>
+        <property name="server-war-exploded" value="false"/>
+    </properties>
+
+    <resources>
+        <resource-root path="."/>
+        <artifact name="${org.keycloak:keycloak-wf9-server-subsystem}"/>
+    </resources>
+
+    <dependencies>
+        <module name="javax.api"/>
+        <module name="org.jboss.staxmapper"/>
+        <module name="org.jboss.as.controller"/>
+        <module name="org.jboss.as.ee"/>
+        <module name="org.jboss.as.server"/>
+        <module name="org.jboss.modules"/>
+        <module name="org.jboss.msc"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.jboss.vfs"/>
+        <module name="org.jboss.as.web-common" optional="true"/>
+        <module name="org.jboss.as.web" optional="true"/>
+        <module name="org.jboss.as.version" optional="true"/>
+        <module name="org.keycloak.keycloak-wildfly-adapter" optional="true"/>
+        <module name="org.jboss.metadata"/>
+    </dependencies>
+</module>
diff --git a/distribution/pom.xml b/distribution/pom.xml
index 68f19b540e..d51a4e55e7 100755
--- a/distribution/pom.xml
+++ b/distribution/pom.xml
@@ -31,7 +31,6 @@
         <module>demo-dist</module>
         <module>docs-dist</module>
         <module>examples-dist</module>
-        <module>modules</module>
         <module>proxy-dist</module>
         <module>server-dist</module>
         <module>server-overlay</module>
diff --git a/distribution/modules/assembly.xml b/distribution/server-overlay/eap6/eap6-server-modules/assembly.xml
similarity index 96%
rename from distribution/modules/assembly.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/assembly.xml
index 098b1d8636..4a34435ac4 100755
--- a/distribution/modules/assembly.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/assembly.xml
@@ -1,22 +1,22 @@
-<assembly>
-    <id>dist</id>
-
-    <formats>
-        <format>zip</format>
-    </formats>
-    <includeBaseDirectory>false</includeBaseDirectory>
-
-    <fileSets>
-        <fileSet>
-            <directory>../../</directory>
-            <includes>
-                <include>License.html</include>
-            </includes>
-            <outputDirectory></outputDirectory>
-        </fileSet>
-        <fileSet>
-            <directory>${project.build.directory}/modules</directory>
-            <outputDirectory></outputDirectory>
-        </fileSet>
-    </fileSets>
-</assembly>
+<assembly>
+    <id>dist</id>
+
+    <formats>
+        <format>zip</format>
+    </formats>
+    <includeBaseDirectory>false</includeBaseDirectory>
+
+    <fileSets>
+        <fileSet>
+            <directory>../../</directory>
+            <includes>
+                <include>License.html</include>
+            </includes>
+            <outputDirectory></outputDirectory>
+        </fileSet>
+        <fileSet>
+            <directory>${project.build.directory}/modules</directory>
+            <outputDirectory></outputDirectory>
+        </fileSet>
+    </fileSets>
+</assembly>
diff --git a/distribution/modules/build.xml b/distribution/server-overlay/eap6/eap6-server-modules/build.xml
similarity index 97%
rename from distribution/modules/build.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/build.xml
index fb8971d524..bf6a829b42 100755
--- a/distribution/modules/build.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/build.xml
@@ -46,6 +46,11 @@
             <maven-resource group="net.iharder" artifact="base64"/>
         </module-def>
 
+        <module-def name="org.bouncycastle">
+            <maven-resource group="org.bouncycastle" artifact="bcprov-jdk15on"/>
+            <maven-resource group="org.bouncycastle" artifact="bcpkix-jdk15on"/>
+        </module-def>
+
         <module-def name="org.keycloak.keycloak-broker-core">
             <maven-resource group="org.keycloak" artifact="keycloak-broker-core"/>
         </module-def>
@@ -306,9 +311,12 @@
 
         <module-def name="org.keycloak.keycloak-server"></module-def>
 
-        <module-def name="org.keycloak.keycloak-server-subsystem">
-            <maven-resource group="org.keycloak" artifact="keycloak-wildfly-server-subsystem"/>
+        <module-def name="org.keycloak.keycloak-as7-server-subsystem">
+            <maven-resource group="org.keycloak" artifact="keycloak-as7-server-subsystem"/>
         </module-def>
+
+        <module-def name="org.keycloak.keycloak-server-subsystem"/>
+
     </target>
 
     <target name="clean-target">
diff --git a/distribution/modules/lib.xml b/distribution/server-overlay/eap6/eap6-server-modules/lib.xml
similarity index 100%
rename from distribution/modules/lib.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/lib.xml
diff --git a/distribution/modules/pom.xml b/distribution/server-overlay/eap6/eap6-server-modules/pom.xml
similarity index 90%
rename from distribution/modules/pom.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/pom.xml
index c4fffdbda4..a12940a1e2 100755
--- a/distribution/modules/pom.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/pom.xml
@@ -1,155 +1,158 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-
-    <parent>
-        <artifactId>keycloak-parent</artifactId>
-        <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
-        <relativePath>../../pom.xml</relativePath>
-    </parent>
-
-    <artifactId>keycloak-jboss-modules</artifactId>
-
-    <name>Keycloak JBoss Modules</name>
-    <packaging>pom</packaging>
-    <dependencies>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-dependencies-server-all</artifactId>
-            <type>pom</type>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-extensions</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-core</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-core-jaxrs</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-server-subsystem</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak.subsystem</groupId>
-            <artifactId>keycloak-server</artifactId>
-            <type>war</type>
-        </dependency>
-    </dependencies>
-
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-antrun-plugin</artifactId>
-                <inherited>false</inherited>
-                <executions>
-                    <execution>
-                        <id>build-dist</id>
-                        <goals>
-                            <goal>run</goal>
-                        </goals>
-                        <phase>compile</phase>
-                        <configuration>
-                            <target>
-                                <ant antfile="build.xml" inheritRefs="true">
-                                    <target name="all"/>
-                                </ant>
-                            </target>
-                        </configuration>
-                    </execution>
-                </executions>
-                <dependencies>
-                    <dependency>
-                        <groupId>org.jboss</groupId>
-                        <artifactId>jandex</artifactId>
-                        <version>1.0.3.Final</version>
-                    </dependency>
-                    <dependency>
-                        <groupId>ant-contrib</groupId>
-                        <artifactId>ant-contrib</artifactId>
-                        <version>1.0b3</version>
-                        <exclusions>
-                            <exclusion>
-                                <groupId>ant</groupId>
-                                <artifactId>ant</artifactId>
-                            </exclusion>
-                        </exclusions>
-                    </dependency>
-                    <dependency>
-                        <groupId>org.apache.ant</groupId>
-                        <artifactId>ant-apache-bsf</artifactId>
-                        <version>1.9.3</version>
-                    </dependency>
-                    <dependency>
-                        <groupId>org.apache.bsf</groupId>
-                        <artifactId>bsf-api</artifactId>
-                        <version>3.1</version>
-                    </dependency>
-                    <dependency>
-                        <groupId>rhino</groupId>
-                        <artifactId>js</artifactId>
-                        <version>1.7R2</version>
-                    </dependency>
-                </dependencies>
-            </plugin>
-            <plugin>
-                <artifactId>maven-assembly-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>assemble</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>single</goal>
-                        </goals>
-                        <configuration>
-                            <descriptors>
-                                <descriptor>assembly.xml</descriptor>
-                            </descriptors>
-                            <outputDirectory>
-                                target
-                            </outputDirectory>
-                            <workDirectory>
-                                target/assembly/work
-                            </workDirectory>
-                            <appendAssemblyId>false</appendAssemblyId>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-dependency-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>copy</id>
-                        <phase>compile</phase>
-                        <goals>
-                            <goal>copy</goal>
-                        </goals>
-                        <configuration>
-                            <artifactItems>
-                                <artifactItem>
-                                    <groupId>org.keycloak.subsystem</groupId>
-                                    <artifactId>keycloak-server</artifactId>
-                                    <type>war</type>
-                                    <overWrite>true</overWrite>
-                                    <outputDirectory>${project.build.directory}/modules/org/keycloak/keycloak-server-subsystem/main/auth-server</outputDirectory>
-                                </artifactItem>
-                            </artifactItems>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-        </plugins>
-    </build>
-</project>
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <artifactId>keycloak-parent</artifactId>
+        <groupId>org.keycloak</groupId>
+        <version>1.3.0.Final-SNAPSHOT</version>
+        <relativePath>../../../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>keycloak-eap6-server-modules</artifactId>
+
+    <name>Keycloak EAP 6 Server Modules</name>
+    <packaging>pom</packaging>
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-dependencies-server-all</artifactId>
+            <type>pom</type>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-core-jaxrs</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-as7-server-subsystem</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak.subsystem</groupId>
+            <artifactId>keycloak-server</artifactId>
+            <type>war</type>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-antrun-plugin</artifactId>
+                <inherited>false</inherited>
+                <executions>
+                    <execution>
+                        <id>build-dist</id>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <phase>compile</phase>
+                        <configuration>
+                            <target>
+                                <ant antfile="build.xml" inheritRefs="true">
+                                    <target name="all"/>
+                                </ant>
+                            </target>
+                        </configuration>
+                    </execution>
+                </executions>
+                <dependencies>
+                    <dependency>
+                        <groupId>org.jboss</groupId>
+                        <artifactId>jandex</artifactId>
+                        <version>1.0.3.Final</version>
+                    </dependency>
+                    <dependency>
+                        <groupId>ant-contrib</groupId>
+                        <artifactId>ant-contrib</artifactId>
+                        <version>1.0b3</version>
+                        <exclusions>
+                            <exclusion>
+                                <groupId>ant</groupId>
+                                <artifactId>ant</artifactId>
+                            </exclusion>
+                        </exclusions>
+                    </dependency>
+                    <dependency>
+                        <groupId>org.apache.ant</groupId>
+                        <artifactId>ant-apache-bsf</artifactId>
+                        <version>1.9.3</version>
+                    </dependency>
+                    <dependency>
+                        <groupId>org.apache.bsf</groupId>
+                        <artifactId>bsf-api</artifactId>
+                        <version>3.1</version>
+                    </dependency>
+                    <dependency>
+                        <groupId>rhino</groupId>
+                        <artifactId>js</artifactId>
+                        <version>1.7R2</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
+            <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>assemble</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                        <configuration>
+                            <descriptors>
+                                <descriptor>assembly.xml</descriptor>
+                            </descriptors>
+                            <outputDirectory>
+                                target
+                            </outputDirectory>
+                            <workDirectory>
+                                target/assembly/work
+                            </workDirectory>
+                            <appendAssemblyId>false</appendAssemblyId>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy</id>
+                        <phase>compile</phase>
+                        <goals>
+                            <goal>copy</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.keycloak.subsystem</groupId>
+                                    <artifactId>keycloak-server</artifactId>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>${project.build.directory}/modules/org/keycloak/keycloak-as7-server-subsystem/main/server-war</outputDirectory>
+                                </artifactItem>
+                            </artifactItems>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/distribution/modules/src/main/resources/modules/com/google/zxing/core/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/com/google/zxing/core/main/module.xml
similarity index 95%
rename from distribution/modules/src/main/resources/modules/com/google/zxing/core/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/com/google/zxing/core/main/module.xml
index 78a8c49302..cafd9a758c 100755
--- a/distribution/modules/src/main/resources/modules/com/google/zxing/core/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/com/google/zxing/core/main/module.xml
@@ -1,13 +1,13 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="com.google.zxing.core">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="com.google.zxing.core">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/com/google/zxing/javase/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/com/google/zxing/javase/main/module.xml
similarity index 95%
rename from distribution/modules/src/main/resources/modules/com/google/zxing/javase/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/com/google/zxing/javase/main/module.xml
index a08a5f9005..7d72a872da 100755
--- a/distribution/modules/src/main/resources/modules/com/google/zxing/javase/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/com/google/zxing/javase/main/module.xml
@@ -1,14 +1,14 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="com.google.zxing.javase">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="com.google.zxing.core"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="com.google.zxing.javase">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="com.google.zxing.core"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/de/idyl/winzipaes/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/de/idyl/winzipaes/main/module.xml
similarity index 95%
rename from distribution/modules/src/main/resources/modules/de/idyl/winzipaes/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/de/idyl/winzipaes/main/module.xml
index 7d13910ed5..10f1103cfd 100755
--- a/distribution/modules/src/main/resources/modules/de/idyl/winzipaes/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/de/idyl/winzipaes/main/module.xml
@@ -1,13 +1,13 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="de.idyl.winzipaes">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="de.idyl.winzipaes">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/javax/ws/rs/api/2.0/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/javax/ws/rs/api/2.0/module.xml
new file mode 100644
index 0000000000..e972564181
--- /dev/null
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/javax/ws/rs/api/2.0/module.xml
@@ -0,0 +1,12 @@
+<module xmlns="urn:jboss:module:1.3" name="javax.ws.rs.api">
+    <resources>
+        <resource-root path="jboss-jaxrs-api_2.0_spec-1.0.0.Final.jar"/>
+        <!-- Insert resources here -->
+    </resources>
+
+    <dependencies>
+        <module name="org.jboss.resteasy.resteasy-jaxrs" services="export"/>
+        <module name="javax.xml.bind.api" />
+        <module name="javax.api" />
+    </dependencies>
+</module>
\ No newline at end of file
diff --git a/distribution/modules/src/main/resources/modules/net/iharder/base64/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/net/iharder/base64/main/module.xml
similarity index 95%
rename from distribution/modules/src/main/resources/modules/net/iharder/base64/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/net/iharder/base64/main/module.xml
index 352ee9c498..c99b96879b 100755
--- a/distribution/modules/src/main/resources/modules/net/iharder/base64/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/net/iharder/base64/main/module.xml
@@ -1,13 +1,13 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="net.iharder.base64">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="net.iharder.base64">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/bouncycastle/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/bouncycastle/main/module.xml
new file mode 100644
index 0000000000..d8fcf474cb
--- /dev/null
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/bouncycastle/main/module.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<module xmlns="urn:jboss:module:1.1" name="org.bouncycastle">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="javax.api"/>
+    </dependencies>
+</module>
\ No newline at end of file
diff --git a/distribution/modules/src/main/resources/modules/org/freemarker/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/freemarker/main/module.xml
similarity index 95%
rename from distribution/modules/src/main/resources/modules/org/freemarker/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/freemarker/main/module.xml
index 90b6464676..d2749543ba 100755
--- a/distribution/modules/src/main/resources/modules/org/freemarker/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/freemarker/main/module.xml
@@ -1,14 +1,14 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.freemarker">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="javax.api"/>
-        <module name="org.apache.log4j"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.freemarker">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="javax.api"/>
+        <module name="org.apache.log4j"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-account-api/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-account-api/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-account-api/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-account-api/main/module.xml
index 8432c99484..1eba478b07 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-account-api/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-account-api/main/module.xml
@@ -1,18 +1,18 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-account-api">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-account-api">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-account-freemarker/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-account-freemarker/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-account-freemarker/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-account-freemarker/main/module.xml
index 1790a854d8..34840a6339 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-account-freemarker/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-account-freemarker/main/module.xml
@@ -1,24 +1,24 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-account-freemarker">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-forms-common-freemarker"/>
-        <module name="org.keycloak.keycloak-account-api"/>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-services"/>
-        <module name="org.keycloak.keycloak-social-core"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.freemarker"/>
-        <module name="javax.api"/>
-        <module name="javax.ws.rs.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-account-freemarker">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-forms-common-freemarker"/>
+        <module name="org.keycloak.keycloak-account-api"/>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-services"/>
+        <module name="org.keycloak.keycloak-social-core"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.freemarker"/>
+        <module name="javax.api"/>
+        <module name="javax.ws.rs.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-as7-server-subsystem/main/module.xml
similarity index 98%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-as7-server-subsystem/main/module.xml
index 21f917ead8..4715783e73 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-as7-server-subsystem/main/module.xml
@@ -22,7 +22,7 @@
   ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
   -->
 
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-server-subsystem">
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-as7-server-subsystem">
     <properties>
         <property name="keycloak-version" value="${project.version}"/>
         <property name="auth-server-exploded" value="false"/>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-broker-core/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-broker-core/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-broker-core/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-broker-core/main/module.xml
index 33525e95e5..825ba3124d 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-broker-core/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-broker-core/main/module.xml
@@ -1,17 +1,17 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-broker-core">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.logging"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-broker-core">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.logging"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-broker-oidc/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-broker-oidc/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-broker-oidc/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-broker-oidc/main/module.xml
index 5457d86e62..651547dbff 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-broker-oidc/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-broker-oidc/main/module.xml
@@ -1,22 +1,22 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-broker-oidc">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.keycloak.keycloak-broker-core"/>
-        <module name="org.keycloak.keycloak-services"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.ws.rs.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-broker-oidc">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.keycloak.keycloak-broker-core"/>
+        <module name="org.keycloak.keycloak-services"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.ws.rs.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-broker-saml/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-broker-saml/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-broker-saml/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-broker-saml/main/module.xml
index ac30917c48..0f2a22bfd8 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-broker-saml/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-broker-saml/main/module.xml
@@ -1,19 +1,19 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-broker-saml">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="javax.api" />
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.keycloak.keycloak-broker-core"/>
-        <module name="org.keycloak.keycloak-saml-core"/>
-        <module name="org.keycloak.keycloak-saml-protocol"/>
-        <module name="org.keycloak.keycloak-services"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.ws.rs.api"/>
-    </dependencies>
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-broker-saml">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="javax.api" />
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.keycloak.keycloak-broker-core"/>
+        <module name="org.keycloak.keycloak-saml-core"/>
+        <module name="org.keycloak.keycloak-saml-protocol"/>
+        <module name="org.keycloak.keycloak-services"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.ws.rs.api"/>
+    </dependencies>
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-file/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-file/main/module.xml
similarity index 100%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-file/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-file/main/module.xml
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-http-client/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-http-client/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-http-client/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-http-client/main/module.xml
index 7739aa320a..630a09e62b 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-http-client/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-http-client/main/module.xml
@@ -1,20 +1,20 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-connections-http-client">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <exports>
-        <include path="META-INF/**"/>
-    </exports>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-        <module name="org.apache.httpcomponents"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-connections-http-client">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <exports>
+        <include path="META-INF/**"/>
+    </exports>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+        <module name="org.apache.httpcomponents"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-infinispan/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-infinispan/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-infinispan/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-infinispan/main/module.xml
index d6b86d5c1b..d63e4df848 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-infinispan/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-infinispan/main/module.xml
@@ -1,17 +1,17 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-connections-infinispan">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.infinispan"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-connections-infinispan">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.infinispan"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa-liquibase/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa-liquibase/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa-liquibase/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa-liquibase/main/module.xml
index c5b7d85166..041108c57a 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa-liquibase/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa-liquibase/main/module.xml
@@ -1,20 +1,20 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-connections-jpa-liquibase">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-connections-jpa"/>
-        <module name="org.keycloak.keycloak-services"/>
-        <module name="org.liquibase"/>
-        <module name="javax.persistence.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-connections-jpa-liquibase">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-connections-jpa"/>
+        <module name="org.keycloak.keycloak-services"/>
+        <module name="org.liquibase"/>
+        <module name="javax.persistence.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa/main/module.xml
index 070b3b0d70..c2b14a3ff2 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-jpa/main/module.xml
@@ -1,23 +1,23 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-connections-jpa">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <exports>
-        <include path="META-INF/**"/>
-    </exports>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="javax.persistence.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.bouncycastle" />
-        <module name="javax.api"/>
-        <module name="org.hibernate" services="import"/>
-        <module name="org.javassist"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-connections-jpa">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <exports>
+        <include path="META-INF/**"/>
+    </exports>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="javax.persistence.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.bouncycastle" />
+        <module name="javax.api"/>
+        <module name="org.hibernate" services="import"/>
+        <module name="org.javassist"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-mongo-update/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-mongo-update/main/module.xml
similarity index 100%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-mongo-update/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-mongo-update/main/module.xml
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-mongo/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-mongo/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-mongo/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-mongo/main/module.xml
index 5f4aa72140..3decf9a8f4 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-connections-mongo/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-connections-mongo/main/module.xml
@@ -1,17 +1,17 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-connections-mongo">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.mongodb.mongo-java-driver"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-connections-mongo">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.mongodb.mongo-java-driver"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-core-jaxrs/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-core-jaxrs/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-core-jaxrs/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-core-jaxrs/main/module.xml
index 6c99976670..e8b0e5c04f 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-core-jaxrs/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-core-jaxrs/main/module.xml
@@ -1,20 +1,20 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-core-jaxrs">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.bouncycastle" />
-        <module name="net.iharder.base64"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-core-jaxrs">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.bouncycastle" />
+        <module name="net.iharder.base64"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml
index 5a35b132aa..545f16847c 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-core/main/module.xml
@@ -1,21 +1,21 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-core">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="org.bouncycastle" />
-        <module name="net.iharder.base64"/>
-        <module name="javax.api"/>
-        <module name="javax.activation.api"/>
-        <module name="sun.jdk" optional="true" />
-        <module name="sun.jdk.jgss" optional="true" />
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-core">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+        <module name="org.bouncycastle" />
+        <module name="net.iharder.base64"/>
+        <module name="javax.api"/>
+        <module name="javax.activation.api"/>
+        <module name="sun.jdk" optional="true" />
+        <module name="sun.jdk.jgss" optional="true" />
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-email-api/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-email-api/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-email-api/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-email-api/main/module.xml
index 5a9c4f98f2..238d86db27 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-email-api/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-email-api/main/module.xml
@@ -1,17 +1,17 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-email-api">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-email-api">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-email-freemarker/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-email-freemarker/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-email-freemarker/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-email-freemarker/main/module.xml
index 23003490cc..d9e9141efe 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-email-freemarker/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-email-freemarker/main/module.xml
@@ -1,24 +1,24 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-email-freemarker">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-forms-common-freemarker"/>
-        <module name="org.keycloak.keycloak-email-api"/>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-services"/>
-        <module name="org.keycloak.keycloak-social-core"/>
-        <module name="javax.mail.api"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.freemarker"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-email-freemarker">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-forms-common-freemarker"/>
+        <module name="org.keycloak.keycloak-email-api"/>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-services"/>
+        <module name="org.keycloak.keycloak-social-core"/>
+        <module name="javax.mail.api"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.freemarker"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-api/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-api/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-api/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-api/main/module.xml
index af1ceeb9ff..5e3279d73c 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-api/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-api/main/module.xml
@@ -1,16 +1,16 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-events-api">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-events-api">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-email/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-email/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-email/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-email/main/module.xml
index 209116515d..fd67f343d1 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-email/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-email/main/module.xml
@@ -1,19 +1,19 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-events-email">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.keycloak.keycloak-email-api"/>
-        <module name="javax.mail.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-events-email">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.keycloak.keycloak-email-api"/>
+        <module name="javax.mail.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-jboss-logging/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-jboss-logging/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-jboss-logging/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-jboss-logging/main/module.xml
index 00943abc7b..c2408274d5 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-jboss-logging/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-jboss-logging/main/module.xml
@@ -1,18 +1,18 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-events-jboss-logging">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-        <module name="javax.ws.rs.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-events-jboss-logging">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+        <module name="javax.ws.rs.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-jpa/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-jpa/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-jpa/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-jpa/main/module.xml
index f902c4e1a1..78608224ce 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-jpa/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-jpa/main/module.xml
@@ -1,24 +1,24 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-events-jpa">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.keycloak.keycloak-connections-jpa"/>
-        <module name="javax.persistence.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.javassist"/>
-        <module name="org.hibernate" services="import"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-events-jpa">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.keycloak.keycloak-connections-jpa"/>
+        <module name="javax.persistence.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.javassist"/>
+        <module name="org.hibernate" services="import"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-mongo/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-mongo/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-mongo/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-mongo/main/module.xml
index 3e20796874..4e72c8c306 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-events-mongo/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-events-mongo/main/module.xml
@@ -1,22 +1,22 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-events-mongo">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.keycloak.keycloak-connections-mongo"/>
-        <module name="org.mongodb.mongo-java-driver"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-events-mongo">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.keycloak.keycloak-connections-mongo"/>
+        <module name="org.mongodb.mongo-java-driver"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-export-import-api/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-export-import-api/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-export-import-api/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-export-import-api/main/module.xml
index b36c5cb7cf..7ff6b07105 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-export-import-api/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-export-import-api/main/module.xml
@@ -1,24 +1,24 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-export-import-api">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-invalidation-cache-model"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.bouncycastle" />
-        <module name="net.iharder.base64"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-export-import-api">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-invalidation-cache-model"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.bouncycastle" />
+        <module name="net.iharder.base64"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-export-import-dir/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-export-import-dir/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-export-import-dir/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-export-import-dir/main/module.xml
index db4ee600b4..046e436616 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-export-import-dir/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-export-import-dir/main/module.xml
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-export-import-dir">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-invalidation-cache-model"/>
-        <module name="org.keycloak.keycloak-export-import-api"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.bouncycastle" />
-        <module name="net.iharder.base64"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-export-import-dir">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-invalidation-cache-model"/>
+        <module name="org.keycloak.keycloak-export-import-api"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.bouncycastle" />
+        <module name="net.iharder.base64"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-export-import-single-file/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-export-import-single-file/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-export-import-single-file/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-export-import-single-file/main/module.xml
index 12dfd46f25..9940d3e2cb 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-export-import-single-file/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-export-import-single-file/main/module.xml
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-export-import-single-file">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-invalidation-cache-model"/>
-        <module name="org.keycloak.keycloak-export-import-api"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.bouncycastle" />
-        <module name="net.iharder.base64"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-export-import-single-file">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-invalidation-cache-model"/>
+        <module name="org.keycloak.keycloak-export-import-api"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.bouncycastle" />
+        <module name="net.iharder.base64"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-export-import-zip/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-export-import-zip/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-export-import-zip/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-export-import-zip/main/module.xml
index 1351976b3b..2e28fbb689 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-export-import-zip/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-export-import-zip/main/module.xml
@@ -1,26 +1,26 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-export-import-zip">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-invalidation-cache-model"/>
-        <module name="org.keycloak.keycloak-export-import-api"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.bouncycastle" />
-        <module name="net.iharder.base64"/>
-        <module name="de.idyl.winzipaes"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-export-import-zip">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-invalidation-cache-model"/>
+        <module name="org.keycloak.keycloak-export-import-api"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.bouncycastle" />
+        <module name="net.iharder.base64"/>
+        <module name="de.idyl.winzipaes"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-forms-common-freemarker/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-forms-common-freemarker/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-forms-common-freemarker/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-forms-common-freemarker/main/module.xml
index b3798a3a1f..aebe235ed5 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-forms-common-freemarker/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-forms-common-freemarker/main/module.xml
@@ -1,18 +1,18 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-forms-common-freemarker">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.freemarker"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-forms-common-freemarker">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.freemarker"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-forms-common-themes/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-forms-common-themes/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-forms-common-themes/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-forms-common-themes/main/module.xml
index e9359dc22f..33bb178472 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-forms-common-themes/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-forms-common-themes/main/module.xml
@@ -1,19 +1,19 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-forms-common-themes">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-forms-common-freemarker"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.freemarker"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-forms-common-themes">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-forms-common-freemarker"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.freemarker"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-infinispan/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-infinispan/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-infinispan/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-infinispan/main/module.xml
index 45729feee2..a80921e577 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-infinispan/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-infinispan/main/module.xml
@@ -1,19 +1,19 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-invalidation-cache-infinispan">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-invalidation-cache-model"/>
-        <module name="org.keycloak.keycloak-connections-infinispan"/>
-        <module name="org.infinispan"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-invalidation-cache-infinispan">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-invalidation-cache-model"/>
+        <module name="org.keycloak.keycloak-connections-infinispan"/>
+        <module name="org.infinispan"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-model/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-model/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-model/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-model/main/module.xml
index 5e222dbdd7..b482069d1f 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-model/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-invalidation-cache-model/main/module.xml
@@ -1,20 +1,20 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-invalidation-cache-model">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.bouncycastle" />
-        <module name="net.iharder.base64"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-invalidation-cache-model">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.bouncycastle" />
+        <module name="net.iharder.base64"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-js-adapter/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-js-adapter/main/module.xml
similarity index 95%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-js-adapter/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-js-adapter/main/module.xml
index 5a2fdf085e..88516811eb 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-js-adapter/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-js-adapter/main/module.xml
@@ -1,12 +1,12 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-js-adapter">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-js-adapter">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-kerberos-federation/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-kerberos-federation/main/module.xml
similarity index 100%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-kerberos-federation/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-kerberos-federation/main/module.xml
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-ldap-federation/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-ldap-federation/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-ldap-federation/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-ldap-federation/main/module.xml
index 5f88f37e82..3ef2bd3b74 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-ldap-federation/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-ldap-federation/main/module.xml
@@ -1,19 +1,19 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-ldap-federation">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-kerberos-federation"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-ldap-federation">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-kerberos-federation"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-login-api/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-login-api/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-login-api/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-login-api/main/module.xml
index 8fcd75c8f0..372d708879 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-login-api/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-login-api/main/module.xml
@@ -1,18 +1,18 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-login-api">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-login-api">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-login-freemarker/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-login-freemarker/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-login-freemarker/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-login-freemarker/main/module.xml
index e7b2d3526b..7c3247b42f 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-login-freemarker/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-login-freemarker/main/module.xml
@@ -1,26 +1,26 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-login-freemarker">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-forms-common-freemarker"/>
-        <module name="org.keycloak.keycloak-login-api"/>
-        <module name="org.keycloak.keycloak-email-api"/>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-services"/>
-        <module name="org.keycloak.keycloak-social-core"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.freemarker"/>
-        <module name="javax.api"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-login-freemarker">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-forms-common-freemarker"/>
+        <module name="org.keycloak.keycloak-login-api"/>
+        <module name="org.keycloak.keycloak-email-api"/>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-services"/>
+        <module name="org.keycloak.keycloak-social-core"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.freemarker"/>
+        <module name="javax.api"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-api/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-api/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-api/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-api/main/module.xml
index 30ce7636da..c5902a890d 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-api/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-api/main/module.xml
@@ -1,17 +1,17 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-api">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.jboss.logging"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.bouncycastle" />
-        <module name="net.iharder.base64"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-api">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.jboss.logging"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.bouncycastle" />
+        <module name="net.iharder.base64"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-file/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-file/main/module.xml
similarity index 100%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-file/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-file/main/module.xml
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-jpa/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-jpa/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-jpa/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-jpa/main/module.xml
index 5603e027aa..88cdce905e 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-jpa/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-jpa/main/module.xml
@@ -1,22 +1,22 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-jpa">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-connections-jpa" services="import"/>
-        <module name="javax.persistence.api"/>
-        <module name="net.iharder.base64"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.javassist"/>
-        <module name="org.hibernate" services="import"/>
-        <module name="org.bouncycastle" />
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-jpa">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-connections-jpa" services="import"/>
+        <module name="javax.persistence.api"/>
+        <module name="net.iharder.base64"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.javassist"/>
+        <module name="org.hibernate" services="import"/>
+        <module name="org.bouncycastle" />
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-mongo/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-mongo/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-mongo/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-mongo/main/module.xml
index 2017d49455..205a30b2ab 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-mongo/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-mongo/main/module.xml
@@ -1,19 +1,19 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-mongo">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-connections-mongo"/>
-        <module name="org.mongodb.mongo-java-driver"/>
-        <module name="net.iharder.base64"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-mongo">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-connections-mongo"/>
+        <module name="org.mongodb.mongo-java-driver"/>
+        <module name="net.iharder.base64"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-infinispan/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-infinispan/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-infinispan/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-infinispan/main/module.xml
index b17720e3fc..f2c564b805 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-infinispan/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-infinispan/main/module.xml
@@ -1,18 +1,18 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-sessions-infinispan">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-connections-infinispan"/>
-        <module name="org.infinispan"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-sessions-infinispan">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-connections-infinispan"/>
+        <module name="org.infinispan"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-jpa/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-jpa/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-jpa/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-jpa/main/module.xml
index b26bce7757..f09407df79 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-jpa/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-jpa/main/module.xml
@@ -1,20 +1,20 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-sessions-jpa">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-connections-jpa"/>
-        <module name="javax.persistence.api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-        <module name="org.javassist"/>
-        <module name="org.hibernate" services="import"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-sessions-jpa">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-connections-jpa"/>
+        <module name="javax.persistence.api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+        <module name="org.javassist"/>
+        <module name="org.hibernate" services="import"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mem/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mem/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mem/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mem/main/module.xml
index 6e6b3472d1..20ab6d0c95 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mem/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mem/main/module.xml
@@ -1,16 +1,16 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-sessions-mem">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-sessions-mem">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mongo/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mongo/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mongo/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mongo/main/module.xml
index 8e562076af..f1408f3d1c 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mongo/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-model-sessions-mongo/main/module.xml
@@ -1,18 +1,18 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-sessions-mongo">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-connections-mongo"/>
-        <module name="org.mongodb.mongo-java-driver"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-model-sessions-mongo">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-connections-mongo"/>
+        <module name="org.mongodb.mongo-java-driver"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
index 67d251429c..1e59fd173e 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
@@ -1,19 +1,19 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-core">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.jboss.logging"/>
-        <module name="org.apache.santuario.xmlsec">
-            <imports>
-                <exclude path="javax/*"/>
-            </imports>
-        </module>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-core">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.jboss.logging"/>
+        <module name="org.apache.santuario.xmlsec">
+            <imports>
+                <exclude path="javax/*"/>
+            </imports>
+        </module>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml
index 45512ac392..b287cbc67c 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml
@@ -1,29 +1,29 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-protocol">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-saml-core"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-events-api"/>
-        <module name="org.keycloak.keycloak-account-api"/>
-        <module name="org.keycloak.keycloak-email-api"/>
-        <module name="org.keycloak.keycloak-login-api"/>
-        <module name="org.keycloak.keycloak-services"/>
-        <module name="org.keycloak.keycloak-forms-common-freemarker"/>
-        <module name="org.apache.httpcomponents"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
-        <module name="org.jboss.resteasy.resteasy-multipart-provider"/>
-        <module name="org.keycloak.keycloak-connections-http-client" services="import"/>
-
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-protocol">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-saml-core"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-events-api"/>
+        <module name="org.keycloak.keycloak-account-api"/>
+        <module name="org.keycloak.keycloak-email-api"/>
+        <module name="org.keycloak.keycloak-login-api"/>
+        <module name="org.keycloak.keycloak-services"/>
+        <module name="org.keycloak.keycloak-forms-common-freemarker"/>
+        <module name="org.apache.httpcomponents"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="org.jboss.resteasy.resteasy-multipart-provider"/>
+        <module name="org.keycloak.keycloak-connections-http-client" services="import"/>
+
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem/main/module.xml
new file mode 100755
index 0000000000..4326de4650
--- /dev/null
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-server-subsystem/main/module.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2014, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-server-subsystem">
+    <properties>
+        <property name="keycloak-version" value="${project.version}"/>
+        <property name="server-exploded" value="false"/>
+    </properties>
+
+    <resources>
+        <resource-root path="."/>
+        <!-- Insert resources here -->
+    </resources>
+
+    <dependencies>
+        <module name="org.keycloak.keycloak-as7-server-subsystem" services="export" export="true"/>
+    </dependencies>
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-server/main/module.xml
similarity index 98%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-server/main/module.xml
index fd8e190fb3..1546f8ed9b 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-server/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-server/main/module.xml
@@ -1,61 +1,61 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-server">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-account-api" services="import"/>
-        <module name="org.keycloak.keycloak-account-freemarker" services="import"/>
-        <module name="org.keycloak.keycloak-connections-infinispan" services="import"/>
-        <module name="org.keycloak.keycloak-connections-jpa" services="import"/>
-        <module name="org.keycloak.keycloak-connections-jpa-liquibase" services="import"/>
-        <module name="org.keycloak.keycloak-connections-mongo" services="import"/>
-        <module name="org.keycloak.keycloak-connections-mongo-update" services="import"/>
-        <module name="org.keycloak.keycloak-connections-file" services="import"/>
-        <module name="org.keycloak.keycloak-core" services="import"/>
-        <module name="org.keycloak.keycloak-core-jaxrs" services="import"/>
-        <module name="org.keycloak.keycloak-email-api" services="import"/>
-        <module name="org.keycloak.keycloak-email-freemarker" services="import"/>
-        <module name="org.keycloak.keycloak-events-api" services="import"/>
-        <module name="org.keycloak.keycloak-events-email" services="import"/>
-        <module name="org.keycloak.keycloak-events-jboss-logging" services="import"/>
-        <module name="org.keycloak.keycloak-events-jpa" services="import"/>
-        <module name="org.keycloak.keycloak-events-mongo" services="import"/>
-        <module name="org.keycloak.keycloak-export-import-api" services="import"/>
-        <module name="org.keycloak.keycloak-export-import-dir" services="import"/>
-        <module name="org.keycloak.keycloak-export-import-single-file" services="import"/>
-        <module name="org.keycloak.keycloak-export-import-zip" services="import"/>
-        <module name="org.keycloak.keycloak-forms-common-freemarker" services="import"/>
-        <module name="org.keycloak.keycloak-forms-common-themes" services="import"/>
-        <module name="org.keycloak.keycloak-invalidation-cache-infinispan" services="import"/>
-        <module name="org.keycloak.keycloak-invalidation-cache-model" services="import"/>
-        <module name="org.keycloak.keycloak-js-adapter" services="import"/>
-        <module name="org.keycloak.keycloak-kerberos-federation" services="import"/>
-        <module name="org.keycloak.keycloak-ldap-federation" services="import"/>
-        <module name="org.keycloak.keycloak-login-api" services="import"/>
-        <module name="org.keycloak.keycloak-login-freemarker" services="import"/>
-        <module name="org.keycloak.keycloak-model-api" services="import"/>
-        <module name="org.keycloak.keycloak-model-jpa" services="import"/>
-        <module name="org.keycloak.keycloak-model-mongo" services="import"/>
-        <module name="org.keycloak.keycloak-model-sessions-infinispan" services="import"/>
-        <module name="org.keycloak.keycloak-model-sessions-jpa" services="import"/>
-        <module name="org.keycloak.keycloak-model-sessions-mem" services="import"/>
-        <module name="org.keycloak.keycloak-model-sessions-mongo" services="import"/>
-        <module name="org.keycloak.keycloak-saml-protocol" services="import"/>
-        <module name="org.keycloak.keycloak-services" export="true" services="import"/>
-        <module name="org.keycloak.keycloak-social-core" services="import"/>
-        <module name="org.keycloak.keycloak-social-facebook" services="import"/>
-        <module name="org.keycloak.keycloak-social-github" services="import"/>
-        <module name="org.keycloak.keycloak-social-google" services="import"/>
-        <module name="org.keycloak.keycloak-social-twitter" services="import"/>
-        <module name="org.keycloak.keycloak-social-linkedin" services="import"/>
-        <module name="org.keycloak.keycloak-social-stackoverflow" services="import"/>
-        <module name="org.keycloak.keycloak-server-subsystem" services="import"/>
-        <module name="org.keycloak.keycloak-timer-api" services="import"/>
-        <module name="org.keycloak.keycloak-timer-basic" services="import"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-server">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-account-api" services="import"/>
+        <module name="org.keycloak.keycloak-account-freemarker" services="import"/>
+        <module name="org.keycloak.keycloak-connections-infinispan" services="import"/>
+        <module name="org.keycloak.keycloak-connections-jpa" services="import"/>
+        <module name="org.keycloak.keycloak-connections-jpa-liquibase" services="import"/>
+        <module name="org.keycloak.keycloak-connections-mongo" services="import"/>
+        <module name="org.keycloak.keycloak-connections-mongo-update" services="import"/>
+        <module name="org.keycloak.keycloak-connections-file" services="import"/>
+        <module name="org.keycloak.keycloak-core" services="import"/>
+        <module name="org.keycloak.keycloak-core-jaxrs" services="import"/>
+        <module name="org.keycloak.keycloak-email-api" services="import"/>
+        <module name="org.keycloak.keycloak-email-freemarker" services="import"/>
+        <module name="org.keycloak.keycloak-events-api" services="import"/>
+        <module name="org.keycloak.keycloak-events-email" services="import"/>
+        <module name="org.keycloak.keycloak-events-jboss-logging" services="import"/>
+        <module name="org.keycloak.keycloak-events-jpa" services="import"/>
+        <module name="org.keycloak.keycloak-events-mongo" services="import"/>
+        <module name="org.keycloak.keycloak-export-import-api" services="import"/>
+        <module name="org.keycloak.keycloak-export-import-dir" services="import"/>
+        <module name="org.keycloak.keycloak-export-import-single-file" services="import"/>
+        <module name="org.keycloak.keycloak-export-import-zip" services="import"/>
+        <module name="org.keycloak.keycloak-forms-common-freemarker" services="import"/>
+        <module name="org.keycloak.keycloak-forms-common-themes" services="import"/>
+        <module name="org.keycloak.keycloak-invalidation-cache-infinispan" services="import"/>
+        <module name="org.keycloak.keycloak-invalidation-cache-model" services="import"/>
+        <module name="org.keycloak.keycloak-js-adapter" services="import"/>
+        <module name="org.keycloak.keycloak-kerberos-federation" services="import"/>
+        <module name="org.keycloak.keycloak-ldap-federation" services="import"/>
+        <module name="org.keycloak.keycloak-login-api" services="import"/>
+        <module name="org.keycloak.keycloak-login-freemarker" services="import"/>
+        <module name="org.keycloak.keycloak-model-api" services="import"/>
+        <module name="org.keycloak.keycloak-model-jpa" services="import"/>
+        <module name="org.keycloak.keycloak-model-mongo" services="import"/>
+        <module name="org.keycloak.keycloak-model-sessions-infinispan" services="import"/>
+        <module name="org.keycloak.keycloak-model-sessions-jpa" services="import"/>
+        <module name="org.keycloak.keycloak-model-sessions-mem" services="import"/>
+        <module name="org.keycloak.keycloak-model-sessions-mongo" services="import"/>
+        <module name="org.keycloak.keycloak-saml-protocol" services="import"/>
+        <module name="org.keycloak.keycloak-services" export="true" services="import"/>
+        <module name="org.keycloak.keycloak-social-core" services="import"/>
+        <module name="org.keycloak.keycloak-social-facebook" services="import"/>
+        <module name="org.keycloak.keycloak-social-github" services="import"/>
+        <module name="org.keycloak.keycloak-social-google" services="import"/>
+        <module name="org.keycloak.keycloak-social-twitter" services="import"/>
+        <module name="org.keycloak.keycloak-social-linkedin" services="import"/>
+        <module name="org.keycloak.keycloak-social-stackoverflow" services="import"/>
+        <module name="org.keycloak.keycloak-server-subsystem" services="import"/>
+        <module name="org.keycloak.keycloak-timer-api" services="import"/>
+        <module name="org.keycloak.keycloak-timer-basic" services="import"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml
similarity index 98%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml
index 0ee8056eaf..0ff106f989 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-services/main/module.xml
@@ -1,82 +1,82 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-services">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-account-api" services="import"/>
-        <module name="org.keycloak.keycloak-account-freemarker" services="import"/>
-        <module name="org.keycloak.keycloak-broker-core" services="import"/>
-        <module name="org.keycloak.keycloak-broker-oidc" services="import"/>
-        <module name="org.keycloak.keycloak-broker-saml" services="import"/>
-        <module name="org.keycloak.keycloak-connections-infinispan" services="import"/>
-        <module name="org.keycloak.keycloak-connections-jpa" services="import"/>
-        <module name="org.keycloak.keycloak-connections-http-client" services="import"/>
-        <module name="org.keycloak.keycloak-connections-jpa-liquibase" services="import"/>
-        <module name="org.keycloak.keycloak-connections-mongo" services="import"/>
-        <module name="org.keycloak.keycloak-connections-mongo-update" services="import"/>
-        <module name="org.keycloak.keycloak-connections-file" services="import"/>
-        <module name="org.keycloak.keycloak-core" services="import"/>
-        <module name="org.keycloak.keycloak-core-jaxrs" services="import"/>
-        <module name="org.keycloak.keycloak-email-api" services="import"/>
-        <module name="org.keycloak.keycloak-email-freemarker" services="import"/>
-        <module name="org.keycloak.keycloak-events-api" services="import"/>
-        <module name="org.keycloak.keycloak-events-email" services="import"/>
-        <module name="org.keycloak.keycloak-events-jboss-logging" services="import"/>
-        <module name="org.keycloak.keycloak-events-jpa" services="import"/>
-        <module name="org.keycloak.keycloak-events-mongo" services="import"/>
-        <module name="org.keycloak.keycloak-export-import-api" services="import"/>
-        <module name="org.keycloak.keycloak-export-import-dir" services="import"/>
-        <module name="org.keycloak.keycloak-export-import-single-file" services="import"/>
-        <module name="org.keycloak.keycloak-export-import-zip" services="import"/>
-        <module name="org.keycloak.keycloak-forms-common-freemarker" services="import"/>
-        <module name="org.keycloak.keycloak-forms-common-themes" services="import"/>
-        <module name="org.keycloak.keycloak-invalidation-cache-infinispan" services="import"/>
-        <module name="org.keycloak.keycloak-invalidation-cache-model" services="import"/>
-        <module name="org.keycloak.keycloak-js-adapter" services="import"/>
-        <module name="org.keycloak.keycloak-kerberos-federation" services="import"/>
-        <module name="org.keycloak.keycloak-ldap-federation" services="import"/>
-        <module name="org.keycloak.keycloak-login-api" services="import"/>
-        <module name="org.keycloak.keycloak-login-freemarker" services="import"/>
-        <module name="org.keycloak.keycloak-model-api" services="import"/>
-        <module name="org.keycloak.keycloak-model-jpa" services="import"/>
-        <module name="org.keycloak.keycloak-model-mongo" services="import"/>
-        <module name="org.keycloak.keycloak-model-file" services="import"/>
-        <module name="org.keycloak.keycloak-model-sessions-infinispan" services="import"/>
-        <module name="org.keycloak.keycloak-model-sessions-jpa" services="import"/>
-        <module name="org.keycloak.keycloak-model-sessions-mem" services="import"/>
-        <module name="org.keycloak.keycloak-model-sessions-mongo" services="import"/>
-
-        <module name="org.keycloak.keycloak-saml-protocol" services="import"/>
-        <module name="org.keycloak.keycloak-services" export="true" services="import"/>
-        <module name="org.keycloak.keycloak-social-core" services="import"/>
-        <module name="org.keycloak.keycloak-social-facebook" services="import"/>
-        <module name="org.keycloak.keycloak-social-github" services="import"/>
-        <module name="org.keycloak.keycloak-social-google" services="import"/>
-        <module name="org.keycloak.keycloak-social-twitter" services="import"/>
-        <module name="org.keycloak.keycloak-social-linkedin" services="import"/>
-        <module name="org.keycloak.keycloak-social-stackoverflow" services="import"/>
-        <module name="org.keycloak.keycloak-timer-api" services="import"/>
-        <module name="org.keycloak.keycloak-timer-basic" services="import"/>
-
-        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
-        <module name="org.jboss.resteasy.resteasy-multipart-provider"/>
-        <module name="javax.servlet.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-        <module name="com.google.zxing.core"/>
-        <module name="com.google.zxing.javase"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.bouncycastle" />
-        <module name="net.iharder.base64"/>
-        <module name="javax.api"/>
-        <module name="javax.activation.api"/>
-        <module name="org.apache.httpcomponents"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-services">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-account-api" services="import"/>
+        <module name="org.keycloak.keycloak-account-freemarker" services="import"/>
+        <module name="org.keycloak.keycloak-broker-core" services="import"/>
+        <module name="org.keycloak.keycloak-broker-oidc" services="import"/>
+        <module name="org.keycloak.keycloak-broker-saml" services="import"/>
+        <module name="org.keycloak.keycloak-connections-http-client" services="import"/>
+        <module name="org.keycloak.keycloak-connections-infinispan" services="import"/>
+        <module name="org.keycloak.keycloak-connections-jpa" services="import"/>
+        <module name="org.keycloak.keycloak-connections-jpa-liquibase" services="import"/>
+        <module name="org.keycloak.keycloak-connections-mongo" services="import"/>
+        <module name="org.keycloak.keycloak-connections-mongo-update" services="import"/>
+        <module name="org.keycloak.keycloak-connections-file" services="import"/>
+        <module name="org.keycloak.keycloak-core" services="import"/>
+        <module name="org.keycloak.keycloak-core-jaxrs" services="import"/>
+        <module name="org.keycloak.keycloak-email-api" services="import"/>
+        <module name="org.keycloak.keycloak-email-freemarker" services="import"/>
+        <module name="org.keycloak.keycloak-events-api" services="import"/>
+        <module name="org.keycloak.keycloak-events-email" services="import"/>
+        <module name="org.keycloak.keycloak-events-jboss-logging" services="import"/>
+        <module name="org.keycloak.keycloak-events-jpa" services="import"/>
+        <module name="org.keycloak.keycloak-events-mongo" services="import"/>
+        <module name="org.keycloak.keycloak-export-import-api" services="import"/>
+        <module name="org.keycloak.keycloak-export-import-dir" services="import"/>
+        <module name="org.keycloak.keycloak-export-import-single-file" services="import"/>
+        <module name="org.keycloak.keycloak-export-import-zip" services="import"/>
+        <module name="org.keycloak.keycloak-forms-common-freemarker" services="import"/>
+        <module name="org.keycloak.keycloak-forms-common-themes" services="import"/>
+        <module name="org.keycloak.keycloak-invalidation-cache-infinispan" services="import"/>
+        <module name="org.keycloak.keycloak-invalidation-cache-model" services="import"/>
+        <module name="org.keycloak.keycloak-js-adapter" services="import"/>
+        <module name="org.keycloak.keycloak-kerberos-federation" services="import"/>
+        <module name="org.keycloak.keycloak-ldap-federation" services="import"/>
+        <module name="org.keycloak.keycloak-login-api" services="import"/>
+        <module name="org.keycloak.keycloak-login-freemarker" services="import"/>
+        <module name="org.keycloak.keycloak-model-api" services="import"/>
+        <module name="org.keycloak.keycloak-model-jpa" services="import"/>
+        <module name="org.keycloak.keycloak-model-mongo" services="import"/>
+        <module name="org.keycloak.keycloak-model-file" services="import"/>
+        <module name="org.keycloak.keycloak-model-sessions-infinispan" services="import"/>
+        <module name="org.keycloak.keycloak-model-sessions-jpa" services="import"/>
+        <module name="org.keycloak.keycloak-model-sessions-mem" services="import"/>
+        <module name="org.keycloak.keycloak-model-sessions-mongo" services="import"/>
+
+        <module name="org.keycloak.keycloak-saml-protocol" services="import"/>
+        <module name="org.keycloak.keycloak-services" export="true" services="import"/>
+        <module name="org.keycloak.keycloak-social-core" services="import"/>
+        <module name="org.keycloak.keycloak-social-facebook" services="import"/>
+        <module name="org.keycloak.keycloak-social-github" services="import"/>
+        <module name="org.keycloak.keycloak-social-google" services="import"/>
+        <module name="org.keycloak.keycloak-social-twitter" services="import"/>
+        <module name="org.keycloak.keycloak-social-linkedin" services="import"/>
+        <module name="org.keycloak.keycloak-social-stackoverflow" services="import"/>
+        <module name="org.keycloak.keycloak-timer-api" services="import"/>
+        <module name="org.keycloak.keycloak-timer-basic" services="import"/>
+
+        <module name="javax.ws.rs.api"/>
+        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
+        <module name="org.jboss.resteasy.resteasy-multipart-provider"/>
+        <module name="javax.servlet.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+        <module name="com.google.zxing.core"/>
+        <module name="com.google.zxing.javase"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.bouncycastle" />
+        <module name="net.iharder.base64"/>
+        <module name="javax.api"/>
+        <module name="javax.activation.api"/>
+        <module name="org.apache.httpcomponents"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-core/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-core/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-core/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-core/main/module.xml
index 76b344d25d..31c7e95f14 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-core/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-core/main/module.xml
@@ -1,20 +1,20 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-core">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-broker-core"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="javax.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-core">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-broker-core"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="javax.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-facebook/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-facebook/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-facebook/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-facebook/main/module.xml
index a3db93e3c7..f842f83cdc 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-facebook/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-facebook/main/module.xml
@@ -1,22 +1,22 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-facebook">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-social-core"/>
-        <module name="org.keycloak.keycloak-broker-core"/>
-        <module name="org.keycloak.keycloak-broker-oidc"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-facebook">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-social-core"/>
+        <module name="org.keycloak.keycloak-broker-core"/>
+        <module name="org.keycloak.keycloak-broker-oidc"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-github/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-github/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-github/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-github/main/module.xml
index ad2223940e..86f47742ff 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-github/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-github/main/module.xml
@@ -1,22 +1,22 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-github">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-social-core"/>
-        <module name="org.keycloak.keycloak-broker-core"/>
-        <module name="org.keycloak.keycloak-broker-oidc"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-github">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-social-core"/>
+        <module name="org.keycloak.keycloak-broker-core"/>
+        <module name="org.keycloak.keycloak-broker-oidc"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-google/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-google/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-google/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-google/main/module.xml
index e1ba05b13a..d2cd5d6429 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-google/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-google/main/module.xml
@@ -1,22 +1,22 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-google">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-social-core"/>
-        <module name="org.keycloak.keycloak-broker-core"/>
-        <module name="org.keycloak.keycloak-broker-oidc"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-google">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-social-core"/>
+        <module name="org.keycloak.keycloak-broker-core"/>
+        <module name="org.keycloak.keycloak-broker-oidc"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-linkedin/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-linkedin/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-linkedin/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-linkedin/main/module.xml
index 00853bf3a3..34e847ec33 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-linkedin/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-linkedin/main/module.xml
@@ -1,22 +1,22 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-linkedin">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-social-core"/>
-        <module name="org.keycloak.keycloak-broker-core"/>
-        <module name="org.keycloak.keycloak-broker-oidc"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-linkedin">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-social-core"/>
+        <module name="org.keycloak.keycloak-broker-core"/>
+        <module name="org.keycloak.keycloak-broker-oidc"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-stackoverflow/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-stackoverflow/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-stackoverflow/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-stackoverflow/main/module.xml
index 6ddd2a4b93..5d8c98d6e0 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-stackoverflow/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-stackoverflow/main/module.xml
@@ -1,22 +1,22 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-stackoverflow">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-social-core"/>
-        <module name="org.keycloak.keycloak-broker-core"/>
-        <module name="org.keycloak.keycloak-broker-oidc"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-stackoverflow">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-social-core"/>
+        <module name="org.keycloak.keycloak-broker-core"/>
+        <module name="org.keycloak.keycloak-broker-oidc"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-twitter/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-twitter/main/module.xml
similarity index 97%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-twitter/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-twitter/main/module.xml
index 7d5022dac4..a7ca1d435f 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-social-twitter/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-social-twitter/main/module.xml
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-twitter">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.keycloak.keycloak-social-core"/>
-        <module name="org.keycloak.keycloak-broker-core"/>
-        <module name="org.keycloak.keycloak-broker-oidc"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-services"/>
-        <module name="org.twitter4j"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-        <module name="javax.ws.rs.api"/>
-        <module name="org.codehaus.jackson.jackson-core-asl"/>
-        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
-        <module name="org.codehaus.jackson.jackson-xc"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-social-twitter">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-social-core"/>
+        <module name="org.keycloak.keycloak-broker-core"/>
+        <module name="org.keycloak.keycloak-broker-oidc"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-services"/>
+        <module name="org.twitter4j"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+        <module name="javax.ws.rs.api"/>
+        <module name="org.codehaus.jackson.jackson-core-asl"/>
+        <module name="org.codehaus.jackson.jackson-mapper-asl"/>
+        <module name="org.codehaus.jackson.jackson-xc"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-timer-api/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-timer-api/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-timer-api/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-timer-api/main/module.xml
index 0140db4a67..474fa0184c 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-timer-api/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-timer-api/main/module.xml
@@ -1,16 +1,16 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-timer-api">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-timer-api">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-timer-basic/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-timer-basic/main/module.xml
similarity index 96%
rename from distribution/modules/src/main/resources/modules/org/keycloak/keycloak-timer-basic/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-timer-basic/main/module.xml
index 6147e17e02..dbb65bc223 100755
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-timer-basic/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-timer-basic/main/module.xml
@@ -1,17 +1,17 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-timer-basic">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.keycloak.keycloak-timer-api"/>
-        <module name="org.keycloak.keycloak-model-api"/>
-        <module name="org.keycloak.keycloak-core"/>
-        <module name="org.jboss.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-timer-basic">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.keycloak.keycloak-timer-api"/>
+        <module name="org.keycloak.keycloak-model-api"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.jboss.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/liquibase/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/liquibase/main/module.xml
similarity index 95%
rename from distribution/modules/src/main/resources/modules/org/liquibase/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/liquibase/main/module.xml
index 23826c4b39..ed75cbc796 100755
--- a/distribution/modules/src/main/resources/modules/org/liquibase/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/liquibase/main/module.xml
@@ -1,14 +1,14 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.liquibase">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="org.apache.commons.logging"/>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.liquibase">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="org.apache.commons.logging"/>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/mongodb/mongo-java-driver/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/mongodb/mongo-java-driver/main/module.xml
similarity index 95%
rename from distribution/modules/src/main/resources/modules/org/mongodb/mongo-java-driver/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/mongodb/mongo-java-driver/main/module.xml
index d07ac5d9eb..82c6a135b0 100755
--- a/distribution/modules/src/main/resources/modules/org/mongodb/mongo-java-driver/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/mongodb/mongo-java-driver/main/module.xml
@@ -1,13 +1,13 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.mongodb.mongo-java-driver">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.mongodb.mongo-java-driver">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/org/twitter4j/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/twitter4j/main/module.xml
similarity index 95%
rename from distribution/modules/src/main/resources/modules/org/twitter4j/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/twitter4j/main/module.xml
index 887a044a24..6c6187f98c 100755
--- a/distribution/modules/src/main/resources/modules/org/twitter4j/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/twitter4j/main/module.xml
@@ -1,13 +1,13 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-
-
-<module xmlns="urn:jboss:module:1.1" name="org.twitter4j">
-    <resources>
-        <!-- Insert resources here -->
-    </resources>
-    <dependencies>
-        <module name="javax.api"/>
-    </dependencies>
-
-</module>
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.twitter4j">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="javax.api"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/modules/src/main/resources/modules/sun/jdk/jgss/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/sun/jdk/jgss/main/module.xml
similarity index 100%
rename from distribution/modules/src/main/resources/modules/sun/jdk/jgss/main/module.xml
rename to distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/sun/jdk/jgss/main/module.xml
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml b/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml
new file mode 100755
index 0000000000..1ead8b9e8e
--- /dev/null
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/assembly.xml
@@ -0,0 +1,45 @@
+<assembly>
+    <id>server-dist</id>
+
+    <formats>
+        <format>zip</format>
+        <format>tar.gz</format>
+    </formats>
+
+    <includeBaseDirectory>false</includeBaseDirectory>
+
+    <fileSets>
+        <fileSet>
+            <directory>${project.build.directory}/unpacked/modules</directory>
+            <outputDirectory>modules/system/layers/base</outputDirectory>
+        </fileSet>
+        <fileSet>
+            <directory>../../../forms/common-themes/src/main/resources/theme</directory>
+            <outputDirectory>standalone/configuration/themes</outputDirectory>
+            <includes>
+                <include>**/**</include>
+            </includes>
+        </fileSet>
+    </fileSets>
+
+    <files>
+        <file>
+            <source>${project.build.directory}/standalone.xml</source>
+            <outputDirectory>standalone/configuration</outputDirectory>
+            <destName>standalone-keycloak.xml</destName>
+        </file>
+        <file>
+            <source>src/main/keycloak-server.json</source>
+            <outputDirectory>standalone/configuration</outputDirectory>
+        </file>
+        <file>
+            <source>src/main/themes/README.txt</source>
+            <outputDirectory>standalone/configuration/themes</outputDirectory>
+        </file>
+        <file>
+            <source>src/main/providers/README.txt</source>
+            <outputDirectory>standalone/configuration/providers</outputDirectory>
+        </file>
+    </files>
+
+</assembly>
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml b/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
new file mode 100755
index 0000000000..b767ff8672
--- /dev/null
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
@@ -0,0 +1,128 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <artifactId>keycloak-parent</artifactId>
+        <groupId>org.keycloak</groupId>
+        <version>1.3.0.Final-SNAPSHOT</version>
+        <relativePath>../../../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>keycloak-eap6-server-overlay</artifactId>
+    <packaging>pom</packaging>
+    <name>Keycloak EAP 6 Server Overlay Distribution</name>
+    <description/>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-eap6-server-modules</artifactId>
+            <type>zip</type>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.as</groupId>
+            <artifactId>jboss-as-dist</artifactId>
+            <type>zip</type>
+            <version>${jboss.version}</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <finalName>keycloak-eap6-overlay-${project.version}</finalName>
+
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>unpack-standalone-xml</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>unpack</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.jboss.as</groupId>
+                                    <artifactId>jboss-as-dist</artifactId>
+                                    <type>zip</type>
+                                    <outputDirectory>${project.build.directory}/unpacked</outputDirectory>
+                                </artifactItem>
+                            </artifactItems>
+                            <includes>*/standalone/configuration/standalone.xml</includes>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>unpack-jboss-modules</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>unpack</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.keycloak</groupId>
+                                    <artifactId>keycloak-eap6-server-modules</artifactId>
+                                    <type>zip</type>
+                                    <outputDirectory>${project.build.directory}/unpacked/modules</outputDirectory>
+                                </artifactItem>
+                            </artifactItems>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>xml-maven-plugin</artifactId>
+                <version>1.0</version>
+                <executions>
+                    <execution>
+                        <id>generate-resources</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>transform</goal>
+                        </goals>
+                        <configuration>
+                            <transformationSets>
+                                <transformationSet>
+                                    <dir>${project.build.directory}/unpacked/jboss-eap-6.4/standalone/configuration</dir>
+                                    <stylesheet>src/main/xslt/standalone.xsl</stylesheet>
+                                    <includes>
+                                        <include>standalone.xml</include>
+                                    </includes>
+                                    <outputDir>${project.build.directory}</outputDir>
+                                </transformationSet>
+                            </transformationSets>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>assemble</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                        <configuration>
+                            <descriptors>
+                                <descriptor>assembly.xml</descriptor>
+                            </descriptors>
+                            <recompressZippedFiles>true</recompressZippedFiles>
+                            <finalName>${project.build.finalName}</finalName>
+                            <appendAssemblyId>false</appendAssemblyId>
+                            <outputDirectory>${project.build.directory}</outputDirectory>
+                            <workDirectory>${project.build.directory}/assembly/work</workDirectory>
+                            <tarLongFileMode>gnu</tarLongFileMode>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/src/main/keycloak-server.json b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/keycloak-server.json
new file mode 100644
index 0000000000..9f0d03ea5d
--- /dev/null
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/keycloak-server.json
@@ -0,0 +1,72 @@
+{
+    "admin": {
+        "realm": "master"
+    },
+
+    "eventsStore": {
+        "provider": "jpa",
+        "jpa": {
+            "exclude-events": [ "REFRESH_TOKEN" ]
+        }
+    },
+
+    "realm": {
+        "provider": "jpa"
+    },
+
+    "user": {
+        "provider": "jpa"
+    },
+
+    "userSessions": {
+        "provider" : "mem"
+    },
+
+    "realmCache": {
+        "provider": "mem"
+    },
+
+    "userCache": {
+        "provider": "mem",
+        "mem": {
+            "maxSize": 20000
+        }
+    },
+
+    "timer": {
+        "provider": "basic"
+    },
+
+    "theme": {
+        "default": "keycloak",
+        "staticMaxAge": 2592000,
+        "cacheTemplates": true,
+        "cacheThemes": true,
+        "folder": {
+          "dir": "${jboss.server.config.dir}/themes"
+        }
+    },
+
+    "login": {
+        "provider": "freemarker"
+    },
+
+    "account": {
+        "provider": "freemarker"
+    },
+
+    "email": {
+        "provider": "freemarker"
+    },
+
+    "scheduled": {
+        "interval": 900
+    },
+
+    "connectionsJpa": {
+        "default": {
+            "dataSource": "java:jboss/datasources/KeycloakDS",
+            "databaseSchema": "update"
+        }
+    }
+}
\ No newline at end of file
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/src/main/providers/README.txt b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/providers/README.txt
new file mode 100644
index 0000000000..a6d523b43f
--- /dev/null
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/providers/README.txt
@@ -0,0 +1,2 @@
+Any provider implementation jars and libraries in this folder will be loaded by Keycloak. See the providers
+section in the documentation for more details.
\ No newline at end of file
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/src/main/themes/README.txt b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/themes/README.txt
new file mode 100644
index 0000000000..705b73ac69
--- /dev/null
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/themes/README.txt
@@ -0,0 +1,3 @@
+Themes to configure the look and feel of login pages and account management console. It's not recommended to
+modify existing the built-in themes, instead you should create a new theme that extends a built-in theme. See the theme
+section in the documentation for more details.
\ No newline at end of file
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone.xsl b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone.xsl
new file mode 100755
index 0000000000..6f0abad4d9
--- /dev/null
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone.xsl
@@ -0,0 +1,68 @@
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                xmlns:xalan="http://xml.apache.org/xalan"
+                xmlns:j="urn:jboss:domain:1.7"
+                xmlns:ds="urn:jboss:domain:datasources:1.2"
+                xmlns:k="urn:jboss:domain:keycloak:1.1"
+                xmlns:sec="urn:jboss:domain:security:1.2"
+                version="2.0"
+                exclude-result-prefixes="xalan j ds k sec">
+
+    <xsl:param name="config"/>
+
+    <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
+    <xsl:strip-space elements="*"/>
+
+    <xsl:template match="//j:extensions">
+        <xsl:copy>
+            <xsl:apply-templates select="node()|@*"/>
+            <extension module="org.keycloak.keycloak-server-subsystem"/>
+        </xsl:copy>
+    </xsl:template>
+
+    <xsl:template match="//ds:datasources">
+        <xsl:copy>
+            <xsl:apply-templates select="node()[name(.)='datasource']"/>
+            <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
+                <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
+                <driver>h2</driver>
+                <security>
+                    <user-name>sa</user-name>
+                    <password>sa</password>
+                </security>
+            </datasource>
+            <xsl:apply-templates select="node()[name(.)='drivers']"/>
+        </xsl:copy>
+    </xsl:template>
+
+    <xsl:template match="//j:profile">
+        <xsl:copy>
+            <xsl:apply-templates select="node()|@*"/>
+            <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
+                <web-context>auth</web-context>
+            </subsystem>
+        </xsl:copy>
+    </xsl:template>
+
+    <xsl:template match="//sec:security-domains">
+        <xsl:copy>
+            <xsl:apply-templates select="node()[name(.)='security-domain']"/>
+            <security-domain name="keycloak">
+                <authentication>
+                    <login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
+                </authentication>
+            </security-domain>
+            <security-domain name="sp" cache-type="default">
+                <authentication>
+                    <login-module code="org.picketlink.identity.federation.bindings.wildfly.SAML2LoginModule" flag="required"/>
+                </authentication>
+            </security-domain>
+        </xsl:copy>
+    </xsl:template>
+
+    <xsl:template match="@*|node()">
+        <xsl:copy>
+            <xsl:apply-templates select="@*|node()" />
+        </xsl:copy>
+    </xsl:template>
+
+</xsl:stylesheet>
\ No newline at end of file
diff --git a/distribution/server-overlay/eap6/pom.xml b/distribution/server-overlay/eap6/pom.xml
new file mode 100755
index 0000000000..4ba114b7bc
--- /dev/null
+++ b/distribution/server-overlay/eap6/pom.xml
@@ -0,0 +1,21 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <artifactId>keycloak-parent</artifactId>
+        <groupId>org.keycloak</groupId>
+        <version>1.3.0.Final-SNAPSHOT</version>
+        <relativePath>../../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>keycloak-eap6-server-overlay-parent</artifactId>
+    <packaging>pom</packaging>
+    <name>Keycloak EAP 6 Server Overlay</name>
+    <description/>
+
+
+    <modules>
+        <module>eap6-server-modules</module>
+        <module>eap6-server-overlay</module>
+    </modules>
+</project>
diff --git a/distribution/server-overlay/pom.xml b/distribution/server-overlay/pom.xml
index 7ab8862188..1ad265932c 100755
--- a/distribution/server-overlay/pom.xml
+++ b/distribution/server-overlay/pom.xml
@@ -1,78 +1,21 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <parent>
-        <artifactId>keycloak-parent</artifactId>
-        <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
-        <relativePath>../../pom.xml</relativePath>
-    </parent>
-
-    <artifactId>keycloak-server-overlay</artifactId>
-    <packaging>pom</packaging>
-    <name>Keycloak Server Overlay Distribution</name>
-    <description/>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-server-dist</artifactId>
-            <type>zip</type>
-        </dependency>
-    </dependencies>
-
-    <build>
-        <finalName>keycloak-overlay-${project.version}</finalName>
-
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-dependency-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>unpack-server-dist</id>
-                        <phase>prepare-package</phase>
-                        <goals>
-                            <goal>unpack</goal>
-                        </goals>
-                        <configuration>
-                            <artifactItems>
-                                <artifactItem>
-                                    <groupId>org.keycloak</groupId>
-                                    <artifactId>keycloak-server-dist</artifactId>
-                                    <type>zip</type>
-                                    <outputDirectory>${project.build.directory}/unpacked</outputDirectory>
-                                </artifactItem>
-                            </artifactItems>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-assembly-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>assemble</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>single</goal>
-                        </goals>
-                        <configuration>
-                            <descriptors>
-                                <descriptor>assembly.xml</descriptor>
-                            </descriptors>
-                            <recompressZippedFiles>true</recompressZippedFiles>
-                            <finalName>${project.build.finalName}</finalName>
-                            <appendAssemblyId>false</appendAssemblyId>
-                            <outputDirectory>${project.build.directory}</outputDirectory>
-                            <workDirectory>${project.build.directory}/assembly/work</workDirectory>
-                            <tarLongFileMode>gnu</tarLongFileMode>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
-        </plugins>
-    </build>
-
-</project>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <artifactId>keycloak-parent</artifactId>
+        <groupId>org.keycloak</groupId>
+        <version>1.3.0.Final-SNAPSHOT</version>
+        <relativePath>../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>keycloak-server-overlay</artifactId>
+    <packaging>pom</packaging>
+    <name>Keycloak Server Overlay Distributions</name>
+    <description/>
+
+
+    <modules>
+        <module>wf9-server-overlay</module>
+        <module>eap6</module>
+    </modules>
+</project>
diff --git a/distribution/server-overlay/assembly.xml b/distribution/server-overlay/wf9-server-overlay/assembly.xml
similarity index 97%
rename from distribution/server-overlay/assembly.xml
rename to distribution/server-overlay/wf9-server-overlay/assembly.xml
index 6efb409247..4d87e6912e 100755
--- a/distribution/server-overlay/assembly.xml
+++ b/distribution/server-overlay/wf9-server-overlay/assembly.xml
@@ -1,67 +1,67 @@
-<assembly>
-    <id>server-dist</id>
-
-    <formats>
-        <format>zip</format>
-        <format>tar.gz</format>
-    </formats>
-
-    <includeBaseDirectory>false</includeBaseDirectory>
-
-    <fileSets>
-        <fileSet>
-            <directory>${project.build.directory}/unpacked/keycloak-${project.version}/modules/system/layers/base</directory>
-            <outputDirectory>modules/system/layers/base</outputDirectory>
-            <includes>
-                <include>com/google/zxing/**</include>
-                <include>de/idyl/winzipaes/**</include>
-                <include>net/iharder/**</include>
-                <include>org/freemarker/**</include>
-                <include>org/keycloak/**</include>
-                <include>org/liquibase/**</include>
-                <include>org/mongodb/**</include>
-                <include>org/twitter4j/**</include>
-                <include>sun/jdk/jgss/**</include>
-            </includes>
-        </fileSet>
-        <fileSet>
-            <directory>${project.build.directory}/unpacked/keycloak-${project.version}/content</directory>
-            <outputDirectory></outputDirectory>
-        </fileSet>
-        <fileSet>
-            <directory>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/themes</directory>
-            <outputDirectory>standalone/configuration/themes</outputDirectory>
-            <includes>
-                <include>**/**</include>
-            </includes>
-        </fileSet>
-        <fileSet>
-            <directory>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/providers</directory>
-            <outputDirectory>standalone/configuration/providers</outputDirectory>
-            <includes>
-                <include>**/**</include>
-            </includes>
-        </fileSet>
-        <fileSet>
-            <directory>../../</directory>
-            <includes>
-                <include>License.html</include>
-            </includes>
-            <outputDirectory></outputDirectory>
-        </fileSet>
-
-    </fileSets>
-
-    <files>
-        <file>
-            <source>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/standalone.xml</source>
-            <outputDirectory>standalone/configuration</outputDirectory>
-            <destName>standalone-keycloak.xml</destName>
-        </file>
-        <file>
-            <source>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/keycloak-server.json</source>
-            <outputDirectory>standalone/configuration</outputDirectory>
-        </file>
-    </files>
-
-</assembly>
+<assembly>
+    <id>server-dist</id>
+
+    <formats>
+        <format>zip</format>
+        <format>tar.gz</format>
+    </formats>
+
+    <includeBaseDirectory>false</includeBaseDirectory>
+
+    <fileSets>
+        <fileSet>
+            <directory>${project.build.directory}/unpacked/keycloak-${project.version}/modules/system/layers/base</directory>
+            <outputDirectory>modules/system/layers/base</outputDirectory>
+            <includes>
+                <include>com/google/zxing/**</include>
+                <include>de/idyl/winzipaes/**</include>
+                <include>net/iharder/**</include>
+                <include>org/freemarker/**</include>
+                <include>org/keycloak/**</include>
+                <include>org/liquibase/**</include>
+                <include>org/mongodb/**</include>
+                <include>org/twitter4j/**</include>
+                <include>sun/jdk/jgss/**</include>
+            </includes>
+        </fileSet>
+        <fileSet>
+            <directory>${project.build.directory}/unpacked/keycloak-${project.version}/content</directory>
+            <outputDirectory></outputDirectory>
+        </fileSet>
+        <fileSet>
+            <directory>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/themes</directory>
+            <outputDirectory>standalone/configuration/themes</outputDirectory>
+            <includes>
+                <include>**/**</include>
+            </includes>
+        </fileSet>
+        <fileSet>
+            <directory>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/providers</directory>
+            <outputDirectory>standalone/configuration/providers</outputDirectory>
+            <includes>
+                <include>**/**</include>
+            </includes>
+        </fileSet>
+        <fileSet>
+            <directory>../../</directory>
+            <includes>
+                <include>License.html</include>
+            </includes>
+            <outputDirectory></outputDirectory>
+        </fileSet>
+
+    </fileSets>
+
+    <files>
+        <file>
+            <source>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/standalone.xml</source>
+            <outputDirectory>standalone/configuration</outputDirectory>
+            <destName>standalone-keycloak.xml</destName>
+        </file>
+        <file>
+            <source>${project.build.directory}/unpacked/keycloak-${project.version}/standalone/configuration/keycloak-server.json</source>
+            <outputDirectory>standalone/configuration</outputDirectory>
+        </file>
+    </files>
+
+</assembly>
diff --git a/distribution/server-overlay/wf9-server-overlay/pom.xml b/distribution/server-overlay/wf9-server-overlay/pom.xml
new file mode 100755
index 0000000000..497c4ebc8f
--- /dev/null
+++ b/distribution/server-overlay/wf9-server-overlay/pom.xml
@@ -0,0 +1,78 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <artifactId>keycloak-parent</artifactId>
+        <groupId>org.keycloak</groupId>
+        <version>1.3.0.Final-SNAPSHOT</version>
+        <relativePath>../../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>keycloak-wf9-server-overlay</artifactId>
+    <packaging>pom</packaging>
+    <name>Keycloak Wildfly 9 Server Overlay Distribution</name>
+    <description/>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-server-dist</artifactId>
+            <type>zip</type>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <finalName>keycloak-overlay-${project.version}</finalName>
+
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>unpack-server-dist</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>unpack</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.keycloak</groupId>
+                                    <artifactId>keycloak-server-dist</artifactId>
+                                    <type>zip</type>
+                                    <outputDirectory>${project.build.directory}/unpacked</outputDirectory>
+                                </artifactItem>
+                            </artifactItems>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>assemble</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                        <configuration>
+                            <descriptors>
+                                <descriptor>assembly.xml</descriptor>
+                            </descriptors>
+                            <recompressZippedFiles>true</recompressZippedFiles>
+                            <finalName>${project.build.finalName}</finalName>
+                            <appendAssemblyId>false</appendAssemblyId>
+                            <outputDirectory>${project.build.directory}</outputDirectory>
+                            <workDirectory>${project.build.directory}/assembly/work</workDirectory>
+                            <tarLongFileMode>gnu</tarLongFileMode>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
diff --git a/integration/as7-eap6/as7-server-subsystem/pom.xml b/integration/as7-eap6/as7-server-subsystem/pom.xml
new file mode 100755
index 0000000000..d268d352cb
--- /dev/null
+++ b/integration/as7-eap6/as7-server-subsystem/pom.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+~ Copyright 2013 JBoss Inc
+~
+~ Licensed under the Apache License, Version 2.0 (the "License");
+~ you may not use this file except in compliance with the License.
+~ You may obtain a copy of the License at
+~
+~       http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing, software
+~ distributed under the License is distributed on an "AS IS" BASIS,
+~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+~ See the License for the specific language governing permissions and
+~ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.keycloak</groupId>
+        <artifactId>keycloak-parent</artifactId>
+        <version>1.3.0.Final-SNAPSHOT</version>
+        <relativePath>../../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>keycloak-as7-server-subsystem</artifactId>
+    <name>Keycloak AS7 / EAP 6 Server Subsystem</name>
+    <description/>
+    <packaging>jar</packaging>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <redirectTestOutputToFile>false</redirectTestOutputToFile>
+                    <enableAssertions>true</enableAssertions>
+                    <systemProperties>
+                        <property>
+                            <name>jboss.home</name>
+                            <value>${jboss.home}</value>
+                        </property>
+                    </systemProperties>
+                    <includes>
+                        <include>**/*TestCase.java</include>
+                    </includes>
+                </configuration>
+            </plugin>            
+        </plugins>
+    </build>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.jboss.as</groupId>
+            <artifactId>jboss-as-naming</artifactId>
+            <version>${jboss.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.as</groupId>
+            <artifactId>jboss-as-server</artifactId>
+            <version>${jboss.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.as</groupId>
+            <artifactId>jboss-as-ee</artifactId>
+            <version>${jboss.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.as</groupId>
+            <artifactId>jboss-as-web</artifactId>
+            <version>${jboss.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.logging</groupId>
+            <artifactId>jboss-logging-annotations</artifactId>
+            <version>${jboss-logging-tools.version}</version>
+            <!-- This is a compile-time dependency of this project, but is not needed at compile or runtime by other
+            projects that depend on this project.-->
+            <scope>provided</scope>
+            <optional>true</optional>
+        </dependency>
+
+        <dependency>
+            <groupId>org.jboss.logging</groupId>
+            <artifactId>jboss-logging-processor</artifactId>
+            <!-- This is a compile-time dependency of this project, but is not needed at compile or runtime by other
+            projects that depend on this project.-->
+            <scope>provided</scope>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.msc</groupId>
+            <artifactId>jboss-msc</artifactId>
+            <version>1.0.2.GA</version>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>
diff --git a/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakAdapterConfigService.java b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakAdapterConfigService.java
new file mode 100755
index 0000000000..9e13799f16
--- /dev/null
+++ b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakAdapterConfigService.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.server.as7;
+
+/**
+ * This service keeps track of the entire Keycloak management model so as to provide
+ * adapter configuration to each deployment at deploy time.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
+ */
+public final class KeycloakAdapterConfigService {
+
+    static final KeycloakAdapterConfigService INSTANCE = new KeycloakAdapterConfigService();
+
+    static final String DEPLOYMENT_NAME = "keycloak-server";
+
+    private String webContext;
+
+
+    private KeycloakAdapterConfigService() {
+    }
+
+    void setWebContext(String webContext) {
+        this.webContext = webContext;
+    }
+
+    String getWebContext() {
+        return webContext;
+    }
+
+    boolean isKeycloakServerDeployment(String deploymentName) {
+        return DEPLOYMENT_NAME.equals(deploymentName);
+    }
+}
diff --git a/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakExtension.java b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakExtension.java
new file mode 100755
index 0000000000..296faa5671
--- /dev/null
+++ b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakExtension.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.server.as7;
+
+import org.jboss.as.controller.Extension;
+import org.jboss.as.controller.ExtensionContext;
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.ResourceDefinition;
+import org.jboss.as.controller.SubsystemRegistration;
+import org.jboss.as.controller.descriptions.StandardResourceDescriptionResolver;
+import org.jboss.as.controller.parsing.ExtensionParsingContext;
+
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
+import static org.keycloak.subsystem.server.logging.KeycloakLogger.ROOT_LOGGER;
+
+
+/**
+ * Main Extension class for the subsystem.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
+ */
+public class KeycloakExtension implements Extension {
+
+    static final String SUBSYSTEM_NAME = "keycloak-server";
+    static final String NAMESPACE = "urn:jboss:domain:keycloak-server:1.1";
+    static final PathElement PATH_SUBSYSTEM = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
+
+    private static final String RESOURCE_NAME = KeycloakExtension.class.getPackage().getName() + ".LocalDescriptions";
+    private static final ResourceDefinition KEYCLOAK_SUBSYSTEM_RESOURCE = new KeycloakSubsystemDefinition();
+    private static final KeycloakSubsystemParser PARSER = new KeycloakSubsystemParser();
+    private static final int MGMT_API_VERSION_MAJOR = 1;
+    private static final int MGMT_API_VERSION_MINOR = 1;
+
+    static StandardResourceDescriptionResolver getResourceDescriptionResolver(final String... keyPrefix) {
+        StringBuilder prefix = new StringBuilder(SUBSYSTEM_NAME);
+        for (String kp : keyPrefix) {
+            prefix.append('.').append(kp);
+        }
+        return new StandardResourceDescriptionResolver(prefix.toString(), RESOURCE_NAME, KeycloakExtension.class.getClassLoader(), true, false);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void initializeParsers(final ExtensionParsingContext context) {
+        context.setSubsystemXmlMapping(SUBSYSTEM_NAME, NAMESPACE, PARSER);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void initialize(final ExtensionContext context) {
+        ROOT_LOGGER.debug("Activating Keycloak Extension");
+        final SubsystemRegistration subsystem = context.registerSubsystem(SUBSYSTEM_NAME, MGMT_API_VERSION_MAJOR, MGMT_API_VERSION_MINOR);
+
+        subsystem.registerSubsystemModel(KEYCLOAK_SUBSYSTEM_RESOURCE);
+        subsystem.registerXMLElementWriter(PARSER);
+    }
+}
diff --git a/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakServerDeploymentProcessor.java b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakServerDeploymentProcessor.java
new file mode 100644
index 0000000000..145071d280
--- /dev/null
+++ b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakServerDeploymentProcessor.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.server.as7;
+
+import org.jboss.as.ee.component.EEModuleDescription;
+import org.jboss.as.server.deployment.DeploymentPhaseContext;
+import org.jboss.as.server.deployment.DeploymentUnit;
+import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
+import org.jboss.as.server.deployment.DeploymentUnitProcessor;
+
+/**
+ * DUP responsible for setting the web context of a Keycloak auth server.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
+ */
+public class KeycloakServerDeploymentProcessor implements DeploymentUnitProcessor {
+
+    @Override
+    public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
+        DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
+        KeycloakAdapterConfigService config = KeycloakAdapterConfigService.INSTANCE;
+        String deploymentName = deploymentUnit.getName();
+
+        if (!config.isKeycloakServerDeployment(deploymentName)) {
+            return;
+        }
+
+        final EEModuleDescription description = deploymentUnit.getAttachment(org.jboss.as.ee.component.Attachments.EE_MODULE_DESCRIPTION);
+        String webContext = config.getWebContext();
+        if (webContext == null) {
+            throw new DeploymentUnitProcessingException("Can't determine web context/module for Keycloak Server");
+        }
+        description.setModuleName(webContext);
+    }
+
+    @Override
+    public void undeploy(DeploymentUnit du) {
+    }
+}
diff --git a/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemAdd.java b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemAdd.java
new file mode 100755
index 0000000000..19d7aa2a6b
--- /dev/null
+++ b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemAdd.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.server.as7;
+
+import org.jboss.as.controller.AbstractBoottimeAddStepHandler;
+import org.jboss.as.controller.AttributeDefinition;
+import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationFailedException;
+import org.jboss.as.controller.ServiceVerificationHandler;
+import org.jboss.as.controller.registry.Resource;
+import org.jboss.as.server.AbstractDeploymentChainStep;
+import org.jboss.as.server.DeploymentProcessorTarget;
+import org.jboss.as.server.deployment.Phase;
+import org.jboss.dmr.ModelNode;
+
+import org.jboss.msc.service.ServiceController;
+
+import java.util.List;
+
+import static org.keycloak.subsystem.server.as7.KeycloakExtension.SUBSYSTEM_NAME;
+
+/**
+ * The Keycloak subsystem add update handler.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
+ */
+class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler {
+
+    static final KeycloakSubsystemAdd INSTANCE = new KeycloakSubsystemAdd();
+
+    @Override
+    protected void performBoottime(final OperationContext context, final ModelNode operation, final ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) {
+        context.addStep(new AbstractDeploymentChainStep() {
+            @Override
+            protected void execute(DeploymentProcessorTarget processorTarget) {
+                processorTarget.addDeploymentProcessor(SUBSYSTEM_NAME,
+                        Phase.POST_MODULE, // PHASE
+                        Phase.POST_MODULE_VALIDATOR_FACTORY - 1, // PRIORITY
+                        new KeycloakServerDeploymentProcessor());
+            }
+        }, OperationContext.Stage.RUNTIME);
+    }
+
+    protected void populateModel(final OperationContext context, final ModelNode operation, final Resource resource) throws  OperationFailedException {
+        ModelNode model = resource.getModel();
+
+        // set attribute values from parsed model
+        for (AttributeDefinition attrDef : KeycloakSubsystemDefinition.ALL_ATTRIBUTES) {
+            attrDef.validateAndSet(operation, model);
+        }
+
+        // returns early if on domain controller
+        if (!requiresRuntime(context)) {
+            return;
+        }
+
+        // don't want to try to start server on host controller
+        if (!context.isNormalServer()) {
+            return;
+        }
+
+        ModelNode webContextNode = resource.getModel().get(KeycloakSubsystemDefinition.WEB_CONTEXT.getName());
+        if (!webContextNode.isDefined()) {
+            webContextNode = KeycloakSubsystemDefinition.WEB_CONTEXT.getDefaultValue();
+        }
+        String webContext = webContextNode.asString();
+
+        ServerUtil serverUtil = new ServerUtil(operation);
+        serverUtil.addStepToUploadServerWar(context);
+        KeycloakAdapterConfigService.INSTANCE.setWebContext(webContext);
+    }
+}
diff --git a/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemDefinition.java b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemDefinition.java
new file mode 100644
index 0000000000..832aa92b59
--- /dev/null
+++ b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemDefinition.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.server.as7;
+
+import org.jboss.as.controller.AttributeDefinition;
+import org.jboss.as.controller.SimpleAttributeDefinition;
+import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
+import org.jboss.as.controller.SimpleResourceDefinition;
+import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler;
+import org.jboss.as.controller.registry.ManagementResourceRegistration;
+import org.jboss.dmr.ModelNode;
+import org.jboss.dmr.ModelType;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Definition of subsystem=keycloak-server.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
+ */
+public class KeycloakSubsystemDefinition extends SimpleResourceDefinition {
+
+    static final SimpleAttributeDefinition WEB_CONTEXT =
+        new SimpleAttributeDefinitionBuilder("web-context", ModelType.STRING, true)
+            .setAllowExpression(true)
+            .setDefaultValue(new ModelNode("auth"))
+            .setRestartAllServices()
+            .build();
+
+    static final List<SimpleAttributeDefinition> ALL_ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>();
+
+    static {
+        ALL_ATTRIBUTES.add(WEB_CONTEXT);
+    }
+
+    private static final Map<String, SimpleAttributeDefinition> DEFINITION_LOOKUP = new HashMap<String, SimpleAttributeDefinition>();
+    static {
+        for (SimpleAttributeDefinition def : ALL_ATTRIBUTES) {
+            DEFINITION_LOOKUP.put(def.getXmlName(), def);
+        }
+    }
+
+    private static KeycloakSubsystemWriteAttributeHandler attrHandler = new KeycloakSubsystemWriteAttributeHandler(ALL_ATTRIBUTES);
+
+    protected KeycloakSubsystemDefinition() {
+        super(KeycloakExtension.PATH_SUBSYSTEM,
+            KeycloakExtension.getResourceDescriptionResolver("subsystem"),
+            KeycloakSubsystemAdd.INSTANCE,
+            KeycloakSubsystemRemoveHandler.INSTANCE
+        );
+    }
+
+    @Override
+    public void registerOperations(ManagementResourceRegistration resourceRegistration) {
+        super.registerOperations(resourceRegistration);
+        resourceRegistration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
+    }
+
+    @Override
+    public void registerAttributes(ManagementResourceRegistration resourceRegistration) {
+        super.registerAttributes(resourceRegistration);
+        for (AttributeDefinition attrDef : ALL_ATTRIBUTES) {
+            resourceRegistration.registerReadWriteAttribute(attrDef, null, attrHandler);
+        }
+    }
+
+    public static SimpleAttributeDefinition lookup(String name) {
+        return DEFINITION_LOOKUP.get(name);
+    }
+}
diff --git a/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemParser.java b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemParser.java
new file mode 100755
index 0000000000..05bd55314f
--- /dev/null
+++ b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemParser.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.server.as7;
+
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.operations.common.Util;
+import org.jboss.as.controller.parsing.ParseUtils;
+import org.jboss.as.controller.persistence.SubsystemMarshallingContext;
+import org.jboss.dmr.ModelNode;
+import org.jboss.staxmapper.XMLElementReader;
+import org.jboss.staxmapper.XMLElementWriter;
+import org.jboss.staxmapper.XMLExtendedStreamReader;
+import org.jboss.staxmapper.XMLExtendedStreamWriter;
+
+import javax.xml.stream.XMLStreamConstants;
+import javax.xml.stream.XMLStreamException;
+import java.util.List;
+
+import static org.keycloak.subsystem.server.as7.KeycloakExtension.PATH_SUBSYSTEM;
+import static org.keycloak.subsystem.server.as7.KeycloakSubsystemDefinition.WEB_CONTEXT;
+
+/**
+ * The subsystem parser, which uses stax to read and write to and from xml
+ */
+class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<List<ModelNode>>, XMLElementWriter<SubsystemMarshallingContext> {
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void readElement(final XMLExtendedStreamReader reader, final List<ModelNode> list) throws XMLStreamException {
+        // Require no attributes
+        ParseUtils.requireNoAttributes(reader);
+        ModelNode addKeycloakSub = Util.createAddOperation(PathAddress.pathAddress(PATH_SUBSYSTEM));
+        list.add(addKeycloakSub);
+
+        while (reader.hasNext() && nextTag(reader) != END_ELEMENT) {
+            if (reader.getLocalName().equals(WEB_CONTEXT.getXmlName())) {
+                WEB_CONTEXT.parseAndSetParameter(reader.getElementText(), addKeycloakSub, reader);
+            } else {
+                throw new XMLStreamException("Unknown keycloak-server subsystem tag: " + reader.getLocalName());
+            }
+        }
+    }
+
+    // used for debugging
+    private int nextTag(XMLExtendedStreamReader reader) throws XMLStreamException {
+        return reader.nextTag();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void writeContent(final XMLExtendedStreamWriter writer, final SubsystemMarshallingContext context) throws XMLStreamException {
+        context.startSubsystemElement(KeycloakExtension.NAMESPACE, false);
+        writeWebContext(writer, context);
+        writer.writeEndElement();
+    }
+
+    private void writeWebContext(XMLExtendedStreamWriter writer, SubsystemMarshallingContext context) throws XMLStreamException {
+        if (!context.getModelNode().get(WEB_CONTEXT.getName()).isDefined()) {
+            return;
+        }
+
+        WEB_CONTEXT.marshallAsElement(context.getModelNode(), writer);
+    }
+}
diff --git a/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemRemoveHandler.java b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemRemoveHandler.java
new file mode 100644
index 0000000000..a112b4c681
--- /dev/null
+++ b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemRemoveHandler.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.server.as7;
+
+import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationFailedException;
+import org.jboss.as.controller.OperationStepHandler;
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.ReloadRequiredRemoveStepHandler;
+import org.jboss.as.controller.operations.common.Util;
+import org.jboss.dmr.ModelNode;
+
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DEPLOYMENT;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REMOVE;
+import org.jboss.as.controller.registry.ImmutableManagementResourceRegistration;
+
+/**
+ * Remove an auth-server from a realm.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
+ */
+public final class KeycloakSubsystemRemoveHandler extends ReloadRequiredRemoveStepHandler {
+
+    static KeycloakSubsystemRemoveHandler INSTANCE = new KeycloakSubsystemRemoveHandler();
+
+    private KeycloakSubsystemRemoveHandler() {}
+
+    @Override
+    protected void performRemove(OperationContext context, ModelNode operation, ModelNode model) throws OperationFailedException {
+        String deploymentName = ServerUtil.getDeploymentName(operation);
+        KeycloakAdapterConfigService.INSTANCE.setWebContext(null);
+
+        if (requiresRuntime(context)) { // don't do this on a domain controller
+            addStepToRemoveServerWar(context, deploymentName);
+        }
+
+        super.performRemove(context, operation, model);
+    }
+
+    private void addStepToRemoveServerWar(OperationContext context, String deploymentName) {
+        PathAddress deploymentAddress = PathAddress.pathAddress(PathElement.pathElement(DEPLOYMENT, deploymentName));
+        ModelNode op = Util.createOperation(REMOVE, deploymentAddress);
+        context.addStep(op, getRemoveHandler(context, deploymentAddress), OperationContext.Stage.MODEL);
+    }
+
+    private OperationStepHandler getRemoveHandler(OperationContext context, PathAddress address) {
+        ImmutableManagementResourceRegistration rootResourceRegistration = context.getRootResourceRegistration();
+        return rootResourceRegistration.getOperationHandler(address, REMOVE);
+    }
+}
diff --git a/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemWriteAttributeHandler.java b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemWriteAttributeHandler.java
new file mode 100755
index 0000000000..0200254395
--- /dev/null
+++ b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/KeycloakSubsystemWriteAttributeHandler.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.server.as7;
+
+import org.jboss.as.controller.AttributeDefinition;
+import org.jboss.as.controller.SimpleAttributeDefinition;
+
+import java.util.List;
+import org.jboss.as.controller.ModelOnlyWriteAttributeHandler;
+import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationFailedException;
+import org.jboss.as.controller.registry.Resource;
+import org.jboss.dmr.ModelNode;
+
+/**
+ * Update an attribute on an Auth Server.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
+ */
+public class KeycloakSubsystemWriteAttributeHandler extends ModelOnlyWriteAttributeHandler { //extends ReloadRequiredWriteAttributeHandler {
+
+    public KeycloakSubsystemWriteAttributeHandler(List<SimpleAttributeDefinition> definitions) {
+        this(definitions.toArray(new AttributeDefinition[definitions.size()]));
+    }
+
+    public KeycloakSubsystemWriteAttributeHandler(AttributeDefinition... definitions) {
+        super(definitions);
+    }
+
+    @Override
+    protected void finishModelStage(OperationContext context, ModelNode operation, String attributeName, ModelNode newValue, ModelNode oldValue, Resource model) throws OperationFailedException {
+        if (!context.isNormalServer() || attribNotChanging(attributeName, newValue, oldValue)) {
+            super.finishModelStage(context, operation, attributeName, newValue, oldValue, model);
+            return;
+        }
+
+        String deploymentName = ServerUtil.getDeploymentName(operation);
+
+        if (attributeName.equals(KeycloakSubsystemDefinition.WEB_CONTEXT.getName())) {
+            KeycloakAdapterConfigService.INSTANCE.setWebContext(newValue.asString());
+            ServerUtil.addStepToRedeployServerWar(context, deploymentName);
+        }
+
+        super.finishModelStage(context, operation, attributeName, newValue, oldValue, model);
+    }
+
+    private boolean attribNotChanging(String attributeName, ModelNode newValue, ModelNode oldValue) {
+        SimpleAttributeDefinition attribDef = KeycloakSubsystemDefinition.lookup(attributeName);
+        if (!oldValue.isDefined()) {
+            oldValue = attribDef.getDefaultValue();
+        }
+        if (!newValue.isDefined()) {
+            newValue = attribDef.getDefaultValue();
+        }
+        return newValue.equals(oldValue);
+    }
+}
diff --git a/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/ServerUtil.java b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/ServerUtil.java
new file mode 100644
index 0000000000..a31beecaf4
--- /dev/null
+++ b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/as7/ServerUtil.java
@@ -0,0 +1,163 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.server.as7;
+
+import java.io.File;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
+import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationFailedException;
+import org.jboss.as.controller.OperationStepHandler;
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.PathElement;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADDRESS;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ARCHIVE;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.CONTENT;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.DEPLOYMENT;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ENABLED;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.PERSISTENT;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.PATH;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REDEPLOY;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.RUNTIME_NAME;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.URL;
+import org.jboss.as.controller.operations.common.Util;
+import org.jboss.as.controller.registry.ImmutableManagementResourceRegistration;
+
+import org.jboss.dmr.ModelNode;
+import org.jboss.modules.Module;
+import org.jboss.modules.ModuleIdentifier;
+import org.jboss.modules.ModuleLoadException;
+
+/**
+ * Utility methods that help assemble and start an auth server.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
+ */
+public class ServerUtil {
+
+    private static final ModuleIdentifier KEYCLOAK_SUBSYSTEM = ModuleIdentifier.create("org.keycloak.keycloak-server-subsystem");
+
+    private final String deploymentName;
+    private final Module subsysModule;
+    private final String keycloakVersion;
+    private final boolean isServerWarExploded;
+    private final URI serverWar;
+
+    ServerUtil(ModelNode operation) {
+        this.deploymentName = getDeploymentName(operation);
+        this.subsysModule = findSubsysModule();
+        this.keycloakVersion = subsysModule.getProperty("keycloak-version");
+        this.isServerWarExploded = Boolean.parseBoolean(subsysModule.getProperty("server-war-exploded"));
+        this.serverWar = findServerWarUri();
+    }
+
+    private Module findSubsysModule() {
+        try {
+            return Module.getModuleFromCallerModuleLoader(KEYCLOAK_SUBSYSTEM);
+        } catch (ModuleLoadException e) {
+            throw new IllegalStateException("Can't find Keycloak subsystem.", e);
+        }
+    }
+
+    private URI findServerWarUri() throws IllegalStateException {
+        try {
+            URL subsysResource = this.subsysModule.getExportedResource("module.xml");
+            File subsysDir = new File(subsysResource.toURI()).getParentFile();
+            File serverWarDir = new File(subsysDir, "server-war");
+            if (this.isServerWarExploded) {
+                return serverWarDir.toURI();
+            } else {
+                return new File(serverWarDir, "keycloak-server-" + keycloakVersion + ".war").toURI();
+            }
+        } catch (URISyntaxException e) {
+            throw new IllegalStateException(e);
+        } catch (IllegalArgumentException e) {
+            throw new IllegalStateException(e);
+        }
+    }
+
+    void addStepToUploadServerWar(OperationContext context) throws OperationFailedException {
+        PathAddress deploymentAddress = deploymentAddress(deploymentName);
+        ModelNode op = Util.createOperation(ADD, deploymentAddress);
+
+        // this is required for deployment to take place
+        op.get(ENABLED).set(true);
+
+        // prevents writing this deployment out to standalone.xml
+        op.get(PERSISTENT).set(false);
+
+        // Owner attribute is valid starting with WidlFly 9.  Ignored in WildFly 8
+        op.get("owner").set(new ModelNode().add("subsystem", KeycloakExtension.SUBSYSTEM_NAME));
+
+        if (serverWar == null) {
+            throw new OperationFailedException("Keycloak Server WAR not found in keycloak-server-subsystem module");
+        }
+
+        op.get(CONTENT).add(makeContentItem());
+
+        context.addStep(op, getHandler(context, deploymentAddress, ADD), OperationContext.Stage.MODEL);
+    }
+
+    private ModelNode makeContentItem() throws OperationFailedException {
+        ModelNode contentItem = new ModelNode();
+
+        if (this.isServerWarExploded) {
+            String urlString = new File(serverWar).getAbsolutePath();
+            contentItem.get(PATH).set(urlString);
+            contentItem.get(ARCHIVE).set(false);
+        } else {
+            String urlString = serverWar.toString();
+            contentItem.get(URL).set(urlString);
+        }
+
+        return contentItem;
+    }
+
+    static void addStepToRedeployServerWar(OperationContext context, String deploymentName) {
+        addDeploymentAction(context, REDEPLOY, deploymentName);
+    }
+
+    private static void addDeploymentAction(OperationContext context, String operation, String deploymentName) {
+        if (!context.isNormalServer()) {
+            return;
+        }
+        PathAddress deploymentAddress = deploymentAddress(deploymentName);
+        ModelNode op = Util.createOperation(operation, deploymentAddress);
+        op.get(RUNTIME_NAME).set(deploymentName);
+        context.addStep(op, getHandler(context, deploymentAddress, operation), OperationContext.Stage.MODEL);
+    }
+
+    private static PathAddress deploymentAddress(String deploymentName) {
+        return PathAddress.pathAddress(PathElement.pathElement(DEPLOYMENT, deploymentName));
+    }
+
+    static OperationStepHandler getHandler(OperationContext context, PathAddress address, String opName) {
+        ImmutableManagementResourceRegistration rootResourceRegistration = context.getRootResourceRegistration();
+        return rootResourceRegistration.getOperationHandler(address, opName);
+    }
+
+    static String getDeploymentName(ModelNode operation) {
+        String deploymentName = Util.getNameFromAddress(operation.get(ADDRESS));
+        if (!deploymentName.toLowerCase().endsWith(".war")) {
+            deploymentName += ".war";
+        }
+
+        return deploymentName;
+    }
+}
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakLogger.java b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakLogger.java
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakLogger.java
rename to integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakLogger.java
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakMessages.java b/integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakMessages.java
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakMessages.java
rename to integration/as7-eap6/as7-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakMessages.java
diff --git a/integration/as7-eap6/as7-server-subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension b/integration/as7-eap6/as7-server-subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension
new file mode 100644
index 0000000000..e69bf09a0d
--- /dev/null
+++ b/integration/as7-eap6/as7-server-subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension
@@ -0,0 +1 @@
+org.keycloak.subsystem.server.as7.KeycloakExtension
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/resources/org/keycloak/subsystem/server/extension/LocalDescriptions.properties b/integration/as7-eap6/as7-server-subsystem/src/main/resources/org/keycloak/subsystem/server/as7/LocalDescriptions.properties
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/resources/org/keycloak/subsystem/server/extension/LocalDescriptions.properties
rename to integration/as7-eap6/as7-server-subsystem/src/main/resources/org/keycloak/subsystem/server/as7/LocalDescriptions.properties
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd b/integration/as7-eap6/as7-server-subsystem/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd
rename to integration/as7-eap6/as7-server-subsystem/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/resources/subsystem-templates/keycloak-datasources.xml b/integration/as7-eap6/as7-server-subsystem/src/main/resources/subsystem-templates/keycloak-datasources.xml
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/resources/subsystem-templates/keycloak-datasources.xml
rename to integration/as7-eap6/as7-server-subsystem/src/main/resources/subsystem-templates/keycloak-datasources.xml
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/resources/subsystem-templates/keycloak-server.xml b/integration/as7-eap6/as7-server-subsystem/src/main/resources/subsystem-templates/keycloak-server.xml
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/resources/subsystem-templates/keycloak-server.xml
rename to integration/as7-eap6/as7-server-subsystem/src/main/resources/subsystem-templates/keycloak-server.xml
diff --git a/integration/wildfly/wildfly-server-subsystem/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml b/integration/as7-eap6/as7-server-subsystem/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml
rename to integration/as7-eap6/as7-server-subsystem/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml
diff --git a/integration/as7-eap6/pom.xml b/integration/as7-eap6/pom.xml
index 9917521e12..25ee1ba379 100644
--- a/integration/as7-eap6/pom.xml
+++ b/integration/as7-eap6/pom.xml
@@ -16,5 +16,6 @@
     <modules>
         <module>as7-adapter</module>
         <module>as7-subsystem</module>
+        <module>as7-server-subsystem</module>
     </modules>
 </project>
\ No newline at end of file
diff --git a/integration/wildfly/pom.xml b/integration/wildfly/pom.xml
index 588bf10153..bd19c787af 100644
--- a/integration/wildfly/pom.xml
+++ b/integration/wildfly/pom.xml
@@ -16,8 +16,8 @@
     <modules>
         <module>wildfly-adapter</module>
         <module>wildfly-extensions</module>
-        <module>wildfly-server-subsystem</module>
         <module>wf8-subsystem</module>
         <module>wf9-subsystem</module>
+        <module>wf9-server-subsystem</module>
     </modules>
 </project>
\ No newline at end of file
diff --git a/integration/wildfly/wildfly-server-subsystem/pom.xml b/integration/wildfly/wf9-server-subsystem/pom.xml
similarity index 97%
rename from integration/wildfly/wildfly-server-subsystem/pom.xml
rename to integration/wildfly/wf9-server-subsystem/pom.xml
index 7bc530554b..8c24055c3b 100755
--- a/integration/wildfly/wildfly-server-subsystem/pom.xml
+++ b/integration/wildfly/wf9-server-subsystem/pom.xml
@@ -24,8 +24,8 @@
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>keycloak-wildfly-server-subsystem</artifactId>
-    <name>Keycloak Server Subsystem</name>
+    <artifactId>keycloak-wf9-server-subsystem</artifactId>
+    <name>Keycloak Wildfly 9 Server Subsystem</name>
     <description/>
     <packaging>jar</packaging>
 
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java
rename to integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakExtension.java b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakExtension.java
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakExtension.java
rename to integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakExtension.java
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakServerDeploymentProcessor.java b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakServerDeploymentProcessor.java
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakServerDeploymentProcessor.java
rename to integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakServerDeploymentProcessor.java
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java
rename to integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemAdd.java
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemDefinition.java b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemDefinition.java
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemDefinition.java
rename to integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemDefinition.java
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemParser.java b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemParser.java
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemParser.java
rename to integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemParser.java
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemRemoveHandler.java b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemRemoveHandler.java
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemRemoveHandler.java
rename to integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemRemoveHandler.java
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemWriteAttributeHandler.java b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemWriteAttributeHandler.java
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemWriteAttributeHandler.java
rename to integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakSubsystemWriteAttributeHandler.java
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/ServerUtil.java b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/ServerUtil.java
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/ServerUtil.java
rename to integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/ServerUtil.java
diff --git a/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakLogger.java b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakLogger.java
new file mode 100755
index 0000000000..bf6053b60a
--- /dev/null
+++ b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakLogger.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.server.logging;
+
+import org.jboss.logging.BasicLogger;
+import org.jboss.logging.Logger;
+import org.jboss.logging.annotations.LogMessage;
+import org.jboss.logging.annotations.Message;
+import org.jboss.logging.annotations.MessageLogger;
+
+import static org.jboss.logging.Logger.Level.INFO;
+
+/**
+ * This interface to be fleshed out later when error messages are fully externalized.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
+ */
+@MessageLogger(projectCode = "KEYCLOAK")
+public interface KeycloakLogger extends BasicLogger {
+
+    /**
+     * A logger with a category of the package name.
+     */
+    KeycloakLogger ROOT_LOGGER = Logger.getMessageLogger(KeycloakLogger.class, "org.jboss.keycloak");
+}
diff --git a/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakMessages.java b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakMessages.java
new file mode 100755
index 0000000000..710c05420a
--- /dev/null
+++ b/integration/wildfly/wf9-server-subsystem/src/main/java/org/keycloak/subsystem/server/logging/KeycloakMessages.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.server.logging;
+
+import org.jboss.logging.Messages;
+import org.jboss.logging.annotations.MessageBundle;
+
+/**
+ * This interface to be fleshed out later when error messages are fully externalized.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2012 Red Hat Inc.
+ */
+@MessageBundle(projectCode = "KEYCLOAK")
+public interface KeycloakMessages {
+
+    /**
+     * The messages
+     */
+    KeycloakMessages MESSAGES = Messages.getBundle(KeycloakMessages.class);
+}
diff --git a/integration/wildfly/wildfly-server-subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension b/integration/wildfly/wf9-server-subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension
rename to integration/wildfly/wf9-server-subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension
diff --git a/integration/wildfly/wf9-server-subsystem/src/main/resources/org/keycloak/subsystem/server/extension/LocalDescriptions.properties b/integration/wildfly/wf9-server-subsystem/src/main/resources/org/keycloak/subsystem/server/extension/LocalDescriptions.properties
new file mode 100755
index 0000000000..909e6b3818
--- /dev/null
+++ b/integration/wildfly/wf9-server-subsystem/src/main/resources/org/keycloak/subsystem/server/extension/LocalDescriptions.properties
@@ -0,0 +1,4 @@
+keycloak-server.subsystem=Keycloak subsystem
+keycloak-server.subsystem.add=Operation Adds Keycloak subsystem
+keycloak-server.subsystem.remove=Operation removes Keycloak subsystem
+keycloak-server.subsystem.web-context=Web context where Keycloak server is bound. Default value is 'auth'.
diff --git a/integration/wildfly/wf9-server-subsystem/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd b/integration/wildfly/wf9-server-subsystem/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd
new file mode 100755
index 0000000000..b346d36162
--- /dev/null
+++ b/integration/wildfly/wf9-server-subsystem/src/main/resources/schema/wildfly-keycloak-server_1_1.xsd
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+           targetNamespace="urn:jboss:domain:keycloak-server:1.1"
+           xmlns="urn:jboss:domain:keycloak-server:1.1"
+           elementFormDefault="qualified"
+           attributeFormDefault="unqualified"
+           version="1.0">
+
+    <!-- The subsystem root element -->
+    <xs:element name="subsystem" type="subsystem-type"/>
+
+    <xs:complexType name="subsystem-type">
+        <xs:annotation>
+            <xs:documentation>
+                <![CDATA[
+                    The Keycloak server subsystem, used to configure the Keycloak server
+                ]]>
+            </xs:documentation>
+        </xs:annotation>
+        <xs:choice minOccurs="0" maxOccurs="1">
+            <xs:element name="web-context" type="xs:string" minOccurs="0" maxOccurs="1"/>
+        </xs:choice>
+    </xs:complexType>
+</xs:schema>
diff --git a/integration/wildfly/wf9-server-subsystem/src/main/resources/subsystem-templates/keycloak-datasources.xml b/integration/wildfly/wf9-server-subsystem/src/main/resources/subsystem-templates/keycloak-datasources.xml
new file mode 100644
index 0000000000..114545f388
--- /dev/null
+++ b/integration/wildfly/wf9-server-subsystem/src/main/resources/subsystem-templates/keycloak-datasources.xml
@@ -0,0 +1,22 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!--  See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
+<config>
+    <extension-module>org.jboss.as.connector</extension-module>
+    <subsystem xmlns="urn:jboss:domain:datasources:3.0">
+        <datasources>
+            <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
+                <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
+                <driver>h2</driver>
+                <security>
+                    <user-name>sa</user-name>
+                    <password>sa</password>
+                </security>
+            </datasource>
+            <drivers>
+                <driver name="h2" module="com.h2database.h2">
+                    <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
+                </driver>
+            </drivers>
+        </datasources>
+    </subsystem>
+</config>
diff --git a/integration/wildfly/wf9-server-subsystem/src/main/resources/subsystem-templates/keycloak-server.xml b/integration/wildfly/wf9-server-subsystem/src/main/resources/subsystem-templates/keycloak-server.xml
new file mode 100644
index 0000000000..4a83086787
--- /dev/null
+++ b/integration/wildfly/wf9-server-subsystem/src/main/resources/subsystem-templates/keycloak-server.xml
@@ -0,0 +1,8 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!--  Template used by WildFly build when directed to include Keycloak subsystem in a configuration. -->
+<config>
+   <extension-module>org.keycloak.keycloak-server-subsystem</extension-module>
+   <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
+      <web-context>auth</web-context>
+   </subsystem>
+</config>
diff --git a/integration/wildfly/wildfly-server-subsystem/src/test/java/org/keycloak/subsystem/server/extension/SubsystemParsingTestCase.java b/integration/wildfly/wf9-server-subsystem/src/test/java/org/keycloak/subsystem/server/extension/SubsystemParsingTestCase.java
similarity index 100%
rename from integration/wildfly/wildfly-server-subsystem/src/test/java/org/keycloak/subsystem/server/extension/SubsystemParsingTestCase.java
rename to integration/wildfly/wf9-server-subsystem/src/test/java/org/keycloak/subsystem/server/extension/SubsystemParsingTestCase.java
diff --git a/integration/wildfly/wf9-server-subsystem/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml b/integration/wildfly/wf9-server-subsystem/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml
new file mode 100644
index 0000000000..bc8f11a778
--- /dev/null
+++ b/integration/wildfly/wf9-server-subsystem/src/test/resources/org/keycloak/subsystem/server/extension/keycloak-server-1.1.xml
@@ -0,0 +1,3 @@
+<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
+    <web-context>auth</web-context>
+</subsystem>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index a8dcdb715b..b5852b7e38 100755
--- a/pom.xml
+++ b/pom.xml
@@ -882,6 +882,11 @@
                 <artifactId>keycloak-as7-subsystem</artifactId>
                 <version>${project.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-as7-server-subsystem</artifactId>
+                <version>${project.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.keycloak</groupId>
                 <artifactId>keycloak-wf8-subsystem</artifactId>
@@ -893,6 +898,10 @@
                 <version>${project.version}</version>
             </dependency>
             <dependency>
+                <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-wf9-server-subsystem</artifactId>
+                <version>${project.version}</version>
+            </dependency>            <dependency>
                 <groupId>org.keycloak</groupId>
                 <artifactId>keycloak-subsystem</artifactId>
                 <version>${project.version}</version>
@@ -1084,7 +1093,7 @@
             </dependency>
             <dependency>
                 <groupId>org.keycloak</groupId>
-                <artifactId>keycloak-jboss-modules</artifactId>
+                <artifactId>keycloak-eap6-server-modules</artifactId>
                 <version>${project.version}</version>
                 <type>zip</type>
             </dependency>
@@ -1114,7 +1123,7 @@
             </dependency>
             <dependency>
                 <groupId>org.keycloak</groupId>
-                <artifactId>keycloak-server-overlay</artifactId>
+                <artifactId>keycloak-wf9-server-overlay</artifactId>
                 <version>${project.version}</version>
                 <type>zip</type>
             </dependency>

From 08f2b0dea9853660789ffb97f6ab09f4282b7c10 Mon Sep 17 00:00:00 2001
From: Tomas Kyjovsky <tkyjovsk@redhat.com>
Date: Thu, 11 Jun 2015 14:15:05 +0200
Subject: [PATCH 33/53] fixed UI tests broken by KEYCLOAK-1431

---
 .../testsuite/ui/fragment/Navigation.java     | 95 ++++++++++---------
 .../ui/test/role/AddNewRoleTest.java          | 80 ++++++++--------
 .../ui/test/user/RoleMappingsTest.java        |  4 +-
 3 files changed, 89 insertions(+), 90 deletions(-)

diff --git a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/fragment/Navigation.java b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/fragment/Navigation.java
index 4175c45522..2ef3a69365 100644
--- a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/fragment/Navigation.java
+++ b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/fragment/Navigation.java
@@ -15,7 +15,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.keycloak.testsuite.ui.fragment;
 
 import org.jboss.arquillian.drone.api.annotation.Drone;
@@ -33,9 +32,9 @@ import org.openqa.selenium.WebElement;
  * @author Petr Mensik
  */
 public class Navigation {
-	
-	@Drone
-	private WebDriver driver;
+
+    @Drone
+    private WebDriver driver;
 
     @FindByJQuery("a:contains('Settings')")
     private WebElement settingsLink;
@@ -54,8 +53,8 @@ public class Navigation {
 
     @FindByJQuery("a:contains('Tokens')")
     private WebElement tokensLink;
-	
-	@FindByJQuery("a:contains('Sessions')")
+
+    @FindByJQuery("a:contains('Sessions')")
     private WebElement sessionLink;
 
     @FindByJQuery("a:contains('Security Defenses')")
@@ -63,32 +62,32 @@ public class Navigation {
 
     @FindByJQuery("a:contains('Events')")
     private WebElement eventsLink;
-	
-	@FindByJQuery("a:contains('Login')")
+
+    @FindByJQuery("a:contains('Login')")
     private WebElement loginLink;
 
     @FindByJQuery("a:contains('Themes')")
     private WebElement themesLink;
 
-	@FindByJQuery("a:contains('Role Mappings')")
+    @FindByJQuery("a:contains('Role Mappings')")
     private WebElement usersRoleMappings;
-	
-	@FindByJQuery("a:contains('Add Realm')")
+
+    @FindByJQuery("a:contains('Add Realm')")
     private WebElement addRealm;
-	
-	@FindByJQuery("a:contains('Credentials')")
+
+    @FindByJQuery("a:contains('Credentials')")
     private WebElement credentials;
-	
-	@FindByJQuery("a:contains('Attributes')")
+
+    @FindByJQuery("a:contains('Attributes')")
     private WebElement attributes;
-	
+
     @FindBy(css = "div h1")
     private WebElement currentHeader;
 
-	public void selectRealm(String realmName) {
-		driver.findElement(By.linkText(realmName)).click();
-	}
-	
+    public void selectRealm(String realmName) {
+        driver.findElement(By.linkText(realmName)).click();
+    }
+
     public void settings() {
         openPage(settingsLink, "Settings");
     }
@@ -104,7 +103,7 @@ public class Navigation {
     public void clients() {
         openPage(clientsLink, "Clients");
     }
-	
+
     public void oauth() {
         openPage(oauthLink, "OAuth Clients");
     }
@@ -112,10 +111,10 @@ public class Navigation {
     public void tokens() {
         openPage(tokensLink, "Settings");
     }
-	
-	public void sessions() {
-		openPage(sessionLink, "Sessions");
-	}
+
+    public void sessions() {
+        openPage(sessionLink, "Sessions");
+    }
 
     public void security() {
         openPage(securityLink, "Settings");
@@ -124,30 +123,32 @@ public class Navigation {
     public void events() {
         openPage(eventsLink, "Events");
     }
-	
-	public void login() {
-		openPage(loginLink, "Settings");
-	}
 
-    public void themes() { 
-		openPage(themesLink, "Settings"); 
-	}
+    public void login() {
+        openPage(loginLink, "Settings");
+    }
 
-    public void roleMappings() {
-		openPage(usersRoleMappings, "User");
-	}
-	
-	public void addRealm() {
-		openPage(addRealm, "Add Realm");
-	}
-	
-	public void credentials() {
-		openPage(credentials, "Settings");
-	}
-	
-	public void attributes() {
-		openPage(attributes, "Attributes");
-	}
+    public void themes() {
+        openPage(themesLink, "Settings");
+    }
+
+    public void roleMappings(String username) {
+        String usernameCapitalized = Character.toUpperCase(username.charAt(0))
+                + username.substring(1);
+        openPage(usersRoleMappings, usernameCapitalized);
+    }
+
+    public void addRealm() {
+        openPage(addRealm, "Add Realm");
+    }
+
+    public void credentials() {
+        openPage(credentials, "Settings");
+    }
+
+    public void attributes() {
+        openPage(attributes, "Attributes");
+    }
 
     private void openPage(WebElement page, String headerText) {
         waitGuiForElement(page);
diff --git a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/role/AddNewRoleTest.java b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/role/AddNewRoleTest.java
index 03066e602f..dcd003841b 100644
--- a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/role/AddNewRoleTest.java
+++ b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/role/AddNewRoleTest.java
@@ -3,7 +3,6 @@
  * To change this template file, choose Tools | Templates
  * and open the template in the editor.
  */
-
 package org.keycloak.testsuite.ui.test.role;
 
 import org.jboss.arquillian.graphene.findby.FindByJQuery;
@@ -21,36 +20,35 @@ import org.keycloak.testsuite.ui.page.settings.user.UserPage;
 import static org.openqa.selenium.By.id;
 import org.openqa.selenium.support.ui.Select;
 
-
 /**
  *
  * @author Petr Mensik
  */
 public class AddNewRoleTest extends AbstractKeyCloakTest<RolesPage> {
-	
-	@Page
-	private UserPage userPage;
-	
-	@FindByJQuery(".alert")
+
+    @Page
+    private UserPage userPage;
+
+    @FindByJQuery(".alert")
     private FlashMessage flashMessage;
-	
-	@Before
-	public void beforeTestAddNewRole() {
-		navigation.roles();
-	}
-	
+
+    @Before
+    public void beforeTestAddNewRole() {
+        navigation.roles();
+    }
+
     @Test
     public void testAddNewRole() {
         Role role = new Role("role1");
         page.addRole(role);
-		flashMessage.waitUntilPresent();
-		assertTrue(flashMessage.getText(), flashMessage.isSuccess());
-		navigation.roles();
+        flashMessage.waitUntilPresent();
+        assertTrue(flashMessage.getText(), flashMessage.isSuccess());
+        navigation.roles();
         assertEquals("role1", page.findRole(role.getName()).getName());
         page.deleteRole(role);
     }
-    
-	@Ignore
+
+    @Ignore
     @Test
     public void testAddNewRoleWithLongName() {
         String name = "hjewr89y1894yh98(*&*&$jhjkashd)*(&y8934h*&@#hjkahsdj";
@@ -59,36 +57,36 @@ public class AddNewRoleTest extends AbstractKeyCloakTest<RolesPage> {
         navigation.roles();
         page.deleteRole(name);
     }
-    
+
     @Test
     public void testAddExistingRole() {
         Role role = new Role("role2");
         page.addRole(role);
-		flashMessage.waitUntilPresent();
-		assertTrue(flashMessage.getText(), flashMessage.isSuccess());
+        flashMessage.waitUntilPresent();
+        assertTrue(flashMessage.getText(), flashMessage.isSuccess());
         navigation.roles();
         page.addRole(role);
-		flashMessage.waitUntilPresent();
-		assertTrue(flashMessage.getText(), flashMessage.isDanger());
+        flashMessage.waitUntilPresent();
+        assertTrue(flashMessage.getText(), flashMessage.isDanger());
         navigation.roles();
         page.deleteRole(role);
     }
-	
-	@Test
-	public void testRoleIsAvailableForUsers() {
-		Role role = new Role("User role");
-		page.addRole(role);
-		flashMessage.waitUntilPresent();
-		assertTrue(flashMessage.getText(), flashMessage.isSuccess());
-		navigation.users();
-		userPage.showAllUsers();
-		userPage.goToUser("admin");
-		navigation.roleMappings();
-		Select rolesSelect = new Select(driver.findElement(id("available")));
-		assertEquals("User role should be present in admin role mapping", 
-				role.getName(), rolesSelect.getOptions().get(0).getText());
-		navigation.roles();	
-		page.deleteRole(role);
-	}
-    
+
+    @Test
+    public void testRoleIsAvailableForUsers() {
+        Role role = new Role("User role");
+        page.addRole(role);
+        flashMessage.waitUntilPresent();
+        assertTrue(flashMessage.getText(), flashMessage.isSuccess());
+        navigation.users();
+        userPage.showAllUsers();
+        userPage.goToUser("admin");
+        navigation.roleMappings("Admin");
+        Select rolesSelect = new Select(driver.findElement(id("available")));
+        assertEquals("User role should be present in admin role mapping",
+                role.getName(), rolesSelect.getOptions().get(0).getText());
+        navigation.roles();
+        page.deleteRole(role);
+    }
+
 }
diff --git a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java
index 4c727b5dfd..5a45033af7 100644
--- a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java
+++ b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java
@@ -40,7 +40,7 @@ public class RoleMappingsTest extends AbstractKeyCloakTest<RoleMappingsPage> {
         navigation.users();
         userPage.findUser(testUsername);
         driver.findElement(linkText(testUsername)).click();
-        navigation.roleMappings();
+        navigation.roleMappings(testUsername);
 
         page.addAvailableRole("create-realm");
         assertTrue(flashMessage.getText(), flashMessage.isSuccess());
@@ -58,7 +58,7 @@ public class RoleMappingsTest extends AbstractKeyCloakTest<RoleMappingsPage> {
         navigation.users();
         userPage.findUser(testUsername);
         driver.findElement(linkText(testUsername)).click();
-        navigation.roleMappings();
+        navigation.roleMappings(testUsername);
 
         page.addAvailableRole("create-realm");
         assertTrue(flashMessage.getText(), flashMessage.isSuccess());

From 7b89b80f71e3896201fe4ed7bc360d00d9346e34 Mon Sep 17 00:00:00 2001
From: fkiss <fkiss@redhat.com>
Date: Thu, 11 Jun 2015 14:37:12 +0200
Subject: [PATCH 34/53] added ignore on role mappings test

---
 .../org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java
index 5a45033af7..157153f62b 100644
--- a/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java
+++ b/testsuite/integration-arquillian/src/test/java/org/keycloak/testsuite/ui/test/user/RoleMappingsTest.java
@@ -3,6 +3,7 @@ package org.keycloak.testsuite.ui.test.user;
 import org.jboss.arquillian.graphene.findby.FindByJQuery;
 import org.jboss.arquillian.graphene.page.Page;
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.keycloak.testsuite.ui.AbstractKeyCloakTest;
 import org.keycloak.testsuite.ui.fragment.FlashMessage;
@@ -48,6 +49,7 @@ public class RoleMappingsTest extends AbstractKeyCloakTest<RoleMappingsPage> {
         userPage.deleteUser(testUsername);
     }
 
+    @Ignore
     @Test
     public void addAndRemoveUserAndAssignRole() {
         String testUsername = "tester2";

From 20fe7ec7b85d84947ccb633dca1e81d2ae9fffde Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Thu, 11 Jun 2015 16:56:25 +0200
Subject: [PATCH 35/53] Database fixes

---
 .../liquibase/custom/JpaUpdate1_2_0_CR1.java  |  5 +++-
 .../META-INF/jpa-changelog-1.3.0.Beta1.xml    | 23 +++++++++++--------
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/connections/jpa-liquibase/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate1_2_0_CR1.java b/connections/jpa-liquibase/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate1_2_0_CR1.java
index 5c8a2eb9ad..00f9b0cd1e 100644
--- a/connections/jpa-liquibase/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate1_2_0_CR1.java
+++ b/connections/jpa-liquibase/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate1_2_0_CR1.java
@@ -3,6 +3,7 @@ package org.keycloak.connections.jpa.updater.liquibase.custom;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 
+import liquibase.datatype.DataTypeFactory;
 import liquibase.exception.CustomChangeException;
 import liquibase.statement.core.InsertStatement;
 import liquibase.structure.core.Table;
@@ -17,7 +18,9 @@ public class JpaUpdate1_2_0_CR1 extends CustomKeycloakTask {
         String realmClientTableName = database.correctObjectName("REALM_CLIENT", Table.class);
 
         try {
-            PreparedStatement statement = jdbcConnection.prepareStatement("select CLIENT.REALM_ID, CLIENT.ID CLIENT_ID from CLIENT where CLIENT.CONSENT_REQUIRED = true");
+            String trueValue = DataTypeFactory.getInstance().getTrueBooleanValue(database);
+            PreparedStatement statement = jdbcConnection.prepareStatement("select CLIENT.REALM_ID, CLIENT.ID CLIENT_ID from CLIENT where CLIENT.CONSENT_REQUIRED = " + trueValue);
+
             try {
                 ResultSet resultSet = statement.executeQuery();
                 try {
diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
index 86b9d75fa2..ba7adaac50 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
@@ -112,14 +112,17 @@
         </addColumn>
         <addColumn tableName="IDENTITY_PROVIDER">
             <column name="TRUST_EMAIL" type="BOOLEAN" defaultValueBoolean="false"/>
-            <column name="UPDATE_PROFILE_FIRST_LGN_MD" type="VARCHAR(10)" defaultValue="on">
+            <column name="UPDATE_PROFILE_FIRST_LGN_MD" type="VARCHAR(255)" defaultValue="on">
                 <constraints nullable="false"/>
             </column>
         </addColumn>
         <!-- migrate value from UPDATE_PROFILE_FIRST_LOGIN to UPDATE_PROFILE_FIRST_LGN_MD then drop it -->
         <update tableName="IDENTITY_PROVIDER">
             <column name="UPDATE_PROFILE_FIRST_LGN_MD" value="off"/>
-            <where>UPDATE_PROFILE_FIRST_LOGIN = false</where>
+            <where>UPDATE_PROFILE_FIRST_LOGIN = :value</where>
+            <whereParams>
+                <param valueBoolean="false" />
+            </whereParams>
         </update>
         <dropColumn tableName="IDENTITY_PROVIDER" columnName="UPDATE_PROFILE_FIRST_LOGIN"/>
         
@@ -145,10 +148,10 @@
             <column name="REQUIRED_ACTION" value="UPDATE_PASSWORD"/>
             <where>ACTION = 3</where>
         </update>
-        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_AUTHENTICATOR_PK" tableName="AUTHENTICATOR"/>
-        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_AUTHENTICATION_FLOW_PK" tableName="AUTHENTICATION_FLOW"/>
-        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_AUTHENTICATION_EXECUTION_PK" tableName="AUTHENTICATION_EXECUTION"/>
-        <addPrimaryKey columnNames="AUTHENTICATOR_ID, NAME" constraintName="CONSTRAINT_AUTHENTICATOR_CONFIG_PK" tableName="AUTHENTICATOR_CONFIG"/>
+        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_AUTH_PK" tableName="AUTHENTICATOR"/>
+        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_AUTH_FLOW_PK" tableName="AUTHENTICATION_FLOW"/>
+        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_AUTH_EXEC_PK" tableName="AUTHENTICATION_EXECUTION"/>
+        <addPrimaryKey columnNames="AUTHENTICATOR_ID, NAME" constraintName="CONSTRAINT_AUTH_CFG_PK" tableName="AUTHENTICATOR_CONFIG"/>
         <dropPrimaryKey constraintName="CONSTRAINT_2" tableName="USER_REQUIRED_ACTION"/>
         <dropColumn tableName="USER_REQUIRED_ACTION" columnName="ACTION"/>
         <addPrimaryKey columnNames="REQUIRED_ACTION, USER_ID" constraintName="CONSTRAINT_REQUIRED_ACTION" tableName="USER_REQUIRED_ACTION"/>
@@ -156,10 +159,10 @@
         <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_FEDMAPPERPM" tableName="USER_FEDERATION_MAPPER"/>
         <addPrimaryKey columnNames="USER_FEDERATION_MAPPER_ID, NAME" constraintName="CONSTRAINT_FEDMAPPER_CFG_PM" tableName="USER_FEDERATION_MAPPER_CONFIG"/>
         <addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_SESSION_AUTH_STATUS" constraintName="AUTH_STATUS_CONSTRAINT" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
-        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATOR" constraintName="FK_AUTHENTICATOR_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
-        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATION_FLOW" constraintName="FK_AUTHENTICATION_FLOW_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
-        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATION_EXECUTION" constraintName="FK_AUTHENTICATION_EXECUTION_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
-        <addForeignKeyConstraint baseColumnNames="FLOW_ID" baseTableName="AUTHENTICATION_EXECUTION" constraintName="FK_AUTHENTICATION_EXECUTION_FLOW" referencedColumnNames="ID" referencedTableName="AUTHENTICATION_FLOW"/>
+        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATOR" constraintName="FK_AUTH_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
+        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATION_FLOW" constraintName="FK_AUTH_FLOW_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
+        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATION_EXECUTION" constraintName="FK_AUTH_EXEC_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
+        <addForeignKeyConstraint baseColumnNames="FLOW_ID" baseTableName="AUTHENTICATION_EXECUTION" constraintName="FK_AUTH_EXEC_FLOW" referencedColumnNames="ID" referencedTableName="AUTHENTICATION_FLOW"/>
         <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="USER_FEDERATION_MAPPER" constraintName="FK_FEDMAPPERPM_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
         <addForeignKeyConstraint baseColumnNames="FEDERATION_PROVIDER_ID" baseTableName="USER_FEDERATION_MAPPER" constraintName="FK_FEDMAPPERPM_FEDPRV" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_PROVIDER"/>
         <addForeignKeyConstraint baseColumnNames="USER_FEDERATION_MAPPER_ID" baseTableName="USER_FEDERATION_MAPPER_CONFIG" constraintName="FK_FEDMAPPER_CFG" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_MAPPER"/>

From 9a37696d2948608c5e2a2f4b030a6a33c583ad94 Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Thu, 11 Jun 2015 16:24:26 +0200
Subject: [PATCH 36/53] Fixed pom issues that were generating tons of Maven
 warnings

---
 connections/jpa-liquibase/pom.xml             |  2 +-
 .../feature-packs/server-feature-pack/pom.xml |  5 -----
 examples/saml/post-basic/pom.xml              | 19 ++++++++++---------
 examples/saml/post-with-encryption/pom.xml    | 19 ++++++++++---------
 examples/saml/post-with-signature/pom.xml     | 19 ++++++++++---------
 examples/saml/redirect-basic/pom.xml          | 18 ++++++++++--------
 examples/saml/redirect-with-signature/pom.xml | 19 ++++++++++---------
 integration/tomcat/tomcat8/pom.xml            | 13 -------------
 model/invalidation-cache/infinispan/pom.xml   |  2 +-
 model/invalidation-cache/pom.xml              |  2 +-
 model/pom.xml                                 |  2 +-
 pom.xml                                       | 12 +-----------
 12 files changed, 55 insertions(+), 77 deletions(-)

diff --git a/connections/jpa-liquibase/pom.xml b/connections/jpa-liquibase/pom.xml
index 37e921e6fc..64bda6950b 100755
--- a/connections/jpa-liquibase/pom.xml
+++ b/connections/jpa-liquibase/pom.xml
@@ -54,7 +54,7 @@
                 <configuration>
                     <changeLogFile>META-INF/jpa-changelog-master.xml</changeLogFile>
 
-                    <url>${url}</url>
+                    <url>${project.url}</url>
                     <driver>${driver}</driver>
                     <username>${username}</username>
                     <password>${password}</password>
diff --git a/distribution/feature-packs/server-feature-pack/pom.xml b/distribution/feature-packs/server-feature-pack/pom.xml
index 2ea0d5ec86..6ee425f8f1 100644
--- a/distribution/feature-packs/server-feature-pack/pom.xml
+++ b/distribution/feature-packs/server-feature-pack/pom.xml
@@ -50,11 +50,6 @@
             <artifactId>wildfly-feature-pack</artifactId>
             <type>zip</type>
         </dependency>
-        <dependency>
-            <groupId>org.keycloak.subsystem</groupId>
-            <artifactId>keycloak-server</artifactId>
-            <type>war</type>
-        </dependency>
     </dependencies>
 
     <build>
diff --git a/examples/saml/post-basic/pom.xml b/examples/saml/post-basic/pom.xml
index 062f04d386..d4ea4ace1e 100644
--- a/examples/saml/post-basic/pom.xml
+++ b/examples/saml/post-basic/pom.xml
@@ -22,23 +22,23 @@
     </licenses>
 
     <properties>
-        <!-- JBoss AS dependency versions -->
-        <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
-
-        <!-- WildFly dependency versions -->
-        <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
-
         <!-- PicketLink dependency versions -->
         <version.picketlink.javaee.bom>2.7.0.Beta2</version.picketlink.javaee.bom>
 
         <!-- Default target container. -->
         <target.container>jboss-eap</target.container>
 
-        <!-- maven-war-plugin -->
-        <version.war.plugin>2.1.1</version.war.plugin>
-
         <!-- maven-compiler-plugin -->
         <version.compiler.plugin>3.1</version.compiler.plugin>
+        <!-- maven-deploy-plugin -->
+        <version.deploy.plugin>2.8.1</version.deploy.plugin>
+        <!-- JBoss AS dependency versions -->
+        <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
+        <!-- maven-war-plugin -->
+        <version.war.plugin>2.1.1</version.war.plugin>
+        <!-- WildFly dependency versions -->
+        <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
+
         <maven.compiler.target>1.6</maven.compiler.target>
         <maven.compiler.source>1.6</maven.compiler.source>
     </properties>
@@ -50,6 +50,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-deploy-plugin</artifactId>
+                <version>${version.deploy.plugin}</version>
                 <configuration>
                     <skip>true</skip>
                 </configuration>
diff --git a/examples/saml/post-with-encryption/pom.xml b/examples/saml/post-with-encryption/pom.xml
index 139d4fc2eb..e26e1fbc54 100755
--- a/examples/saml/post-with-encryption/pom.xml
+++ b/examples/saml/post-with-encryption/pom.xml
@@ -22,23 +22,23 @@
     </licenses>
 
     <properties>
-        <!-- JBoss AS dependency versions -->
-        <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
-
-        <!-- WildFly dependency versions -->
-        <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
-
         <!-- PicketLink dependency versions -->
         <version.picketlink.javaee.bom>2.7.0.Beta2</version.picketlink.javaee.bom>
 
         <!-- Default target container. -->
         <target.container>jboss-eap</target.container>
 
-        <!-- maven-war-plugin -->
-        <version.war.plugin>2.1.1</version.war.plugin>
-
         <!-- maven-compiler-plugin -->
         <version.compiler.plugin>3.1</version.compiler.plugin>
+        <!-- maven-deploy-plugin -->
+        <version.deploy.plugin>2.8.1</version.deploy.plugin>
+        <!-- JBoss AS dependency versions -->
+        <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
+        <!-- maven-war-plugin -->
+        <version.war.plugin>2.1.1</version.war.plugin>
+        <!-- WildFly dependency versions -->
+        <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
+
         <maven.compiler.target>1.6</maven.compiler.target>
         <maven.compiler.source>1.6</maven.compiler.source>
     </properties>
@@ -58,6 +58,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-deploy-plugin</artifactId>
+                <version>${version.deploy.plugin}</version>
                 <configuration>
                     <skip>true</skip>
                 </configuration>
diff --git a/examples/saml/post-with-signature/pom.xml b/examples/saml/post-with-signature/pom.xml
index 68730234ad..064b64271f 100755
--- a/examples/saml/post-with-signature/pom.xml
+++ b/examples/saml/post-with-signature/pom.xml
@@ -22,23 +22,23 @@
     </licenses>
 
     <properties>
-        <!-- JBoss AS dependency versions -->
-        <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
-
-        <!-- WildFly dependency versions -->
-        <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
-
         <!-- PicketLink dependency versions -->
         <version.picketlink.javaee.bom>2.7.0.Beta2</version.picketlink.javaee.bom>
 
         <!-- Default target container. -->
         <target.container>jboss-eap</target.container>
 
-        <!-- maven-war-plugin -->
-        <version.war.plugin>2.1.1</version.war.plugin>
-
         <!-- maven-compiler-plugin -->
         <version.compiler.plugin>3.1</version.compiler.plugin>
+        <!-- maven-deploy-plugin -->
+        <version.deploy.plugin>2.8.1</version.deploy.plugin>
+        <!-- JBoss AS dependency versions -->
+        <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
+        <!-- maven-war-plugin -->
+        <version.war.plugin>2.1.1</version.war.plugin>
+        <!-- WildFly dependency versions -->
+        <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
+
         <maven.compiler.target>1.6</maven.compiler.target>
         <maven.compiler.source>1.6</maven.compiler.source>
     </properties>
@@ -58,6 +58,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-deploy-plugin</artifactId>
+                <version>${version.deploy.plugin}</version>
                 <configuration>
                     <skip>true</skip>
                 </configuration>
diff --git a/examples/saml/redirect-basic/pom.xml b/examples/saml/redirect-basic/pom.xml
index 48ce309197..adacc91eed 100644
--- a/examples/saml/redirect-basic/pom.xml
+++ b/examples/saml/redirect-basic/pom.xml
@@ -22,11 +22,6 @@
     </licenses>
 
     <properties>
-        <!-- JBoss AS dependency versions -->
-        <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
-
-        <!-- WildFly dependency versions -->
-        <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
 
         <!-- PicketLink dependency versions -->
         <version.picketlink.javaee.bom>2.7.0.Beta2</version.picketlink.javaee.bom>
@@ -34,11 +29,17 @@
         <!-- Default target container. -->
         <target.container>jboss-eap</target.container>
 
-        <!-- maven-war-plugin -->
-        <version.war.plugin>2.1.1</version.war.plugin>
-
         <!-- maven-compiler-plugin -->
         <version.compiler.plugin>3.1</version.compiler.plugin>
+        <!-- maven-deploy-plugin -->
+        <version.deploy.plugin>2.8.1</version.deploy.plugin>
+        <!-- JBoss AS dependency versions -->
+        <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
+        <!-- maven-war-plugin -->
+        <version.war.plugin>2.1.1</version.war.plugin>
+        <!-- WildFly dependency versions -->
+        <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
+
         <maven.compiler.target>1.6</maven.compiler.target>
         <maven.compiler.source>1.6</maven.compiler.source>
     </properties>
@@ -50,6 +51,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-deploy-plugin</artifactId>
+                <version>${version.deploy.plugin}</version>
                 <configuration>
                     <skip>true</skip>
                 </configuration>
diff --git a/examples/saml/redirect-with-signature/pom.xml b/examples/saml/redirect-with-signature/pom.xml
index 1d41ffe206..a17e41d719 100755
--- a/examples/saml/redirect-with-signature/pom.xml
+++ b/examples/saml/redirect-with-signature/pom.xml
@@ -22,23 +22,23 @@
     </licenses>
 
     <properties>
-        <!-- JBoss AS dependency versions -->
-        <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
-
-        <!-- WildFly dependency versions -->
-        <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
-
         <!-- PicketLink dependency versions -->
         <version.picketlink.javaee.bom>2.7.0.Beta2</version.picketlink.javaee.bom>
 
         <!-- Default target container. -->
         <target.container>jboss-eap</target.container>
 
-        <!-- maven-war-plugin -->
-        <version.war.plugin>2.1.1</version.war.plugin>
-
         <!-- maven-compiler-plugin -->
         <version.compiler.plugin>3.1</version.compiler.plugin>
+        <!-- maven-deploy-plugin -->
+        <version.deploy.plugin>2.8.1</version.deploy.plugin>
+        <!-- JBoss AS dependency versions -->
+        <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
+        <!-- maven-war-plugin -->
+        <version.war.plugin>2.1.1</version.war.plugin>
+        <!-- WildFly dependency versions -->
+        <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
+
         <maven.compiler.target>1.6</maven.compiler.target>
         <maven.compiler.source>1.6</maven.compiler.source>
     </properties>
@@ -58,6 +58,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-deploy-plugin</artifactId>
+                <version>${version.deploy.plugin}</version>
                 <configuration>
                     <skip>true</skip>
                 </configuration>
diff --git a/integration/tomcat/tomcat8/pom.xml b/integration/tomcat/tomcat8/pom.xml
index 678f02a170..19796a7d44 100755
--- a/integration/tomcat/tomcat8/pom.xml
+++ b/integration/tomcat/tomcat8/pom.xml
@@ -85,19 +85,6 @@
 			<groupId>org.codehaus.jackson</groupId>
 			<artifactId>jackson-xc</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>org.apache.tomcat</groupId>
-			<artifactId>tomcat-servlet-api</artifactId>
-			<version>${tomcat.version}</version>
-			<scope>provided</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.tomcat</groupId>
-			<artifactId>tomcat-catalina</artifactId>
-            <version>${tomcat.version}</version>
-			<scope>provided</scope>
-		</dependency>
-
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
diff --git a/model/invalidation-cache/infinispan/pom.xml b/model/invalidation-cache/infinispan/pom.xml
index cb9ccea4d8..4a1d6c8c02 100755
--- a/model/invalidation-cache/infinispan/pom.xml
+++ b/model/invalidation-cache/infinispan/pom.xml
@@ -10,7 +10,7 @@
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>keycloak-invalidation-cache-infinispan</artifactId>
-    <name>Keycloak Invalidation Cache Infinispan</name>
+    <name>Keycloak Model Invalidation Cache Infinispan</name>
     <description/>
 
     <dependencies>
diff --git a/model/invalidation-cache/pom.xml b/model/invalidation-cache/pom.xml
index c79a2a30b5..211bac34e8 100755
--- a/model/invalidation-cache/pom.xml
+++ b/model/invalidation-cache/pom.xml
@@ -6,7 +6,7 @@
         <version>1.3.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
-    <name>Model Parent</name>
+    <name>Keycloak Model Invalidation Cache Parent</name>
     <description/>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/model/pom.xml b/model/pom.xml
index 2e0bb73f62..ba57f4eedd 100755
--- a/model/pom.xml
+++ b/model/pom.xml
@@ -6,7 +6,7 @@
         <version>1.3.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
-    <name>Model Parent</name>
+    <name>Keycloak Model Parent</name>
     <description/>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/pom.xml b/pom.xml
index b5852b7e38..5ae1ca5706 100755
--- a/pom.xml
+++ b/pom.xml
@@ -289,11 +289,6 @@
                 <artifactId>keycloak-wildfly-adapter-subsystem</artifactId>
                 <version>${project.version}</version>
             </dependency>
-            <dependency>
-                <groupId>org.keycloak</groupId>
-                <artifactId>keycloak-undertow-adapter</artifactId>
-                <version>${project.version}</version>
-            </dependency>
             <dependency>
                 <groupId>io.undertow</groupId>
                 <artifactId>undertow-servlet</artifactId>
@@ -532,11 +527,6 @@
                <artifactId>httpclient</artifactId>
                <version>${apache.httpcomponents.version}</version>
            </dependency>
-           <dependency>
-               <groupId>org.apache.httpcomponents</groupId>
-               <artifactId>httpmime</artifactId>
-               <version>${apache.httpcomponents.version}</version>
-           </dependency>
            <dependency>
                <groupId>org.apache.httpcomponents</groupId>
                <artifactId>httpcore</artifactId>
@@ -545,7 +535,7 @@
             <dependency>
                 <groupId>org.apache.httpcomponents</groupId>
                 <artifactId>httpmime</artifactId>
-                <version>${keycloak.apache.httpcomponents.version}</version>
+                <version>${apache.httpcomponents.version}</version>
                 <exclusions>
                     <exclusion>
                         <groupId>commons-logging</groupId>

From d6e64a2c5e2e98db0146000c255f709f83e31b3a Mon Sep 17 00:00:00 2001
From: Stan Silvert <ssilvert@redhat.com>
Date: Thu, 11 Jun 2015 15:32:03 -0400
Subject: [PATCH 37/53] KEYCLOAK-1083: Provide a way for admin to unlock user
 account

---
 .../entities/UsernameLoginFailureEntity.java  |  7 ++++
 .../UsernameLoginFailureAdapter.java          |  2 +-
 .../entities/LoginFailureEntity.java          |  6 ++++
 .../jpa/UsernameLoginFailureAdapter.java      |  2 +-
 .../entities/UsernameLoginFailureEntity.java  |  7 ++++
 .../mem/UsernameLoginFailureAdapter.java      |  2 +-
 .../entities/UsernameLoginFailureEntity.java  |  7 ++++
 .../mongo/UsernameLoginFailureAdapter.java    |  2 +-
 .../resources/admin/UsersResource.java        | 34 ++++++++++++++-----
 9 files changed, 56 insertions(+), 13 deletions(-)

diff --git a/model/api/src/main/java/org/keycloak/models/entities/UsernameLoginFailureEntity.java b/model/api/src/main/java/org/keycloak/models/entities/UsernameLoginFailureEntity.java
index e25e717408..e6123f3249 100644
--- a/model/api/src/main/java/org/keycloak/models/entities/UsernameLoginFailureEntity.java
+++ b/model/api/src/main/java/org/keycloak/models/entities/UsernameLoginFailureEntity.java
@@ -60,4 +60,11 @@ public class UsernameLoginFailureEntity extends AbstractIdentifiableEntity {
     public void setRealmId(String realmId) {
         this.realmId = realmId;
     }
+
+    public void clearFailures() {
+        this.numFailures = 0;
+        this.lastFailure = 0;
+        this.lastIPFailure = null;
+        this.failedLoginNotBefore = 0;
+    }
 }
diff --git a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UsernameLoginFailureAdapter.java b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UsernameLoginFailureAdapter.java
index fed8f2865a..c478a0fa11 100755
--- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UsernameLoginFailureAdapter.java
+++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/UsernameLoginFailureAdapter.java
@@ -51,7 +51,7 @@ public class UsernameLoginFailureAdapter implements UsernameLoginFailureModel {
 
     @Override
     public void clearFailures() {
-        entity.setNumFailures(0);
+        entity.clearFailures();
         update();
     }
 
diff --git a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureEntity.java b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureEntity.java
index 8bb05e7239..b330c2ecbc 100644
--- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureEntity.java
+++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/entities/LoginFailureEntity.java
@@ -62,4 +62,10 @@ public class LoginFailureEntity implements Serializable {
         this.lastIPFailure = lastIPFailure;
     }
 
+    public void clearFailures() {
+        this.failedLoginNotBefore = 0;
+        this.numFailures = 0;
+        this.lastFailure = 0;
+        this.lastIPFailure = null;
+    }
 }
diff --git a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/UsernameLoginFailureAdapter.java b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/UsernameLoginFailureAdapter.java
index b5852bb3f8..929364876b 100755
--- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/UsernameLoginFailureAdapter.java
+++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/UsernameLoginFailureAdapter.java
@@ -43,7 +43,7 @@ public class UsernameLoginFailureAdapter implements UsernameLoginFailureModel
 
    @Override
    public void clearFailures() {
-      user.setNumFailures(0);
+      user.clearFailures();
    }
 
    @Override
diff --git a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UsernameLoginFailureEntity.java b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UsernameLoginFailureEntity.java
index c62e4745c0..d03f597650 100755
--- a/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UsernameLoginFailureEntity.java
+++ b/model/sessions-jpa/src/main/java/org/keycloak/models/sessions/jpa/entities/UsernameLoginFailureEntity.java
@@ -91,6 +91,13 @@ public class UsernameLoginFailureEntity {
         this.realmId = realmId;
     }
 
+    public void clearFailures() {
+        setFailedLoginNotBefore(0);
+        setLastFailure(0);
+        setLastIPFailure(null);
+        setNumFailures(0);
+    }
+
     public static class Key implements Serializable {
 
         private String realmId;
diff --git a/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/UsernameLoginFailureAdapter.java b/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/UsernameLoginFailureAdapter.java
index 03dc558540..e47a643df8 100644
--- a/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/UsernameLoginFailureAdapter.java
+++ b/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/UsernameLoginFailureAdapter.java
@@ -45,7 +45,7 @@ public class UsernameLoginFailureAdapter implements UsernameLoginFailureModel {
 
     @Override
     public void clearFailures() {
-        entity.getNumFailures().set(0);
+        entity.clearFailures();
     }
 
     @Override
diff --git a/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/entities/UsernameLoginFailureEntity.java b/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/entities/UsernameLoginFailureEntity.java
index b1788d2e68..32cf9815c5 100644
--- a/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/entities/UsernameLoginFailureEntity.java
+++ b/model/sessions-mem/src/main/java/org/keycloak/models/sessions/mem/entities/UsernameLoginFailureEntity.java
@@ -62,4 +62,11 @@ public class UsernameLoginFailureEntity {
         this.lastIpFailure = lastIpFailure;
     }
 
+    public void clearFailures() {
+        this.failedLoginNotBefore = new AtomicInteger();
+        this.lastFailure = new AtomicLong();
+        this.lastIpFailure = new AtomicReference<String>();
+        this.numFailures = new AtomicInteger();
+    }
+
 }
diff --git a/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/UsernameLoginFailureAdapter.java b/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/UsernameLoginFailureAdapter.java
index 7d28125875..251d26e538 100755
--- a/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/UsernameLoginFailureAdapter.java
+++ b/model/sessions-mongo/src/main/java/org/keycloak/models/sessions/mongo/UsernameLoginFailureAdapter.java
@@ -50,7 +50,7 @@ public class UsernameLoginFailureAdapter  extends AbstractMongoAdapter<MongoUser
 
     @Override
     public void clearFailures() {
-        user.setNumFailures(0);
+        user.clearFailures();
         updateMongoEntity();
     }
 
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index 55d97b0418..c00fb11d36 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -68,6 +68,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
+import org.keycloak.models.UsernameLoginFailureModel;
+import org.keycloak.services.managers.BruteForceProtector;
 
 /**
  * Base resource for managing users
@@ -81,9 +83,9 @@ public class UsersResource {
     protected RealmModel realm;
 
     private RealmAuth auth;
-    
+
     private AdminEventBuilder adminEvent;
-    
+
     @Context
     protected ClientConnection clientConnection;
 
@@ -96,6 +98,9 @@ public class UsersResource {
     @Context
     protected HttpHeaders headers;
 
+    @Context
+    protected BruteForceProtector protector;
+
     public UsersResource(RealmModel realm, RealmAuth auth, TokenManager tokenManager, AdminEventBuilder adminEvent) {
         this.auth = auth;
         this.realm = realm;
@@ -131,6 +136,13 @@ public class UsersResource {
                 attrsToRemove = Collections.emptySet();
             }
 
+            if (rep.isEnabled()) {
+                UsernameLoginFailureModel failureModel = session.sessions().getUserLoginFailure(realm, rep.getUsername());
+                if (failureModel != null) {
+                    failureModel.clearFailures();
+                }
+            }
+
             updateUserFromRep(user, rep, attrsToRemove);
             adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(rep).success();
 
@@ -169,13 +181,13 @@ public class UsersResource {
             UserModel user = session.users().addUser(realm, rep.getUsername());
             Set<String> emptySet = Collections.emptySet();
             updateUserFromRep(user, rep, emptySet);
-            
+
             adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, user.getId()).representation(rep).success();
-            
+
             if (session.getTransaction().isActive()) {
                 session.getTransaction().commit();
             }
-            
+
             return Response.created(uriInfo.getAbsolutePathBuilder().path(user.getId()).build()).build();
         } catch (ModelDuplicateException e) {
             if (session.getTransaction().isActive()) {
@@ -237,7 +249,7 @@ public class UsersResource {
         if (user == null) {
             throw new NotFoundException("User not found");
         }
-        
+
         UserRepresentation rep = ModelToRepresentation.toRepresentation(user);
 
         if (realm.isIdentityFederationEnabled()) {
@@ -251,6 +263,10 @@ public class UsersResource {
             }
         }
 
+        if ((protector != null) && protector.isTemporarilyDisabled(session, realm, rep.getUsername())) {
+            rep.setEnabled(false);
+        }
+
         return rep;
     }
 
@@ -689,7 +705,7 @@ public class UsersResource {
                 adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo, role.getId()).representation(roles).success();
             }
         }
-        
+
     }
 
     @Path("{id}/role-mappings/clients/{client}")
@@ -703,7 +719,7 @@ public class UsersResource {
         if (client == null) {
             throw new NotFoundException("Client not found");
         }
-        
+
         return new UserClientRoleMappingsResource(uriInfo, realm, auth, user, clientModel, adminEvent);
 
     }
@@ -737,7 +753,7 @@ public class UsersResource {
             throw new BadRequestException("Can't reset password as account is read only");
         }
         if (pass.isTemporary()) user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
-        
+
         adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success();
     }
 

From 938cfe2555e9f1321e22c1834f4b5145e35d04ab Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Thu, 11 Jun 2015 22:23:45 +0200
Subject: [PATCH 38/53] KEYCLOAK-1405 Fix MSSQL Server

---
 .../src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml   | 2 ++
 testsuite/integration/src/test/resources/log4j.properties       | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
index ba7adaac50..8177b39b2b 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
@@ -124,6 +124,7 @@
                 <param valueBoolean="false" />
             </whereParams>
         </update>
+        <dropDefaultValue tableName="IDENTITY_PROVIDER" columnName="UPDATE_PROFILE_FIRST_LOGIN" />
         <dropColumn tableName="IDENTITY_PROVIDER" columnName="UPDATE_PROFILE_FIRST_LOGIN"/>
         
         <addColumn tableName="USER_REQUIRED_ACTION">
@@ -167,6 +168,7 @@
         <addForeignKeyConstraint baseColumnNames="FEDERATION_PROVIDER_ID" baseTableName="USER_FEDERATION_MAPPER" constraintName="FK_FEDMAPPERPM_FEDPRV" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_PROVIDER"/>
         <addForeignKeyConstraint baseColumnNames="USER_FEDERATION_MAPPER_ID" baseTableName="USER_FEDERATION_MAPPER_CONFIG" constraintName="FK_FEDMAPPER_CFG" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_MAPPER"/>
 
+        <dropDefaultValue tableName="REALM" columnName="PASSWORD_CRED_GRANT_ALLOWED" />
         <dropColumn tableName="REALM" columnName="PASSWORD_CRED_GRANT_ALLOWED"/>
     </changeSet>
 </databaseChangeLog>
diff --git a/testsuite/integration/src/test/resources/log4j.properties b/testsuite/integration/src/test/resources/log4j.properties
index a776341146..98e8f6bbfb 100755
--- a/testsuite/integration/src/test/resources/log4j.properties
+++ b/testsuite/integration/src/test/resources/log4j.properties
@@ -15,7 +15,7 @@ log4j.logger.org.keycloak=info
 # log4j.logger.org.keycloak.provider.FileSystemProviderLoaderFactory=debug
 
 # Enable to view database updates
-# log4j.logger.org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider=debug
+# log4j.logger.org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider=trace
 # log4j.logger.org.keycloak.connections.mongo.updater.DefaultMongoUpdaterProvider=debug
 # log4j.logger.org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory=debug
 # log4j.logger.org.keycloak.migration.MigrationModelManager=debug

From 112ebf77d51fd23a4be05d3939867e4979d3a4ab Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Fri, 12 Jun 2015 11:10:33 +0200
Subject: [PATCH 39/53] KEYCLOAK-1403 Update liquibase to newest version. Fix
 Sybase

---
 .../META-INF/jpa-changelog-1.3.0.Beta1.xml    | 21 +++++++++++++++----
 pom.xml                                       |  2 +-
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
index 8177b39b2b..41c3ac85bf 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
@@ -48,8 +48,12 @@
             <column name="FLOW_ID" type="VARCHAR(36)"/>
             <column name="REQUIREMENT" type="INT"/>
             <column name="PRIORITY" type="INT"/>
-            <column name="USER_SETUP_ALLOWED" type="BOOLEAN" defaultValueBoolean="false"/>
-            <column name="AUTHENTICATOR_FLOW" type="BOOLEAN" defaultValueBoolean="false"/>
+            <column name="USER_SETUP_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
+                <constraints nullable="false"/>
+            </column>
+            <column name="AUTHENTICATOR_FLOW" type="BOOLEAN" defaultValueBoolean="false">
+                <constraints nullable="false"/>
+            </column>
         </createTable>
         <createTable tableName="AUTHENTICATOR_CONFIG">
             <column name="AUTHENTICATOR_ID" type="VARCHAR(36)">
@@ -111,7 +115,9 @@
             <column name="AUTH_USER_ID" type="VARCHAR(36)"/>
         </addColumn>
         <addColumn tableName="IDENTITY_PROVIDER">
-            <column name="TRUST_EMAIL" type="BOOLEAN" defaultValueBoolean="false"/>
+            <column name="TRUST_EMAIL" type="BOOLEAN" defaultValueBoolean="false">
+                <constraints nullable="false"/>
+            </column>
             <column name="UPDATE_PROFILE_FIRST_LGN_MD" type="VARCHAR(255)" defaultValue="on">
                 <constraints nullable="false"/>
             </column>
@@ -128,7 +134,7 @@
         <dropColumn tableName="IDENTITY_PROVIDER" columnName="UPDATE_PROFILE_FIRST_LOGIN"/>
         
         <addColumn tableName="USER_REQUIRED_ACTION">
-            <column name="REQUIRED_ACTION" type="VARCHAR(36)">
+            <column name="REQUIRED_ACTION" type="VARCHAR(255)" defaultValue="">
                 <constraints nullable="false"/>
             </column>
         </addColumn>
@@ -170,5 +176,12 @@
 
         <dropDefaultValue tableName="REALM" columnName="PASSWORD_CRED_GRANT_ALLOWED" />
         <dropColumn tableName="REALM" columnName="PASSWORD_CRED_GRANT_ALLOWED"/>
+
+        <!-- Sybase specific hacks -->
+        <modifySql dbms="sybase">
+            <replace replace="DROP PRIMARY KEY" with="DROP CONSTRAINT CONSTRAINT_2" />
+            <regExpReplace replace=".*(SET DEFAULT NULL)" with="SELECT 1" />
+        </modifySql>
+
     </changeSet>
 </databaseChangeLog>
diff --git a/pom.xml b/pom.xml
index 5ae1ca5706..de209bc50d 100755
--- a/pom.xml
+++ b/pom.xml
@@ -70,7 +70,7 @@
         <sun.xsom.version>20140925</sun.xsom.version>
         <javax.mail.version>1.4.5</javax.mail.version>
         <infinispan.version>6.0.2.Final</infinispan.version>
-        <liquibase.version>3.3.2</liquibase.version>
+        <liquibase.version>3.3.5</liquibase.version>
         <jetty9.version>9.1.0.v20131115</jetty9.version>
         <osgi.version>4.2.0</osgi.version>
         <pax.web.version>3.1.2</pax.web.version>

From c2495acca98b62f44dc65da8140725edb7e8063c Mon Sep 17 00:00:00 2001
From: Marko Strukelj <marko.strukelj@gmail.com>
Date: Fri, 12 Jun 2015 11:48:54 +0200
Subject: [PATCH 40/53] KEYCLOAK-1441 Upgrade to WildFly 9 CR2

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index de209bc50d..86e1ded0d8 100755
--- a/pom.xml
+++ b/pom.xml
@@ -48,8 +48,8 @@
         <dom4j.version>1.6.1</dom4j.version>
         <xml-apis.version>1.4.01</xml-apis.version>
         <slf4j.version>1.7.7.jbossorg-1</slf4j.version>
-        <wildfly.version>9.0.0.CR1</wildfly.version>
-        <wildfly.core.version>1.0.0.CR1</wildfly.core.version>
+        <wildfly.version>9.0.0.CR2</wildfly.version>
+        <wildfly.core.version>1.0.0.CR6</wildfly.core.version>
         <wildfly.build-tools.version>1.0.0.Alpha8</wildfly.build-tools.version>
 
         <!-- this is EAP 6.4 alpha, publicly available -->

From 5bd53804f92e71d58f548454ada9f3d45050be38 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 12 Jun 2015 13:31:24 +0200
Subject: [PATCH 41/53] Fix admin-api to show that users are retrieved by ip,
 not username

---
 .../org/keycloak/admin/client/resource/UsersResource.java | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
index dc53fdf633..9b704218c3 100755
--- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
+++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UsersResource.java
@@ -17,7 +17,7 @@ public interface UsersResource {
 
     @GET
     @Produces(MediaType.APPLICATION_JSON)
-    public List<UserRepresentation> search(@QueryParam("username") String username,
+    List<UserRepresentation> search(@QueryParam("username") String username,
                                            @QueryParam("firstName") String firstName,
                                            @QueryParam("lastName") String lastName,
                                            @QueryParam("email") String email,
@@ -26,7 +26,7 @@ public interface UsersResource {
 
     @GET
     @Produces(MediaType.APPLICATION_JSON)
-    public List<UserRepresentation> search(@QueryParam("search") String search,
+    List<UserRepresentation> search(@QueryParam("search") String search,
                                            @QueryParam("first") Integer firstResult,
                                            @QueryParam("max") Integer maxResults);
 
@@ -34,7 +34,7 @@ public interface UsersResource {
     @Consumes(MediaType.APPLICATION_JSON)
     Response create(UserRepresentation userRepresentation);
 
-    @Path("{username}")
-    public UserResource get(@PathParam("username") String username);
+    @Path("{id}")
+    UserResource get(@PathParam("id") String id);
 
 }

From c89a412661a3335827da23d17d710960fabf8aec Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 12 Jun 2015 13:32:02 +0200
Subject: [PATCH 42/53] KEYCLOAK-1321 Error page is displayed if user rejects
 sign in with social provider

---
 .../org/keycloak/broker/provider/IdentityProvider.java |  8 ++++++--
 .../broker/oidc/AbstractOAuth2IdentityProvider.java    |  9 ++++++---
 .../services/resources/IdentityBrokerService.java      | 10 ++++++++++
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProvider.java b/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProvider.java
index 47037fae22..1d775eec5c 100755
--- a/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProvider.java
+++ b/broker/core/src/main/java/org/keycloak/broker/provider/IdentityProvider.java
@@ -36,7 +36,7 @@ import javax.ws.rs.core.UriInfo;
  */
 public interface IdentityProvider<C extends IdentityProviderModel> extends Provider {
 
-    public interface AuthenticationCallback {
+    interface AuthenticationCallback {
         /**
          * This method should be called by provider after the JAXRS callback endpoint has finished authentication
          * with the remote IDP
@@ -44,7 +44,11 @@ public interface IdentityProvider<C extends IdentityProviderModel> extends Provi
          * @param context
          * @return
          */
-        public Response authenticated(BrokeredIdentityContext context);
+        Response authenticated(BrokeredIdentityContext context);
+
+        Response cancelled(String code);
+
+        Response error(String code, String message);
     }
 
 
diff --git a/broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java b/broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
index b80949af2f..376210db27 100755
--- a/broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
+++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
@@ -58,6 +58,7 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
     public static final String FEDERATED_ACCESS_TOKEN = "FEDERATED_ACCESS_TOKEN";
     public static final String FEDERATED_REFRESH_TOKEN = "FEDERATED_REFRESH_TOKEN";
     public static final String FEDERATED_TOKEN_EXPIRATION = "FEDERATED_TOKEN_EXPIRATION";
+    public static final String ACCESS_DENIED = "access_denied";
     protected static ObjectMapper mapper = new ObjectMapper();
 
     public static final String OAUTH2_PARAMETER_ACCESS_TOKEN = "access_token";
@@ -213,9 +214,11 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
                                      @QueryParam(OAuth2Constants.ERROR) String error) {
             if (error != null) {
                 //logger.error("Failed " + getConfig().getAlias() + " broker login: " + error);
-                event.event(EventType.LOGIN);
-                event.error(error);
-                return ErrorPage.error(session, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR);
+                if (error.equals(ACCESS_DENIED)) {
+                    return callback.cancelled(state);
+                } else {
+                    return callback.error(state, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR);
+                }
             }
 
             try {
diff --git a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
index e1d6bfa5b8..eae77cd780 100755
--- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
+++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
@@ -315,6 +315,16 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
                 this.uriInfo, event);
     }
 
+    @Override
+    public Response cancelled(String code) {
+        return session.getProvider(LoginFormsProvider.class).setClientSessionCode(code).createLogin();
+    }
+
+    @Override
+    public Response error(String code, String message) {
+        return session.getProvider(LoginFormsProvider.class).setClientSessionCode(code).setError(message).createLogin();
+    }
+
     private Response performAccountLinking(ClientSessionModel clientSession, BrokeredIdentityContext context, FederatedIdentityModel federatedIdentityModel, UserModel federatedUser) {
         this.event.event(EventType.IDENTITY_PROVIDER_ACCCOUNT_LINKING);
 

From 4ccc37abbbe4d85cbe23bd7d1c43313ac66cec0e Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 12 Jun 2015 14:19:42 +0200
Subject: [PATCH 43/53] Add EAP6 standalone.xml to source instead of dl eap6
 from techpreview repo

---
 .../eap6/eap6-server-overlay/pom.xml          |  28 +-
 .../src/main/standalone.xml                   | 341 ++++++++++++++++++
 2 files changed, 343 insertions(+), 26 deletions(-)
 create mode 100644 distribution/server-overlay/eap6/eap6-server-overlay/src/main/standalone.xml

diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml b/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
index b767ff8672..4933a6133e 100755
--- a/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
@@ -19,40 +19,16 @@
             <artifactId>keycloak-eap6-server-modules</artifactId>
             <type>zip</type>
         </dependency>
-        <dependency>
-            <groupId>org.jboss.as</groupId>
-            <artifactId>jboss-as-dist</artifactId>
-            <type>zip</type>
-            <version>${jboss.version}</version>
-        </dependency>
     </dependencies>
 
     <build>
-        <finalName>keycloak-eap6-overlay-${project.version}</finalName>
+        <finalName>keycloak-overlay-eap6-${project.version}</finalName>
 
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-dependency-plugin</artifactId>
                 <executions>
-                    <execution>
-                        <id>unpack-standalone-xml</id>
-                        <phase>prepare-package</phase>
-                        <goals>
-                            <goal>unpack</goal>
-                        </goals>
-                        <configuration>
-                            <artifactItems>
-                                <artifactItem>
-                                    <groupId>org.jboss.as</groupId>
-                                    <artifactId>jboss-as-dist</artifactId>
-                                    <type>zip</type>
-                                    <outputDirectory>${project.build.directory}/unpacked</outputDirectory>
-                                </artifactItem>
-                            </artifactItems>
-                            <includes>*/standalone/configuration/standalone.xml</includes>
-                        </configuration>
-                    </execution>
                     <execution>
                         <id>unpack-jboss-modules</id>
                         <phase>prepare-package</phase>
@@ -86,7 +62,7 @@
                         <configuration>
                             <transformationSets>
                                 <transformationSet>
-                                    <dir>${project.build.directory}/unpacked/jboss-eap-6.4/standalone/configuration</dir>
+                                    <dir>src/main</dir>
                                     <stylesheet>src/main/xslt/standalone.xsl</stylesheet>
                                     <includes>
                                         <include>standalone.xml</include>
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/src/main/standalone.xml b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/standalone.xml
new file mode 100644
index 0000000000..5835618b24
--- /dev/null
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/standalone.xml
@@ -0,0 +1,341 @@
+<?xml version='1.0' encoding='UTF-8'?>
+
+<server xmlns="urn:jboss:domain:1.7">
+    <extensions>
+        <extension module="org.jboss.as.clustering.infinispan"/>
+        <extension module="org.jboss.as.connector"/>
+        <extension module="org.jboss.as.deployment-scanner"/>
+        <extension module="org.jboss.as.ee"/>
+        <extension module="org.jboss.as.ejb3"/>
+        <extension module="org.jboss.as.jaxrs"/>
+        <extension module="org.jboss.as.jdr"/>
+        <extension module="org.jboss.as.jmx"/>
+        <extension module="org.jboss.as.jpa"/>
+        <extension module="org.jboss.as.jsf"/>
+        <extension module="org.jboss.as.logging"/>
+        <extension module="org.jboss.as.mail"/>
+        <extension module="org.jboss.as.naming"/>
+        <extension module="org.jboss.as.pojo"/>
+        <extension module="org.jboss.as.remoting"/>
+        <extension module="org.jboss.as.sar"/>
+        <extension module="org.jboss.as.security"/>
+        <extension module="org.jboss.as.threads"/>
+        <extension module="org.jboss.as.transactions"/>
+        <extension module="org.jboss.as.web"/>
+        <extension module="org.jboss.as.webservices"/>
+        <extension module="org.jboss.as.weld"/>
+    </extensions>
+    <management>
+        <security-realms>
+            <security-realm name="ManagementRealm">
+                <authentication>
+                    <local default-user="$local" skip-group-loading="true"/>
+                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
+                </authentication>
+                <authorization map-groups-to-roles="false">
+                    <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
+                </authorization>
+            </security-realm>
+            <security-realm name="ApplicationRealm">
+                <authentication>
+                    <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
+                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
+                </authentication>
+                <authorization>
+                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
+                </authorization>
+            </security-realm>
+        </security-realms>
+        <audit-log>
+            <formatters>
+                <json-formatter name="json-formatter"/>
+            </formatters>
+            <handlers>
+                <file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
+            </handlers>
+            <logger log-boot="true" log-read-only="false" enabled="false">
+                <handlers>
+                    <handler name="file"/>
+                </handlers>
+            </logger>
+        </audit-log>
+        <management-interfaces>
+            <native-interface security-realm="ManagementRealm">
+                <socket-binding native="management-native"/>
+            </native-interface>
+            <http-interface security-realm="ManagementRealm">
+                <socket-binding http="management-http"/>
+            </http-interface>
+        </management-interfaces>
+        <access-control provider="simple">
+            <role-mapping>
+                <role name="SuperUser">
+                    <include>
+                        <user name="$local"/>
+                    </include>
+                </role>
+            </role-mapping>
+        </access-control>
+    </management>
+    <profile>
+        <subsystem xmlns="urn:jboss:domain:logging:1.5">
+            <console-handler name="CONSOLE">
+                <level name="INFO"/>
+                <formatter>
+                    <named-formatter name="COLOR-PATTERN"/>
+                </formatter>
+            </console-handler>
+            <periodic-rotating-file-handler name="FILE" autoflush="true">
+                <formatter>
+                    <named-formatter name="PATTERN"/>
+                </formatter>
+                <file relative-to="jboss.server.log.dir" path="server.log"/>
+                <suffix value=".yyyy-MM-dd"/>
+                <append value="true"/>
+            </periodic-rotating-file-handler>
+            <logger category="com.arjuna">
+                <level name="WARN"/>
+            </logger>
+            <logger category="org.apache.tomcat.util.modeler">
+                <level name="WARN"/>
+            </logger>
+            <logger category="org.jboss.as.config">
+                <level name="DEBUG"/>
+            </logger>
+            <logger category="sun.rmi">
+                <level name="WARN"/>
+            </logger>
+            <logger category="jacorb">
+                <level name="WARN"/>
+            </logger>
+            <logger category="jacorb.config">
+                <level name="ERROR"/>
+            </logger>
+            <root-logger>
+                <level name="INFO"/>
+                <handlers>
+                    <handler name="CONSOLE"/>
+                    <handler name="FILE"/>
+                </handlers>
+            </root-logger>
+            <formatter name="PATTERN">
+                <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
+            </formatter>
+            <formatter name="COLOR-PATTERN">
+                <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
+            </formatter>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:datasources:1.2">
+            <datasources>
+                <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
+                    <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
+                    <driver>h2</driver>
+                    <security>
+                        <user-name>sa</user-name>
+                        <password>sa</password>
+                    </security>
+                </datasource>
+                <drivers>
+                    <driver name="h2" module="com.h2database.h2">
+                        <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
+                    </driver>
+                </drivers>
+            </datasources>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:deployment-scanner:1.1">
+            <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:ee:1.2">
+            <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
+            <jboss-descriptor-property-replacement>true</jboss-descriptor-property-replacement>
+            <annotation-property-replacement>false</annotation-property-replacement>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:ejb3:1.5">
+            <session-bean>
+                <stateless>
+                    <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
+                </stateless>
+                <stateful default-access-timeout="5000" cache-ref="simple"/>
+                <singleton default-access-timeout="5000"/>
+            </session-bean>
+            <pools>
+                <bean-instance-pools>
+                    <strict-max-pool name="slsb-strict-max-pool" max-pool-size="20" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
+                    <strict-max-pool name="mdb-strict-max-pool" max-pool-size="20" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
+                </bean-instance-pools>
+            </pools>
+            <caches>
+                <cache name="simple" aliases="NoPassivationCache"/>
+                <cache name="passivating" passivation-store-ref="file" aliases="SimpleStatefulCache"/>
+            </caches>
+            <passivation-stores>
+                <file-passivation-store name="file"/>
+            </passivation-stores>
+            <async thread-pool-name="default"/>
+            <timer-service thread-pool-name="default" default-data-store="default-file-store">
+                <data-stores>
+                    <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
+                </data-stores>
+            </timer-service>
+            <remote connector-ref="remoting-connector" thread-pool-name="default"/>
+            <thread-pools>
+                <thread-pool name="default">
+                    <max-threads count="10"/>
+                    <keepalive-time time="100" unit="milliseconds"/>
+                </thread-pool>
+            </thread-pools>
+            <default-security-domain value="other"/>
+            <default-missing-method-permissions-deny-access value="true"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:infinispan:1.5">
+            <cache-container name="web" aliases="standard-session-cache" default-cache="local-web" module="org.jboss.as.clustering.web.infinispan">
+                <local-cache name="local-web" batching="true">
+                    <file-store passivation="false" purge="false"/>
+                </local-cache>
+            </cache-container>
+            <cache-container name="hibernate" default-cache="local-query" module="org.jboss.as.jpa.hibernate:4">
+                <local-cache name="entity">
+                    <transaction mode="NON_XA"/>
+                    <eviction strategy="LRU" max-entries="10000"/>
+                    <expiration max-idle="100000"/>
+                </local-cache>
+                <local-cache name="local-query">
+                    <transaction mode="NONE"/>
+                    <eviction strategy="LRU" max-entries="10000"/>
+                    <expiration max-idle="100000"/>
+                </local-cache>
+                <local-cache name="timestamps">
+                    <transaction mode="NONE"/>
+                    <eviction strategy="NONE"/>
+                </local-cache>
+            </cache-container>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
+        <subsystem xmlns="urn:jboss:domain:jca:1.1">
+            <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
+            <bean-validation enabled="true"/>
+            <default-workmanager>
+                <short-running-threads>
+                    <core-threads count="50"/>
+                    <queue-length count="50"/>
+                    <max-threads count="50"/>
+                    <keepalive-time time="10" unit="seconds"/>
+                </short-running-threads>
+                <long-running-threads>
+                    <core-threads count="50"/>
+                    <queue-length count="50"/>
+                    <max-threads count="50"/>
+                    <keepalive-time time="10" unit="seconds"/>
+                </long-running-threads>
+            </default-workmanager>
+            <cached-connection-manager/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
+        <subsystem xmlns="urn:jboss:domain:jmx:1.3">
+            <expose-resolved-model/>
+            <expose-expression-model/>
+            <remoting-connector/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jpa:1.1">
+            <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
+        <subsystem xmlns="urn:jboss:domain:mail:1.2">
+            <mail-session name="default" jndi-name="java:jboss/mail/Default">
+                <smtp-server outbound-socket-binding-ref="mail-smtp"/>
+            </mail-session>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:naming:1.4">
+            <remote-naming/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:pojo:1.0"/>
+        <subsystem xmlns="urn:jboss:domain:remoting:1.2">
+            <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:resource-adapters:1.1"/>
+        <subsystem xmlns="urn:jboss:domain:sar:1.0"/>
+        <subsystem xmlns="urn:jboss:domain:security:1.2">
+            <security-domains>
+                <security-domain name="other" cache-type="default">
+                    <authentication>
+                        <login-module code="Remoting" flag="optional">
+                            <module-option name="password-stacking" value="useFirstPass"/>
+                        </login-module>
+                        <login-module code="RealmDirect" flag="required">
+                            <module-option name="password-stacking" value="useFirstPass"/>
+                        </login-module>
+                    </authentication>
+                </security-domain>
+                <security-domain name="jboss-web-policy" cache-type="default">
+                    <authorization>
+                        <policy-module code="Delegating" flag="required"/>
+                    </authorization>
+                </security-domain>
+                <security-domain name="jboss-ejb-policy" cache-type="default">
+                    <authorization>
+                        <policy-module code="Delegating" flag="required"/>
+                    </authorization>
+                </security-domain>
+            </security-domains>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:threads:1.1"/>
+        <subsystem xmlns="urn:jboss:domain:transactions:1.5">
+            <core-environment>
+                <process-id>
+                    <uuid/>
+                </process-id>
+            </core-environment>
+            <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
+            <coordinator-environment default-timeout="300"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
+            <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
+            <virtual-server name="default-host" enable-welcome-root="true">
+                <alias name="localhost"/>
+                <alias name="example.com"/>
+            </virtual-server>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:webservices:1.2">
+            <modify-wsdl-address>true</modify-wsdl-address>
+            <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
+            <endpoint-config name="Standard-Endpoint-Config"/>
+            <endpoint-config name="Recording-Endpoint-Config">
+                <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
+                    <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
+                </pre-handler-chain>
+            </endpoint-config>
+            <client-config name="Standard-Client-Config"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:weld:1.0"/>
+    </profile>
+    <interfaces>
+        <interface name="management">
+            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
+        </interface>
+        <interface name="public">
+            <inet-address value="${jboss.bind.address:127.0.0.1}"/>
+        </interface>
+        <!-- TODO - only show this if the jacorb subsystem is added  -->
+        <interface name="unsecure">
+            <!--
+              ~  Used for IIOP sockets in the standard configuration.
+              ~                  To secure JacORB you need to setup SSL 
+              -->
+            <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
+        </interface>
+    </interfaces>
+    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+        <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
+        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
+        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
+        <socket-binding name="ajp" port="8009"/>
+        <socket-binding name="http" port="8080"/>
+        <socket-binding name="https" port="8443"/>
+        <socket-binding name="remoting" port="4447"/>
+        <socket-binding name="txn-recovery-environment" port="4712"/>
+        <socket-binding name="txn-status-manager" port="4713"/>
+        <outbound-socket-binding name="mail-smtp">
+            <remote-destination host="localhost" port="25"/>
+        </outbound-socket-binding>
+    </socket-binding-group>
+</server>
\ No newline at end of file

From cc2de52a1af323c814d8d26c3b3b750a2ec4e662 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 12 Jun 2015 14:19:58 +0200
Subject: [PATCH 44/53] Revert to old RestEasy until we can drop support for
 EAP 6.4

---
 integration/admin-client/pom.xml       |  8 +++----
 integration/jaxrs-oauth-client/pom.xml |  7 ++----
 pom.xml                                | 14 ++++-------
 testsuite/pom.xml                      | 32 ++++++++++++++++++++++++++
 4 files changed, 41 insertions(+), 20 deletions(-)

diff --git a/integration/admin-client/pom.xml b/integration/admin-client/pom.xml
index 75cf5bfa2d..6ed727251b 100755
--- a/integration/admin-client/pom.xml
+++ b/integration/admin-client/pom.xml
@@ -32,21 +32,19 @@
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>jaxrs-api</artifactId>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.jboss.resteasy</groupId>
-            <artifactId>resteasy-jaxrs</artifactId>
+            <version>${resteasy.latest.version}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>resteasy-client</artifactId>
+            <version>${resteasy.latest.version}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>resteasy-jackson-provider</artifactId>
+            <version>${resteasy.latest.version}</version>
             <scope>provided</scope>
         </dependency>
     </dependencies>
diff --git a/integration/jaxrs-oauth-client/pom.xml b/integration/jaxrs-oauth-client/pom.xml
index e12f4d155d..a20ba3e0e9 100755
--- a/integration/jaxrs-oauth-client/pom.xml
+++ b/integration/jaxrs-oauth-client/pom.xml
@@ -17,16 +17,13 @@
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>jaxrs-api</artifactId>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.jboss.resteasy</groupId>
-            <artifactId>resteasy-jaxrs</artifactId>
+            <version>${resteasy.latest.version}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>resteasy-client</artifactId>
+            <version>${resteasy.latest.version}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
diff --git a/pom.xml b/pom.xml
index 86e1ded0d8..5986f6cb5c 100755
--- a/pom.xml
+++ b/pom.xml
@@ -26,8 +26,8 @@
         <jackson.version>1.9.9</jackson.version>
         <apache.httpcomponents.version>4.3.6</apache.httpcomponents.version>
         <apache.httpcomponents.httpcore.version>4.3.3</apache.httpcomponents.httpcore.version>
-        <resteasy.version>3.0.10.Final</resteasy.version>
-        <resteasy.version.latest>3.0.10.Final</resteasy.version.latest>
+        <resteasy.version>2.3.7.Final</resteasy.version>
+        <resteasy.latest.version>3.0.9.Final</resteasy.latest.version>
         <joda-time.version>2.7</joda-time.version>
         <keycloak.apache.httpcomponents.version>4.2.1</keycloak.apache.httpcomponents.version>
         <!-- <undertow.version>1.1.0.Final</undertow.version> -->
@@ -255,18 +255,12 @@
             <dependency>
                 <groupId>org.jboss.resteasy</groupId>
                 <artifactId>resteasy-client</artifactId>
-                <version>${resteasy.version}</version>
+                <version>${resteasy.latest.version}</version>
             </dependency>
             <dependency>
                 <groupId>org.jboss.resteasy</groupId>
                 <artifactId>resteasy-undertow</artifactId>
-                <version>${resteasy.version}</version>
-                <scope>test</scope>
-            </dependency>
-            <dependency>
-                <groupId>org.jboss.resteasy</groupId>
-                <artifactId>async-http-servlet-3.0</artifactId>
-                <version>${resteasy.version}</version>
+                <version>${resteasy.latest.version}</version>
                 <scope>test</scope>
             </dependency>
             <dependency>
diff --git a/testsuite/pom.xml b/testsuite/pom.xml
index d3db601895..0f7b6a67ce 100755
--- a/testsuite/pom.xml
+++ b/testsuite/pom.xml
@@ -13,6 +13,38 @@
     <packaging>pom</packaging>
     <name>Keycloak TestSuite</name>
 	<description />
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.jboss.resteasy</groupId>
+                <artifactId>jaxrs-api</artifactId>
+                <version>${resteasy.latest.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.jboss.resteasy</groupId>
+                <artifactId>resteasy-jaxrs</artifactId>
+                <version>${resteasy.latest.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.jboss.resteasy</groupId>
+                <artifactId>resteasy-multipart-provider</artifactId>
+                <version>${resteasy.latest.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.jboss.resteasy</groupId>
+                <artifactId>resteasy-jackson-provider</artifactId>
+                <version>${resteasy.latest.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.jboss.resteasy</groupId>
+                <artifactId>async-http-servlet-3.0</artifactId>
+                <version>${resteasy.latest.version}</version>
+                <scope>test</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <build>
         <plugins>
             <plugin>

From 939527bd989dc276d9516d112e80ef186f9e99bb Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 12 Jun 2015 14:32:06 +0200
Subject: [PATCH 45/53] Bump version

---
 ....3.0.Beta1.xml => jpa-changelog-1.3.0.xml} |   2 +-
 .../META-INF/jpa-changelog-master.xml         |   2 +-
 .../impl/DefaultMongoUpdaterProvider.java     |   2 +-
 ...pdate1_3_0_Beta1.java => Update1_3_0.java} |   4 +-
 .../migration/MigrationModelManager.java      |   8 +-
 ...To1_3_0_Beta1.java => MigrateTo1_3_0.java} | 168 +++++++++---------
 6 files changed, 93 insertions(+), 93 deletions(-)
 rename connections/jpa-liquibase/src/main/resources/META-INF/{jpa-changelog-1.3.0.Beta1.xml => jpa-changelog-1.3.0.xml} (99%)
 rename connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/{Update1_3_0_Beta1.java => Update1_3_0.java} (96%)
 rename model/api/src/main/java/org/keycloak/migration/migrators/{MigrateTo1_3_0_Beta1.java => MigrateTo1_3_0.java} (96%)

diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.xml
similarity index 99%
rename from connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
rename to connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.xml
index 41c3ac85bf..db1adb8309 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.Beta1.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
-    <changeSet author="bburke@redhat.com" id="1.3.0.Beta1">
+    <changeSet author="bburke@redhat.com" id="1.3.0">
         <delete tableName="CLIENT_SESSION_ROLE"/>
         <delete tableName="CLIENT_SESSION_PROT_MAPPER"/>
         <delete tableName="CLIENT_SESSION_NOTE"/>
diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml
index 76c4507374..f3f3f9039b 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml
@@ -6,5 +6,5 @@
     <include file="META-INF/jpa-changelog-1.2.0.Beta1.xml"/>
     <include file="META-INF/jpa-changelog-1.2.0.CR1.xml"/>
     <include file="META-INF/jpa-changelog-1.2.0.Final.xml"/>
-    <include file="META-INF/jpa-changelog-1.3.0.Beta1.xml"/>
+    <include file="META-INF/jpa-changelog-1.3.0.xml"/>
 </databaseChangeLog>
diff --git a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java
index c8097f6cf9..3ca2bff383 100644
--- a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java
+++ b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java
@@ -27,7 +27,7 @@ public class DefaultMongoUpdaterProvider implements MongoUpdaterProvider {
             Update1_1_0_Beta1.class,
             Update1_2_0_Beta1.class,
             Update1_2_0_CR1.class,
-            Update1_3_0_Beta1.class
+            Update1_3_0.class
     };
 
     @Override
diff --git a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0_Beta1.java b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0.java
similarity index 96%
rename from connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0_Beta1.java
rename to connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0.java
index f834d22b1d..b2273333ef 100644
--- a/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0_Beta1.java
+++ b/connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0.java
@@ -10,11 +10,11 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation;
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
  */
-public class Update1_3_0_Beta1 extends Update {
+public class Update1_3_0 extends Update {
 
     @Override
     public String getId() {
-        return "1.3.0.Beta1";
+        return "1.3.0";
     }
 
     @Override
diff --git a/model/api/src/main/java/org/keycloak/migration/MigrationModelManager.java b/model/api/src/main/java/org/keycloak/migration/MigrationModelManager.java
index 5d58fe1b1a..722bc5e021 100755
--- a/model/api/src/main/java/org/keycloak/migration/MigrationModelManager.java
+++ b/model/api/src/main/java/org/keycloak/migration/MigrationModelManager.java
@@ -1,7 +1,7 @@
 package org.keycloak.migration;
 
 import org.jboss.logging.Logger;
-import org.keycloak.migration.migrators.MigrateTo1_3_0_Beta1;
+import org.keycloak.migration.migrators.MigrateTo1_3_0;
 import org.keycloak.migration.migrators.MigrationTo1_2_0_CR1;
 import org.keycloak.models.KeycloakSession;
 
@@ -27,11 +27,11 @@ public class MigrationModelManager {
             }
             new MigrationTo1_2_0_CR1().migrate(session);
         }
-        if (stored == null || stored.lessThan(MigrateTo1_3_0_Beta1.VERSION)) {
+        if (stored == null || stored.lessThan(MigrateTo1_3_0.VERSION)) {
             if (stored != null) {
-                logger.debug("Migrating older model to 1.3.0.Beta1 updates");
+                logger.debug("Migrating older model to 1.3.0 updates");
             }
-            new MigrateTo1_3_0_Beta1().migrate(session);
+            new MigrateTo1_3_0().migrate(session);
         }
 
         model.setStoredVersion(MigrationModel.LATEST_VERSION);
diff --git a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0.java
similarity index 96%
rename from model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java
rename to model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0.java
index 195910b2f7..1b68528ee4 100755
--- a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0_Beta1.java
+++ b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_3_0.java
@@ -1,84 +1,84 @@
-package org.keycloak.migration.migrators;
-
-import org.keycloak.migration.ModelVersion;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.LDAPConstants;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserFederationEventAwareProviderFactory;
-import org.keycloak.models.UserFederationMapperModel;
-import org.keycloak.models.UserFederationProvider;
-import org.keycloak.models.UserFederationProviderFactory;
-import org.keycloak.models.UserFederationProviderModel;
-import org.keycloak.models.utils.DefaultAuthenticationFlows;
-
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.naming.directory.SearchControls;
-
-/**
- * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
- */
-public class MigrateTo1_3_0_Beta1 {
-    public static final ModelVersion VERSION = new ModelVersion("1.3.0.Beta1");
-
-
-    public void migrate(KeycloakSession session) {
-        List<RealmModel> realms = session.realms().getRealms();
-        for (RealmModel realm : realms) {
-            if (realm.getAuthenticationFlows().size() == 0) {
-                DefaultAuthenticationFlows.addFlows(realm);
-            }
-
-            migrateLDAPProviders(session, realm);
-        }
-
-    }
-
-    private void migrateLDAPProviders(KeycloakSession session, RealmModel realm) {
-        List<UserFederationProviderModel> federationProviders = realm.getUserFederationProviders();
-        for (UserFederationProviderModel fedProvider : federationProviders) {
-
-            if (fedProvider.getProviderName().equals(LDAPConstants.LDAP_PROVIDER)) {
-                Map<String, String> config = fedProvider.getConfig();
-
-                // Update config properties for LDAP federation provider
-                if (config.get(LDAPConstants.SEARCH_SCOPE) == null) {
-                    config.put(LDAPConstants.SEARCH_SCOPE, String.valueOf(SearchControls.SUBTREE_SCOPE));
-                }
-
-                String usersDn = config.remove("userDnSuffix");
-                if (usersDn != null && config.get(LDAPConstants.USERS_DN) == null) {
-                    config.put(LDAPConstants.USERS_DN, usersDn);
-                }
-
-                String usernameLdapAttribute = config.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
-                if (usernameLdapAttribute != null && config.get(LDAPConstants.RDN_LDAP_ATTRIBUTE) == null) {
-                    if (usernameLdapAttribute.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) {
-                        config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, LDAPConstants.CN);
-                    } else {
-                        config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, usernameLdapAttribute);
-                    }
-                }
-
-                if (config.get(LDAPConstants.UUID_LDAP_ATTRIBUTE) == null) {
-                    String uuidAttrName = LDAPConstants.getUuidAttributeName(config.get(LDAPConstants.VENDOR));
-                    config.put(LDAPConstants.UUID_LDAP_ATTRIBUTE, uuidAttrName);
-                }
-
-                realm.updateUserFederationProvider(fedProvider);
-
-                // Create default mappers for LDAP
-                Set<UserFederationMapperModel> mappers = realm.getUserFederationMappersByFederationProvider(fedProvider.getId());
-                if (mappers.isEmpty()) {
-                    UserFederationProviderFactory ldapFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, LDAPConstants.LDAP_PROVIDER);
-                    if (ldapFactory != null) {
-                        ((UserFederationEventAwareProviderFactory) ldapFactory).onProviderModelCreated(realm, fedProvider);
-                    }
-                }
-            }
-        }
-    }
-}
+package org.keycloak.migration.migrators;
+
+import org.keycloak.migration.ModelVersion;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.LDAPConstants;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserFederationEventAwareProviderFactory;
+import org.keycloak.models.UserFederationMapperModel;
+import org.keycloak.models.UserFederationProvider;
+import org.keycloak.models.UserFederationProviderFactory;
+import org.keycloak.models.UserFederationProviderModel;
+import org.keycloak.models.utils.DefaultAuthenticationFlows;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.naming.directory.SearchControls;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class MigrateTo1_3_0 {
+    public static final ModelVersion VERSION = new ModelVersion("1.3.0");
+
+
+    public void migrate(KeycloakSession session) {
+        List<RealmModel> realms = session.realms().getRealms();
+        for (RealmModel realm : realms) {
+            if (realm.getAuthenticationFlows().size() == 0) {
+                DefaultAuthenticationFlows.addFlows(realm);
+            }
+
+            migrateLDAPProviders(session, realm);
+        }
+
+    }
+
+    private void migrateLDAPProviders(KeycloakSession session, RealmModel realm) {
+        List<UserFederationProviderModel> federationProviders = realm.getUserFederationProviders();
+        for (UserFederationProviderModel fedProvider : federationProviders) {
+
+            if (fedProvider.getProviderName().equals(LDAPConstants.LDAP_PROVIDER)) {
+                Map<String, String> config = fedProvider.getConfig();
+
+                // Update config properties for LDAP federation provider
+                if (config.get(LDAPConstants.SEARCH_SCOPE) == null) {
+                    config.put(LDAPConstants.SEARCH_SCOPE, String.valueOf(SearchControls.SUBTREE_SCOPE));
+                }
+
+                String usersDn = config.remove("userDnSuffix");
+                if (usersDn != null && config.get(LDAPConstants.USERS_DN) == null) {
+                    config.put(LDAPConstants.USERS_DN, usersDn);
+                }
+
+                String usernameLdapAttribute = config.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
+                if (usernameLdapAttribute != null && config.get(LDAPConstants.RDN_LDAP_ATTRIBUTE) == null) {
+                    if (usernameLdapAttribute.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)) {
+                        config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, LDAPConstants.CN);
+                    } else {
+                        config.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, usernameLdapAttribute);
+                    }
+                }
+
+                if (config.get(LDAPConstants.UUID_LDAP_ATTRIBUTE) == null) {
+                    String uuidAttrName = LDAPConstants.getUuidAttributeName(config.get(LDAPConstants.VENDOR));
+                    config.put(LDAPConstants.UUID_LDAP_ATTRIBUTE, uuidAttrName);
+                }
+
+                realm.updateUserFederationProvider(fedProvider);
+
+                // Create default mappers for LDAP
+                Set<UserFederationMapperModel> mappers = realm.getUserFederationMappersByFederationProvider(fedProvider.getId());
+                if (mappers.isEmpty()) {
+                    UserFederationProviderFactory ldapFactory = (UserFederationProviderFactory) session.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, LDAPConstants.LDAP_PROVIDER);
+                    if (ldapFactory != null) {
+                        ((UserFederationEventAwareProviderFactory) ldapFactory).onProviderModelCreated(realm, fedProvider);
+                    }
+                }
+            }
+        }
+    }
+}

From 38c1945ce48bd2e1a05e2f4c5d8900dc8607cc73 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 12 Jun 2015 14:35:34 +0200
Subject: [PATCH 46/53] Bump version

---
 broker/core/pom.xml                                             | 2 +-
 broker/oidc/pom.xml                                             | 2 +-
 broker/pom.xml                                                  | 2 +-
 broker/saml/pom.xml                                             | 2 +-
 connections/file/pom.xml                                        | 2 +-
 connections/http-client/pom.xml                                 | 2 +-
 connections/infinispan/pom.xml                                  | 2 +-
 connections/jpa-liquibase/pom.xml                               | 2 +-
 connections/jpa/pom.xml                                         | 2 +-
 connections/mongo-update/pom.xml                                | 2 +-
 connections/mongo/pom.xml                                       | 2 +-
 connections/pom.xml                                             | 2 +-
 core-jaxrs/pom.xml                                              | 2 +-
 core/pom.xml                                                    | 2 +-
 dependencies/pom.xml                                            | 2 +-
 dependencies/server-all/pom.xml                                 | 2 +-
 dependencies/server-min/pom.xml                                 | 2 +-
 distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml  | 2 +-
 distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml      | 2 +-
 distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml | 2 +-
 distribution/adapters/as7-eap6-adapter/pom.xml                  | 2 +-
 distribution/adapters/jetty81-adapter-zip/pom.xml               | 2 +-
 distribution/adapters/jetty91-adapter-zip/pom.xml               | 2 +-
 distribution/adapters/jetty92-adapter-zip/pom.xml               | 2 +-
 distribution/adapters/js-adapter-zip/pom.xml                    | 2 +-
 distribution/adapters/osgi/features/pom.xml                     | 2 +-
 distribution/adapters/osgi/jaas/pom.xml                         | 2 +-
 distribution/adapters/osgi/pom.xml                              | 2 +-
 distribution/adapters/osgi/thirdparty/pom.xml                   | 2 +-
 distribution/adapters/pom.xml                                   | 2 +-
 distribution/adapters/tomcat6-adapter-zip/pom.xml               | 2 +-
 distribution/adapters/tomcat7-adapter-zip/pom.xml               | 2 +-
 distribution/adapters/tomcat8-adapter-zip/pom.xml               | 2 +-
 distribution/adapters/wf8-adapter/pom.xml                       | 2 +-
 distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml       | 2 +-
 distribution/adapters/wf8-adapter/wf8-modules/pom.xml           | 2 +-
 distribution/adapters/wf9-adapter/pom.xml                       | 2 +-
 distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml       | 2 +-
 distribution/adapters/wf9-adapter/wf9-modules/pom.xml           | 2 +-
 distribution/demo-dist/pom.xml                                  | 2 +-
 distribution/docs-dist/pom.xml                                  | 2 +-
 distribution/examples-dist/pom.xml                              | 2 +-
 distribution/feature-packs/pom.xml                              | 2 +-
 distribution/feature-packs/server-feature-pack/pom.xml          | 2 +-
 distribution/pom.xml                                            | 2 +-
 distribution/proxy-dist/pom.xml                                 | 2 +-
 distribution/server-dist/pom.xml                                | 2 +-
 distribution/server-overlay/eap6/eap6-server-modules/pom.xml    | 2 +-
 distribution/server-overlay/eap6/eap6-server-overlay/pom.xml    | 2 +-
 distribution/server-overlay/eap6/pom.xml                        | 2 +-
 distribution/server-overlay/pom.xml                             | 2 +-
 distribution/server-overlay/wf9-server-overlay/pom.xml          | 2 +-
 distribution/src-dist/pom.xml                                   | 2 +-
 distribution/subsystem-war/pom.xml                              | 2 +-
 docbook/pom.xml                                                 | 2 +-
 events/api/pom.xml                                              | 2 +-
 events/email/pom.xml                                            | 2 +-
 events/jboss-logging/pom.xml                                    | 2 +-
 events/jpa/pom.xml                                              | 2 +-
 events/mongo/pom.xml                                            | 2 +-
 events/pom.xml                                                  | 2 +-
 events/syslog/pom.xml                                           | 2 +-
 examples/admin-client/pom.xml                                   | 2 +-
 examples/basic-auth/pom.xml                                     | 2 +-
 examples/broker/facebook-authentication/pom.xml                 | 2 +-
 examples/broker/google-authentication/pom.xml                   | 2 +-
 examples/broker/pom.xml                                         | 2 +-
 examples/broker/saml-broker-authentication/pom.xml              | 2 +-
 examples/broker/twitter-authentication/pom.xml                  | 2 +-
 examples/cors/angular-product-app/pom.xml                       | 2 +-
 examples/cors/database-service/pom.xml                          | 2 +-
 examples/cors/pom.xml                                           | 2 +-
 examples/demo-template/admin-access-app/pom.xml                 | 2 +-
 examples/demo-template/angular-product-app/pom.xml              | 2 +-
 examples/demo-template/customer-app-cli/pom.xml                 | 2 +-
 examples/demo-template/customer-app-js/pom.xml                  | 2 +-
 examples/demo-template/customer-app/pom.xml                     | 2 +-
 examples/demo-template/database-service/pom.xml                 | 2 +-
 examples/demo-template/example-ear/pom.xml                      | 2 +-
 examples/demo-template/pom.xml                                  | 2 +-
 examples/demo-template/product-app/pom.xml                      | 2 +-
 examples/demo-template/third-party-cdi/pom.xml                  | 2 +-
 examples/demo-template/third-party/pom.xml                      | 2 +-
 examples/fuse/camel/pom.xml                                     | 2 +-
 examples/fuse/customer-app-fuse/pom.xml                         | 2 +-
 examples/fuse/cxf-jaxrs/pom.xml                                 | 2 +-
 examples/fuse/cxf-jaxws/pom.xml                                 | 2 +-
 examples/fuse/features/pom.xml                                  | 2 +-
 examples/fuse/pom.xml                                           | 2 +-
 examples/fuse/product-app-fuse/pom.xml                          | 2 +-
 examples/js-console/pom.xml                                     | 2 +-
 examples/kerberos/pom.xml                                       | 2 +-
 examples/multi-tenant/pom.xml                                   | 2 +-
 examples/pom.xml                                                | 2 +-
 examples/providers/event-listener-sysout/pom.xml                | 2 +-
 examples/providers/event-store-mem/pom.xml                      | 2 +-
 examples/providers/federation-provider/pom.xml                  | 2 +-
 examples/providers/pom.xml                                      | 2 +-
 examples/saml/pom.xml                                           | 2 +-
 examples/themes/pom.xml                                         | 2 +-
 export-import/export-import-api/pom.xml                         | 2 +-
 export-import/export-import-dir/pom.xml                         | 2 +-
 export-import/export-import-single-file/pom.xml                 | 2 +-
 export-import/export-import-zip/pom.xml                         | 2 +-
 export-import/pom.xml                                           | 2 +-
 federation/kerberos/pom.xml                                     | 2 +-
 federation/ldap/pom.xml                                         | 2 +-
 federation/pom.xml                                              | 2 +-
 forms/account-api/pom.xml                                       | 2 +-
 forms/account-freemarker/pom.xml                                | 2 +-
 forms/common-freemarker/pom.xml                                 | 2 +-
 forms/common-themes/pom.xml                                     | 2 +-
 forms/email-api/pom.xml                                         | 2 +-
 forms/email-freemarker/pom.xml                                  | 2 +-
 forms/login-api/pom.xml                                         | 2 +-
 forms/login-freemarker/pom.xml                                  | 2 +-
 forms/pom.xml                                                   | 2 +-
 integration/adapter-core/pom.xml                                | 2 +-
 integration/admin-client/pom.xml                                | 2 +-
 integration/as7-eap6/as7-adapter/pom.xml                        | 2 +-
 integration/as7-eap6/as7-server-subsystem/pom.xml               | 2 +-
 integration/as7-eap6/as7-subsystem/pom.xml                      | 2 +-
 integration/as7-eap6/pom.xml                                    | 2 +-
 integration/installed/pom.xml                                   | 2 +-
 integration/jaxrs-oauth-client/pom.xml                          | 2 +-
 integration/jboss-adapter-core/pom.xml                          | 2 +-
 integration/jetty/jetty-core/pom.xml                            | 2 +-
 integration/jetty/jetty8.1/pom.xml                              | 2 +-
 integration/jetty/jetty9.1/pom.xml                              | 2 +-
 integration/jetty/jetty9.2/pom.xml                              | 2 +-
 integration/jetty/pom.xml                                       | 2 +-
 integration/js/pom.xml                                          | 2 +-
 integration/osgi-adapter/pom.xml                                | 2 +-
 integration/pom.xml                                             | 2 +-
 integration/servlet-oauth-client/pom.xml                        | 2 +-
 integration/spring-boot/pom.xml                                 | 2 +-
 integration/spring-security/pom.xml                             | 2 +-
 integration/tomcat/pom.xml                                      | 2 +-
 integration/tomcat/tomcat-core/pom.xml                          | 2 +-
 integration/tomcat/tomcat6/pom.xml                              | 2 +-
 integration/tomcat/tomcat7/pom.xml                              | 2 +-
 integration/tomcat/tomcat8/pom.xml                              | 2 +-
 integration/undertow/pom.xml                                    | 2 +-
 integration/wildfly/pom.xml                                     | 2 +-
 integration/wildfly/wf8-subsystem/pom.xml                       | 2 +-
 integration/wildfly/wf9-server-subsystem/pom.xml                | 2 +-
 integration/wildfly/wf9-subsystem/pom.xml                       | 2 +-
 integration/wildfly/wildfly-adapter/pom.xml                     | 2 +-
 integration/wildfly/wildfly-extensions/pom.xml                  | 2 +-
 model/api/pom.xml                                               | 2 +-
 model/file/pom.xml                                              | 2 +-
 model/invalidation-cache/infinispan/pom.xml                     | 2 +-
 model/invalidation-cache/model-adapters/pom.xml                 | 2 +-
 model/invalidation-cache/pom.xml                                | 2 +-
 model/jpa/pom.xml                                               | 2 +-
 model/mongo/pom.xml                                             | 2 +-
 model/pom.xml                                                   | 2 +-
 model/sessions-infinispan/pom.xml                               | 2 +-
 model/sessions-jpa/pom.xml                                      | 2 +-
 model/sessions-mem/pom.xml                                      | 2 +-
 model/sessions-mongo/pom.xml                                    | 2 +-
 pom.xml                                                         | 2 +-
 proxy/launcher/pom.xml                                          | 2 +-
 proxy/pom.xml                                                   | 2 +-
 proxy/proxy-server/pom.xml                                      | 2 +-
 saml/pom.xml                                                    | 2 +-
 saml/saml-core/pom.xml                                          | 2 +-
 saml/saml-protocol/pom.xml                                      | 2 +-
 services/pom.xml                                                | 2 +-
 social/core/pom.xml                                             | 2 +-
 social/facebook/pom.xml                                         | 2 +-
 social/github/pom.xml                                           | 2 +-
 social/google/pom.xml                                           | 2 +-
 social/linkedin/pom.xml                                         | 2 +-
 social/pom.xml                                                  | 2 +-
 social/stackoverflow/pom.xml                                    | 2 +-
 social/twitter/pom.xml                                          | 2 +-
 testsuite/docker-cluster/pom.xml                                | 2 +-
 testsuite/integration-arquillian/pom.xml                        | 2 +-
 testsuite/integration/pom.xml                                   | 2 +-
 testsuite/jetty/jetty81/pom.xml                                 | 2 +-
 testsuite/jetty/jetty91/pom.xml                                 | 2 +-
 testsuite/jetty/jetty92/pom.xml                                 | 2 +-
 testsuite/performance/pom.xml                                   | 2 +-
 testsuite/pom.xml                                               | 2 +-
 testsuite/proxy/pom.xml                                         | 2 +-
 testsuite/tomcat6/pom.xml                                       | 2 +-
 testsuite/tomcat7/pom.xml                                       | 2 +-
 testsuite/tomcat8/pom.xml                                       | 2 +-
 timer/api/pom.xml                                               | 2 +-
 timer/basic/pom.xml                                             | 2 +-
 timer/pom.xml                                                   | 2 +-
 192 files changed, 192 insertions(+), 192 deletions(-)

diff --git a/broker/core/pom.xml b/broker/core/pom.xml
index 41d236e20e..ab121a7d2f 100755
--- a/broker/core/pom.xml
+++ b/broker/core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/broker/oidc/pom.xml b/broker/oidc/pom.xml
index 982a63c3a0..f3be798c2f 100755
--- a/broker/oidc/pom.xml
+++ b/broker/oidc/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/broker/pom.xml b/broker/pom.xml
index 489e16c169..885206ef32 100755
--- a/broker/pom.xml
+++ b/broker/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/broker/saml/pom.xml b/broker/saml/pom.xml
index f87fb51d9f..dfeeb11084 100755
--- a/broker/saml/pom.xml
+++ b/broker/saml/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/file/pom.xml b/connections/file/pom.xml
index 13e3e6ccce..48464e9b86 100755
--- a/connections/file/pom.xml
+++ b/connections/file/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/http-client/pom.xml b/connections/http-client/pom.xml
index 2306cf7009..d580be5063 100755
--- a/connections/http-client/pom.xml
+++ b/connections/http-client/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/infinispan/pom.xml b/connections/infinispan/pom.xml
index 8febd5bca3..a2b3791095 100755
--- a/connections/infinispan/pom.xml
+++ b/connections/infinispan/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/jpa-liquibase/pom.xml b/connections/jpa-liquibase/pom.xml
index 64bda6950b..01a090b3c0 100755
--- a/connections/jpa-liquibase/pom.xml
+++ b/connections/jpa-liquibase/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/jpa/pom.xml b/connections/jpa/pom.xml
index 1ef75f2e5f..7dd5f3a3a4 100755
--- a/connections/jpa/pom.xml
+++ b/connections/jpa/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/mongo-update/pom.xml b/connections/mongo-update/pom.xml
index a3a1eaeb72..eec00b8b0a 100755
--- a/connections/mongo-update/pom.xml
+++ b/connections/mongo-update/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/mongo/pom.xml b/connections/mongo/pom.xml
index 2497188b31..af87da8e45 100755
--- a/connections/mongo/pom.xml
+++ b/connections/mongo/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/connections/pom.xml b/connections/pom.xml
index 5139c00a12..a300c30106 100755
--- a/connections/pom.xml
+++ b/connections/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
     <name>Connections Parent</name>
     <description/>
diff --git a/core-jaxrs/pom.xml b/core-jaxrs/pom.xml
index 5a8b2c8d4f..78bf93d743 100755
--- a/core-jaxrs/pom.xml
+++ b/core-jaxrs/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/core/pom.xml b/core/pom.xml
index 9cbe5bdf50..5a12d1bc00 100755
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/dependencies/pom.xml b/dependencies/pom.xml
index 374a4f8b24..692d4a5ba0 100755
--- a/dependencies/pom.xml
+++ b/dependencies/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/dependencies/server-all/pom.xml b/dependencies/server-all/pom.xml
index 707933a9f0..c813be82ea 100755
--- a/dependencies/server-all/pom.xml
+++ b/dependencies/server-all/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/dependencies/server-min/pom.xml b/dependencies/server-min/pom.xml
index ae247772a9..009742efaf 100755
--- a/dependencies/server-min/pom.xml
+++ b/dependencies/server-min/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml b/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
index 5792a46aba..e70bd6fead 100755
--- a/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml b/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
index a6dafdbbea..6fb1671e3a 100755
--- a/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml b/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
index 96dc3c6739..91bfc36b78 100755
--- a/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/as7-eap6-adapter/pom.xml b/distribution/adapters/as7-eap6-adapter/pom.xml
index 08808f839c..e999582f8b 100644
--- a/distribution/adapters/as7-eap6-adapter/pom.xml
+++ b/distribution/adapters/as7-eap6-adapter/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak AS7 / JBoss EAP 6 Adapter Distros</name>
diff --git a/distribution/adapters/jetty81-adapter-zip/pom.xml b/distribution/adapters/jetty81-adapter-zip/pom.xml
index 233d0ff41b..18e3a3bd9a 100755
--- a/distribution/adapters/jetty81-adapter-zip/pom.xml
+++ b/distribution/adapters/jetty81-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/jetty91-adapter-zip/pom.xml b/distribution/adapters/jetty91-adapter-zip/pom.xml
index 75b455b097..5c4760055a 100755
--- a/distribution/adapters/jetty91-adapter-zip/pom.xml
+++ b/distribution/adapters/jetty91-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/jetty92-adapter-zip/pom.xml b/distribution/adapters/jetty92-adapter-zip/pom.xml
index f26c50e782..c3aeac029e 100755
--- a/distribution/adapters/jetty92-adapter-zip/pom.xml
+++ b/distribution/adapters/jetty92-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/js-adapter-zip/pom.xml b/distribution/adapters/js-adapter-zip/pom.xml
index 090d401d31..6934300734 100755
--- a/distribution/adapters/js-adapter-zip/pom.xml
+++ b/distribution/adapters/js-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/osgi/features/pom.xml b/distribution/adapters/osgi/features/pom.xml
index 850e2ede17..2ef952e6d4 100755
--- a/distribution/adapters/osgi/features/pom.xml
+++ b/distribution/adapters/osgi/features/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak OSGI Features</name>
diff --git a/distribution/adapters/osgi/jaas/pom.xml b/distribution/adapters/osgi/jaas/pom.xml
index 9e797919be..eb8a2bae01 100755
--- a/distribution/adapters/osgi/jaas/pom.xml
+++ b/distribution/adapters/osgi/jaas/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak OSGI JAAS Realm Configuration</name>
diff --git a/distribution/adapters/osgi/pom.xml b/distribution/adapters/osgi/pom.xml
index dd73ecb052..ddbfc3200f 100755
--- a/distribution/adapters/osgi/pom.xml
+++ b/distribution/adapters/osgi/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak OSGI Integration</name>
diff --git a/distribution/adapters/osgi/thirdparty/pom.xml b/distribution/adapters/osgi/thirdparty/pom.xml
index 7a3546e928..b61b09bcbb 100755
--- a/distribution/adapters/osgi/thirdparty/pom.xml
+++ b/distribution/adapters/osgi/thirdparty/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/pom.xml b/distribution/adapters/pom.xml
index f0070f87a0..dc8c8e853b 100755
--- a/distribution/adapters/pom.xml
+++ b/distribution/adapters/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/tomcat6-adapter-zip/pom.xml b/distribution/adapters/tomcat6-adapter-zip/pom.xml
index 604fb26c42..26d555cd60 100755
--- a/distribution/adapters/tomcat6-adapter-zip/pom.xml
+++ b/distribution/adapters/tomcat6-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/tomcat7-adapter-zip/pom.xml b/distribution/adapters/tomcat7-adapter-zip/pom.xml
index 89d336b478..edb5ea7c10 100755
--- a/distribution/adapters/tomcat7-adapter-zip/pom.xml
+++ b/distribution/adapters/tomcat7-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/tomcat8-adapter-zip/pom.xml b/distribution/adapters/tomcat8-adapter-zip/pom.xml
index a45c5481d7..ce7a4f58e9 100755
--- a/distribution/adapters/tomcat8-adapter-zip/pom.xml
+++ b/distribution/adapters/tomcat8-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/wf8-adapter/pom.xml b/distribution/adapters/wf8-adapter/pom.xml
index 7f71d64490..016c293584 100644
--- a/distribution/adapters/wf8-adapter/pom.xml
+++ b/distribution/adapters/wf8-adapter/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Wildfly 8 Adapter</name>
diff --git a/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml b/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml
index aa33dd34dd..226d2e60b4 100755
--- a/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml
+++ b/distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/wf8-adapter/wf8-modules/pom.xml b/distribution/adapters/wf8-adapter/wf8-modules/pom.xml
index cd3f3e30d0..0f88bb7027 100755
--- a/distribution/adapters/wf8-adapter/wf8-modules/pom.xml
+++ b/distribution/adapters/wf8-adapter/wf8-modules/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/wf9-adapter/pom.xml b/distribution/adapters/wf9-adapter/pom.xml
index 33f4d58765..275c4e38e7 100644
--- a/distribution/adapters/wf9-adapter/pom.xml
+++ b/distribution/adapters/wf9-adapter/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Wildfly 9 Adapter</name>
diff --git a/distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml b/distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml
index 7d8ca7d772..1854277bd3 100755
--- a/distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml
+++ b/distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/adapters/wf9-adapter/wf9-modules/pom.xml b/distribution/adapters/wf9-adapter/wf9-modules/pom.xml
index 55c4c94b3b..b408d53471 100755
--- a/distribution/adapters/wf9-adapter/wf9-modules/pom.xml
+++ b/distribution/adapters/wf9-adapter/wf9-modules/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/demo-dist/pom.xml b/distribution/demo-dist/pom.xml
index 7f1e17a2cf..f57344f05a 100755
--- a/distribution/demo-dist/pom.xml
+++ b/distribution/demo-dist/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/docs-dist/pom.xml b/distribution/docs-dist/pom.xml
index 1f0f665cea..4cf67a5617 100755
--- a/distribution/docs-dist/pom.xml
+++ b/distribution/docs-dist/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/examples-dist/pom.xml b/distribution/examples-dist/pom.xml
index 3ffe6db225..ae8dd06085 100755
--- a/distribution/examples-dist/pom.xml
+++ b/distribution/examples-dist/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/feature-packs/pom.xml b/distribution/feature-packs/pom.xml
index 06f0e5cdd4..f5402ee2bb 100644
--- a/distribution/feature-packs/pom.xml
+++ b/distribution/feature-packs/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>distribution-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <name>Feature Pack Builds</name>
diff --git a/distribution/feature-packs/server-feature-pack/pom.xml b/distribution/feature-packs/server-feature-pack/pom.xml
index 6ee425f8f1..bafc79e693 100644
--- a/distribution/feature-packs/server-feature-pack/pom.xml
+++ b/distribution/feature-packs/server-feature-pack/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>feature-packs-parent</artifactId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/distribution/pom.xml b/distribution/pom.xml
index d51a4e55e7..ea3a72672a 100755
--- a/distribution/pom.xml
+++ b/distribution/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/proxy-dist/pom.xml b/distribution/proxy-dist/pom.xml
index 02b179a7b0..4aa5555019 100755
--- a/distribution/proxy-dist/pom.xml
+++ b/distribution/proxy-dist/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/server-dist/pom.xml b/distribution/server-dist/pom.xml
index 428b122bae..be3ab5b470 100755
--- a/distribution/server-dist/pom.xml
+++ b/distribution/server-dist/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/server-overlay/eap6/eap6-server-modules/pom.xml b/distribution/server-overlay/eap6/eap6-server-modules/pom.xml
index a12940a1e2..1fc58d1ecf 100755
--- a/distribution/server-overlay/eap6/eap6-server-modules/pom.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/pom.xml
@@ -8,7 +8,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml b/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
index 4933a6133e..2e4907f543 100755
--- a/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/server-overlay/eap6/pom.xml b/distribution/server-overlay/eap6/pom.xml
index 4ba114b7bc..2504fceb5b 100755
--- a/distribution/server-overlay/eap6/pom.xml
+++ b/distribution/server-overlay/eap6/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/server-overlay/pom.xml b/distribution/server-overlay/pom.xml
index 1ad265932c..f05e4861a0 100755
--- a/distribution/server-overlay/pom.xml
+++ b/distribution/server-overlay/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/server-overlay/wf9-server-overlay/pom.xml b/distribution/server-overlay/wf9-server-overlay/pom.xml
index 497c4ebc8f..5219ebc370 100755
--- a/distribution/server-overlay/wf9-server-overlay/pom.xml
+++ b/distribution/server-overlay/wf9-server-overlay/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/src-dist/pom.xml b/distribution/src-dist/pom.xml
index 14d63e3fcf..028d15676e 100755
--- a/distribution/src-dist/pom.xml
+++ b/distribution/src-dist/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/distribution/subsystem-war/pom.xml b/distribution/subsystem-war/pom.xml
index f1ea3f6ea3..4be6a118a8 100755
--- a/distribution/subsystem-war/pom.xml
+++ b/distribution/subsystem-war/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/docbook/pom.xml b/docbook/pom.xml
index 009b22054f..f97e20355c 100755
--- a/docbook/pom.xml
+++ b/docbook/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/events/api/pom.xml b/events/api/pom.xml
index a70987f670..f447d5f4ff 100755
--- a/events/api/pom.xml
+++ b/events/api/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-events-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/events/email/pom.xml b/events/email/pom.xml
index cd449b0175..3972dc46bc 100755
--- a/events/email/pom.xml
+++ b/events/email/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-events-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/events/jboss-logging/pom.xml b/events/jboss-logging/pom.xml
index e575603cd2..e11effbee1 100755
--- a/events/jboss-logging/pom.xml
+++ b/events/jboss-logging/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-events-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/events/jpa/pom.xml b/events/jpa/pom.xml
index 260e76ce8a..0a4736cc25 100755
--- a/events/jpa/pom.xml
+++ b/events/jpa/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-events-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/events/mongo/pom.xml b/events/mongo/pom.xml
index 84de0f70a0..a686473493 100755
--- a/events/mongo/pom.xml
+++ b/events/mongo/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-events-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/events/pom.xml b/events/pom.xml
index f7d5a35e98..e9569799cd 100755
--- a/events/pom.xml
+++ b/events/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/events/syslog/pom.xml b/events/syslog/pom.xml
index cbe9b9c9b2..585119cc2f 100755
--- a/events/syslog/pom.xml
+++ b/events/syslog/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-events-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/admin-client/pom.xml b/examples/admin-client/pom.xml
index 78aea2d9c7..cdeedce524 100755
--- a/examples/admin-client/pom.xml
+++ b/examples/admin-client/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Examples - Admin Client</name>
diff --git a/examples/basic-auth/pom.xml b/examples/basic-auth/pom.xml
index bd5c681a28..3f61febd5d 100755
--- a/examples/basic-auth/pom.xml
+++ b/examples/basic-auth/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Examples - Basic Auth</name>
diff --git a/examples/broker/facebook-authentication/pom.xml b/examples/broker/facebook-authentication/pom.xml
index e28820c4b5..0c36164c48 100755
--- a/examples/broker/facebook-authentication/pom.xml
+++ b/examples/broker/facebook-authentication/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>keycloak-examples-broker-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Broker Examples - Facebook Authentication</name>
diff --git a/examples/broker/google-authentication/pom.xml b/examples/broker/google-authentication/pom.xml
index 3fea3c2f92..4086d96ee7 100755
--- a/examples/broker/google-authentication/pom.xml
+++ b/examples/broker/google-authentication/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>keycloak-examples-broker-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Broker Examples - Google Authentication</name>
diff --git a/examples/broker/pom.xml b/examples/broker/pom.xml
index 7d328b443e..193fa203df 100755
--- a/examples/broker/pom.xml
+++ b/examples/broker/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Broker Examples</name>
diff --git a/examples/broker/saml-broker-authentication/pom.xml b/examples/broker/saml-broker-authentication/pom.xml
index bc12452071..fff19ad7f4 100755
--- a/examples/broker/saml-broker-authentication/pom.xml
+++ b/examples/broker/saml-broker-authentication/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>keycloak-examples-broker-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Broker Examples - SAML Identity Provider Brokering</name>
diff --git a/examples/broker/twitter-authentication/pom.xml b/examples/broker/twitter-authentication/pom.xml
index 08962453b5..f2c2537168 100755
--- a/examples/broker/twitter-authentication/pom.xml
+++ b/examples/broker/twitter-authentication/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>keycloak-examples-broker-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Broker Examples - Twitter Authentication</name>
diff --git a/examples/cors/angular-product-app/pom.xml b/examples/cors/angular-product-app/pom.xml
index 4b69a88963..237bf5a708 100755
--- a/examples/cors/angular-product-app/pom.xml
+++ b/examples/cors/angular-product-app/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-cors-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/cors/database-service/pom.xml b/examples/cors/database-service/pom.xml
index 057e50b1a6..ee5eb633c5 100755
--- a/examples/cors/database-service/pom.xml
+++ b/examples/cors/database-service/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-cors-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/cors/pom.xml b/examples/cors/pom.xml
index fdfa514c94..a715cefc7e 100755
--- a/examples/cors/pom.xml
+++ b/examples/cors/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Examples - CORS</name>
diff --git a/examples/demo-template/admin-access-app/pom.xml b/examples/demo-template/admin-access-app/pom.xml
index 719c5136d9..5894f73b74 100755
--- a/examples/demo-template/admin-access-app/pom.xml
+++ b/examples/demo-template/admin-access-app/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/angular-product-app/pom.xml b/examples/demo-template/angular-product-app/pom.xml
index 671283e862..5376a09b04 100755
--- a/examples/demo-template/angular-product-app/pom.xml
+++ b/examples/demo-template/angular-product-app/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/customer-app-cli/pom.xml b/examples/demo-template/customer-app-cli/pom.xml
index b5ac17a10e..30c481bb35 100755
--- a/examples/demo-template/customer-app-cli/pom.xml
+++ b/examples/demo-template/customer-app-cli/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/customer-app-js/pom.xml b/examples/demo-template/customer-app-js/pom.xml
index c64eac22f7..094d56519d 100755
--- a/examples/demo-template/customer-app-js/pom.xml
+++ b/examples/demo-template/customer-app-js/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/customer-app/pom.xml b/examples/demo-template/customer-app/pom.xml
index 9bbe7a4b1f..da6be3e7b4 100755
--- a/examples/demo-template/customer-app/pom.xml
+++ b/examples/demo-template/customer-app/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/database-service/pom.xml b/examples/demo-template/database-service/pom.xml
index 3a097847c7..d80b10f635 100755
--- a/examples/demo-template/database-service/pom.xml
+++ b/examples/demo-template/database-service/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/example-ear/pom.xml b/examples/demo-template/example-ear/pom.xml
index bfb6bffab9..6bb3400ed4 100755
--- a/examples/demo-template/example-ear/pom.xml
+++ b/examples/demo-template/example-ear/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/pom.xml b/examples/demo-template/pom.xml
index b002be1ed5..20515f5f51 100755
--- a/examples/demo-template/pom.xml
+++ b/examples/demo-template/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Examples</name>
diff --git a/examples/demo-template/product-app/pom.xml b/examples/demo-template/product-app/pom.xml
index 675ff09b22..fca37feb18 100755
--- a/examples/demo-template/product-app/pom.xml
+++ b/examples/demo-template/product-app/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/third-party-cdi/pom.xml b/examples/demo-template/third-party-cdi/pom.xml
index 7ac1d8d290..d2f8da548b 100755
--- a/examples/demo-template/third-party-cdi/pom.xml
+++ b/examples/demo-template/third-party-cdi/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/demo-template/third-party/pom.xml b/examples/demo-template/third-party/pom.xml
index c2f23b3955..6ec11d9e81 100755
--- a/examples/demo-template/third-party/pom.xml
+++ b/examples/demo-template/third-party/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-demo-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/camel/pom.xml b/examples/fuse/camel/pom.xml
index fca482ead1..0719a0c98e 100755
--- a/examples/fuse/camel/pom.xml
+++ b/examples/fuse/camel/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-fuse-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/customer-app-fuse/pom.xml b/examples/fuse/customer-app-fuse/pom.xml
index de0c0d87dc..4583473e4e 100755
--- a/examples/fuse/customer-app-fuse/pom.xml
+++ b/examples/fuse/customer-app-fuse/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-fuse-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/cxf-jaxrs/pom.xml b/examples/fuse/cxf-jaxrs/pom.xml
index b97346ee0b..9ef099cc72 100755
--- a/examples/fuse/cxf-jaxrs/pom.xml
+++ b/examples/fuse/cxf-jaxrs/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-fuse-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/cxf-jaxws/pom.xml b/examples/fuse/cxf-jaxws/pom.xml
index 594b519a14..aa23b5f5eb 100755
--- a/examples/fuse/cxf-jaxws/pom.xml
+++ b/examples/fuse/cxf-jaxws/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-fuse-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/features/pom.xml b/examples/fuse/features/pom.xml
index d06af85a92..6f6465c35c 100755
--- a/examples/fuse/features/pom.xml
+++ b/examples/fuse/features/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-fuse-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/fuse/pom.xml b/examples/fuse/pom.xml
index f60ca2af7e..694d4b0dfa 100755
--- a/examples/fuse/pom.xml
+++ b/examples/fuse/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Fuse examples</name>
diff --git a/examples/fuse/product-app-fuse/pom.xml b/examples/fuse/product-app-fuse/pom.xml
index 5231405359..38bc235cae 100755
--- a/examples/fuse/product-app-fuse/pom.xml
+++ b/examples/fuse/product-app-fuse/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-fuse-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/js-console/pom.xml b/examples/js-console/pom.xml
index 7434c5cda8..02a2e3257b 100755
--- a/examples/js-console/pom.xml
+++ b/examples/js-console/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/examples/kerberos/pom.xml b/examples/kerberos/pom.xml
index 2ed56cd8ae..ffe8259a11 100755
--- a/examples/kerberos/pom.xml
+++ b/examples/kerberos/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Examples - Kerberos Credential Delegation</name>
diff --git a/examples/multi-tenant/pom.xml b/examples/multi-tenant/pom.xml
index d5fb0d59a2..257be99824 100755
--- a/examples/multi-tenant/pom.xml
+++ b/examples/multi-tenant/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Keycloak Examples - Multi Tenant</name>
diff --git a/examples/pom.xml b/examples/pom.xml
index 5921ea2cbb..b2f7f2ad81 100755
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Examples</name>
diff --git a/examples/providers/event-listener-sysout/pom.xml b/examples/providers/event-listener-sysout/pom.xml
index 06504a1fa9..875396b61e 100755
--- a/examples/providers/event-listener-sysout/pom.xml
+++ b/examples/providers/event-listener-sysout/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-providers-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Event Listener System.out Example</name>
diff --git a/examples/providers/event-store-mem/pom.xml b/examples/providers/event-store-mem/pom.xml
index c1d40ff1b1..eef62a1cb6 100755
--- a/examples/providers/event-store-mem/pom.xml
+++ b/examples/providers/event-store-mem/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-providers-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Event Store In-Mem Example</name>
diff --git a/examples/providers/federation-provider/pom.xml b/examples/providers/federation-provider/pom.xml
index a29520a771..1db608cc67 100755
--- a/examples/providers/federation-provider/pom.xml
+++ b/examples/providers/federation-provider/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-providers-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Properties Authentication Provider Example</name>
diff --git a/examples/providers/pom.xml b/examples/providers/pom.xml
index 21458de7f9..65d719a92f 100755
--- a/examples/providers/pom.xml
+++ b/examples/providers/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Provider Examples</name>
diff --git a/examples/saml/pom.xml b/examples/saml/pom.xml
index c62cd5f38e..61ac3fb0c5 100755
--- a/examples/saml/pom.xml
+++ b/examples/saml/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Provider Examples</name>
diff --git a/examples/themes/pom.xml b/examples/themes/pom.xml
index ccc7f55001..2f4982a793 100755
--- a/examples/themes/pom.xml
+++ b/examples/themes/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-examples-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <name>Themes Examples</name>
diff --git a/export-import/export-import-api/pom.xml b/export-import/export-import-api/pom.xml
index 9c8e7e2ede..f347564795 100755
--- a/export-import/export-import-api/pom.xml
+++ b/export-import/export-import-api/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-export-import-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/export-import/export-import-dir/pom.xml b/export-import/export-import-dir/pom.xml
index c709225ac9..d946010f7c 100755
--- a/export-import/export-import-dir/pom.xml
+++ b/export-import/export-import-dir/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-export-import-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/export-import/export-import-single-file/pom.xml b/export-import/export-import-single-file/pom.xml
index fe701aac81..2b7e2bd87f 100755
--- a/export-import/export-import-single-file/pom.xml
+++ b/export-import/export-import-single-file/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-export-import-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/export-import/export-import-zip/pom.xml b/export-import/export-import-zip/pom.xml
index 1d7ba18e60..fc2bc1a0f2 100755
--- a/export-import/export-import-zip/pom.xml
+++ b/export-import/export-import-zip/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-export-import-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/export-import/pom.xml b/export-import/pom.xml
index dc3060f5ab..f6886915f8 100755
--- a/export-import/pom.xml
+++ b/export-import/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/federation/kerberos/pom.xml b/federation/kerberos/pom.xml
index 2c8ac7e87e..64e3ca447b 100755
--- a/federation/kerberos/pom.xml
+++ b/federation/kerberos/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/federation/ldap/pom.xml b/federation/ldap/pom.xml
index 0e4afe8d48..4c2082d230 100755
--- a/federation/ldap/pom.xml
+++ b/federation/ldap/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/federation/pom.xml b/federation/pom.xml
index b2954f27a1..68619329f4 100755
--- a/federation/pom.xml
+++ b/federation/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/forms/account-api/pom.xml b/forms/account-api/pom.xml
index 44319aabe3..2f8c6f0b62 100755
--- a/forms/account-api/pom.xml
+++ b/forms/account-api/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/account-freemarker/pom.xml b/forms/account-freemarker/pom.xml
index 9d334982c2..1b736ae502 100755
--- a/forms/account-freemarker/pom.xml
+++ b/forms/account-freemarker/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/common-freemarker/pom.xml b/forms/common-freemarker/pom.xml
index 245771075c..9650d362a4 100755
--- a/forms/common-freemarker/pom.xml
+++ b/forms/common-freemarker/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/common-themes/pom.xml b/forms/common-themes/pom.xml
index afb98946b0..3338128203 100755
--- a/forms/common-themes/pom.xml
+++ b/forms/common-themes/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/email-api/pom.xml b/forms/email-api/pom.xml
index 17f17b6a86..4eb50b99a6 100755
--- a/forms/email-api/pom.xml
+++ b/forms/email-api/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/email-freemarker/pom.xml b/forms/email-freemarker/pom.xml
index d38e348894..31a5f4acfb 100755
--- a/forms/email-freemarker/pom.xml
+++ b/forms/email-freemarker/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-forms-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/forms/login-api/pom.xml b/forms/login-api/pom.xml
index 90ddbdc755..da72ddf96b 100755
--- a/forms/login-api/pom.xml
+++ b/forms/login-api/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/login-freemarker/pom.xml b/forms/login-freemarker/pom.xml
index d580f17de3..7e18b3a7a5 100755
--- a/forms/login-freemarker/pom.xml
+++ b/forms/login-freemarker/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-forms-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/forms/pom.xml b/forms/pom.xml
index f0700144fb..5fa20aa7b0 100755
--- a/forms/pom.xml
+++ b/forms/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/adapter-core/pom.xml b/integration/adapter-core/pom.xml
index b519e47363..d9a39fff9d 100755
--- a/integration/adapter-core/pom.xml
+++ b/integration/adapter-core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/admin-client/pom.xml b/integration/admin-client/pom.xml
index 6ed727251b..6a4b41ce06 100755
--- a/integration/admin-client/pom.xml
+++ b/integration/admin-client/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/as7-eap6/as7-adapter/pom.xml b/integration/as7-eap6/as7-adapter/pom.xml
index fcba0a0a90..93ddc0f966 100755
--- a/integration/as7-eap6/as7-adapter/pom.xml
+++ b/integration/as7-eap6/as7-adapter/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/as7-eap6/as7-server-subsystem/pom.xml b/integration/as7-eap6/as7-server-subsystem/pom.xml
index d268d352cb..572c9599d2 100755
--- a/integration/as7-eap6/as7-server-subsystem/pom.xml
+++ b/integration/as7-eap6/as7-server-subsystem/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>keycloak-parent</artifactId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/integration/as7-eap6/as7-subsystem/pom.xml b/integration/as7-eap6/as7-subsystem/pom.xml
index a186da3043..9e9228963d 100755
--- a/integration/as7-eap6/as7-subsystem/pom.xml
+++ b/integration/as7-eap6/as7-subsystem/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>keycloak-parent</artifactId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/integration/as7-eap6/pom.xml b/integration/as7-eap6/pom.xml
index 25ee1ba379..de84c4ec0d 100644
--- a/integration/as7-eap6/pom.xml
+++ b/integration/as7-eap6/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <name>Keycloak AS7 / JBoss EAP 6 Integration</name>
diff --git a/integration/installed/pom.xml b/integration/installed/pom.xml
index 034c8976f2..529b99f26d 100755
--- a/integration/installed/pom.xml
+++ b/integration/installed/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/jaxrs-oauth-client/pom.xml b/integration/jaxrs-oauth-client/pom.xml
index a20ba3e0e9..fbda50cc08 100755
--- a/integration/jaxrs-oauth-client/pom.xml
+++ b/integration/jaxrs-oauth-client/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/jboss-adapter-core/pom.xml b/integration/jboss-adapter-core/pom.xml
index 0e919eca7a..0e6cb1edfe 100755
--- a/integration/jboss-adapter-core/pom.xml
+++ b/integration/jboss-adapter-core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/jetty/jetty-core/pom.xml b/integration/jetty/jetty-core/pom.xml
index 9c48413d0f..19194341aa 100755
--- a/integration/jetty/jetty-core/pom.xml
+++ b/integration/jetty/jetty-core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/jetty/jetty8.1/pom.xml b/integration/jetty/jetty8.1/pom.xml
index de8ac85166..a6d49d746c 100755
--- a/integration/jetty/jetty8.1/pom.xml
+++ b/integration/jetty/jetty8.1/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/jetty/jetty9.1/pom.xml b/integration/jetty/jetty9.1/pom.xml
index b10db5f91e..27e7c06245 100755
--- a/integration/jetty/jetty9.1/pom.xml
+++ b/integration/jetty/jetty9.1/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/jetty/jetty9.2/pom.xml b/integration/jetty/jetty9.2/pom.xml
index 700172aada..13104d5455 100755
--- a/integration/jetty/jetty9.2/pom.xml
+++ b/integration/jetty/jetty9.2/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/jetty/pom.xml b/integration/jetty/pom.xml
index c8ca65e86c..c3eb1f38f7 100755
--- a/integration/jetty/pom.xml
+++ b/integration/jetty/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Jetty Integration</name>
diff --git a/integration/js/pom.xml b/integration/js/pom.xml
index 2e3d13c669..a3c747bea3 100755
--- a/integration/js/pom.xml
+++ b/integration/js/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/osgi-adapter/pom.xml b/integration/osgi-adapter/pom.xml
index 045966e621..5aa76b54bf 100755
--- a/integration/osgi-adapter/pom.xml
+++ b/integration/osgi-adapter/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/pom.xml b/integration/pom.xml
index 0a0f4a5b73..a7c867507e 100755
--- a/integration/pom.xml
+++ b/integration/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <name>Keycloak Integration</name>
diff --git a/integration/servlet-oauth-client/pom.xml b/integration/servlet-oauth-client/pom.xml
index 7df8cbe714..983ccfff6d 100755
--- a/integration/servlet-oauth-client/pom.xml
+++ b/integration/servlet-oauth-client/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/spring-boot/pom.xml b/integration/spring-boot/pom.xml
index 26296e839e..ef31e98df7 100755
--- a/integration/spring-boot/pom.xml
+++ b/integration/spring-boot/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <artifactId>keycloak-parent</artifactId>
     <groupId>org.keycloak</groupId>
-    <version>1.3.0.Final-SNAPSHOT</version>
+    <version>1.4.0.Final-SNAPSHOT</version>
     <relativePath>../../pom.xml</relativePath>
   </parent>
   <modelVersion>4.0.0</modelVersion>
diff --git a/integration/spring-security/pom.xml b/integration/spring-security/pom.xml
index 9bd7ae4eff..9439453d6e 100755
--- a/integration/spring-security/pom.xml
+++ b/integration/spring-security/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/tomcat/pom.xml b/integration/tomcat/pom.xml
index e267cbd08b..36b8f68473 100755
--- a/integration/tomcat/pom.xml
+++ b/integration/tomcat/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Tomcat Integration</name>
diff --git a/integration/tomcat/tomcat-core/pom.xml b/integration/tomcat/tomcat-core/pom.xml
index b96aed0903..81fdbb02a7 100755
--- a/integration/tomcat/tomcat-core/pom.xml
+++ b/integration/tomcat/tomcat-core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/tomcat/tomcat6/pom.xml b/integration/tomcat/tomcat6/pom.xml
index bba65d2a3c..fcfcfde558 100755
--- a/integration/tomcat/tomcat6/pom.xml
+++ b/integration/tomcat/tomcat6/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/tomcat/tomcat7/pom.xml b/integration/tomcat/tomcat7/pom.xml
index bf5009a975..7a8e8b4479 100755
--- a/integration/tomcat/tomcat7/pom.xml
+++ b/integration/tomcat/tomcat7/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/tomcat/tomcat8/pom.xml b/integration/tomcat/tomcat8/pom.xml
index 19796a7d44..59b572973a 100755
--- a/integration/tomcat/tomcat8/pom.xml
+++ b/integration/tomcat/tomcat8/pom.xml
@@ -4,7 +4,7 @@
     <parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/integration/undertow/pom.xml b/integration/undertow/pom.xml
index 83ea95237c..0a4d3c10c7 100755
--- a/integration/undertow/pom.xml
+++ b/integration/undertow/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/wildfly/pom.xml b/integration/wildfly/pom.xml
index bd19c787af..598fee37a8 100644
--- a/integration/wildfly/pom.xml
+++ b/integration/wildfly/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <name>Keycloak WildFly Integration</name>
diff --git a/integration/wildfly/wf8-subsystem/pom.xml b/integration/wildfly/wf8-subsystem/pom.xml
index 8036cd809d..804963e3fb 100755
--- a/integration/wildfly/wf8-subsystem/pom.xml
+++ b/integration/wildfly/wf8-subsystem/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>keycloak-parent</artifactId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/integration/wildfly/wf9-server-subsystem/pom.xml b/integration/wildfly/wf9-server-subsystem/pom.xml
index 8c24055c3b..1efeccf25b 100755
--- a/integration/wildfly/wf9-server-subsystem/pom.xml
+++ b/integration/wildfly/wf9-server-subsystem/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>keycloak-parent</artifactId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/integration/wildfly/wf9-subsystem/pom.xml b/integration/wildfly/wf9-subsystem/pom.xml
index 8141b91144..ef3f11101d 100755
--- a/integration/wildfly/wf9-subsystem/pom.xml
+++ b/integration/wildfly/wf9-subsystem/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>keycloak-parent</artifactId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/integration/wildfly/wildfly-adapter/pom.xml b/integration/wildfly/wildfly-adapter/pom.xml
index 4c5ca3a0be..1248fd5981 100755
--- a/integration/wildfly/wildfly-adapter/pom.xml
+++ b/integration/wildfly/wildfly-adapter/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/integration/wildfly/wildfly-extensions/pom.xml b/integration/wildfly/wildfly-extensions/pom.xml
index 30c34526cc..b25ce804f2 100755
--- a/integration/wildfly/wildfly-extensions/pom.xml
+++ b/integration/wildfly/wildfly-extensions/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>keycloak-parent</artifactId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 
diff --git a/model/api/pom.xml b/model/api/pom.xml
index ec4325f9d3..9cdefbb6a0 100755
--- a/model/api/pom.xml
+++ b/model/api/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/file/pom.xml b/model/file/pom.xml
index 564201fd73..0e5c11f95d 100755
--- a/model/file/pom.xml
+++ b/model/file/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/invalidation-cache/infinispan/pom.xml b/model/invalidation-cache/infinispan/pom.xml
index 4a1d6c8c02..2b9501b45f 100755
--- a/model/invalidation-cache/infinispan/pom.xml
+++ b/model/invalidation-cache/infinispan/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/invalidation-cache/model-adapters/pom.xml b/model/invalidation-cache/model-adapters/pom.xml
index 1be7be4967..ee61f1fb62 100755
--- a/model/invalidation-cache/model-adapters/pom.xml
+++ b/model/invalidation-cache/model-adapters/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/invalidation-cache/pom.xml b/model/invalidation-cache/pom.xml
index 211bac34e8..e48a4d02a5 100755
--- a/model/invalidation-cache/pom.xml
+++ b/model/invalidation-cache/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Model Invalidation Cache Parent</name>
diff --git a/model/jpa/pom.xml b/model/jpa/pom.xml
index 4e64488b61..d96c261c81 100755
--- a/model/jpa/pom.xml
+++ b/model/jpa/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/mongo/pom.xml b/model/mongo/pom.xml
index a8f4376032..df7f9d8e85 100755
--- a/model/mongo/pom.xml
+++ b/model/mongo/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/pom.xml b/model/pom.xml
index ba57f4eedd..1d2296dbe1 100755
--- a/model/pom.xml
+++ b/model/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <name>Keycloak Model Parent</name>
diff --git a/model/sessions-infinispan/pom.xml b/model/sessions-infinispan/pom.xml
index 56b15c514c..0093184f98 100755
--- a/model/sessions-infinispan/pom.xml
+++ b/model/sessions-infinispan/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/sessions-jpa/pom.xml b/model/sessions-jpa/pom.xml
index f8f52890c8..22250125f0 100755
--- a/model/sessions-jpa/pom.xml
+++ b/model/sessions-jpa/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/sessions-mem/pom.xml b/model/sessions-mem/pom.xml
index 86b9559415..f630a80138 100755
--- a/model/sessions-mem/pom.xml
+++ b/model/sessions-mem/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/model/sessions-mongo/pom.xml b/model/sessions-mongo/pom.xml
index b8561553b4..3774a6f462 100755
--- a/model/sessions-mongo/pom.xml
+++ b/model/sessions-mongo/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/pom.xml b/pom.xml
index 5986f6cb5c..e3b8aa2c53 100755
--- a/pom.xml
+++ b/pom.xml
@@ -14,7 +14,7 @@
     </description>
     <groupId>org.keycloak</groupId>
     <artifactId>keycloak-parent</artifactId>
-    <version>1.3.0.Final-SNAPSHOT</version>
+    <version>1.4.0.Final-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <properties>
diff --git a/proxy/launcher/pom.xml b/proxy/launcher/pom.xml
index 5108980e5b..b1ed5aab55 100755
--- a/proxy/launcher/pom.xml
+++ b/proxy/launcher/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/proxy/pom.xml b/proxy/pom.xml
index 3ca449f076..f8d5e7d1c8 100755
--- a/proxy/pom.xml
+++ b/proxy/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <name>Model Parent</name>
diff --git a/proxy/proxy-server/pom.xml b/proxy/proxy-server/pom.xml
index 0ea7a7620e..efd01b095c 100755
--- a/proxy/proxy-server/pom.xml
+++ b/proxy/proxy-server/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/saml/pom.xml b/saml/pom.xml
index 2fb6a884a5..03f03b9fb6 100755
--- a/saml/pom.xml
+++ b/saml/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <name>Keycloak SAML Integration</name>
diff --git a/saml/saml-core/pom.xml b/saml/saml-core/pom.xml
index 0254ab6762..cbda57421c 100755
--- a/saml/saml-core/pom.xml
+++ b/saml/saml-core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/saml/saml-protocol/pom.xml b/saml/saml-protocol/pom.xml
index d7b3ebb11b..32028fb2a6 100755
--- a/saml/saml-protocol/pom.xml
+++ b/saml/saml-protocol/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/services/pom.xml b/services/pom.xml
index e39e84628b..b3017a0ed5 100755
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/core/pom.xml b/social/core/pom.xml
index 5b672730cc..0cfc94ad85 100755
--- a/social/core/pom.xml
+++ b/social/core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/facebook/pom.xml b/social/facebook/pom.xml
index 7c9c02f842..68c735787c 100755
--- a/social/facebook/pom.xml
+++ b/social/facebook/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/github/pom.xml b/social/github/pom.xml
index 3bd1354145..c969296b3a 100755
--- a/social/github/pom.xml
+++ b/social/github/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/google/pom.xml b/social/google/pom.xml
index 86891716fe..2a9f40eeb3 100755
--- a/social/google/pom.xml
+++ b/social/google/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/linkedin/pom.xml b/social/linkedin/pom.xml
index 01232bdd8b..b6c80c5519 100755
--- a/social/linkedin/pom.xml
+++ b/social/linkedin/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/pom.xml b/social/pom.xml
index 557d4493ed..ab75ead0e2 100755
--- a/social/pom.xml
+++ b/social/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/stackoverflow/pom.xml b/social/stackoverflow/pom.xml
index 97e4dbf459..f50476974d 100755
--- a/social/stackoverflow/pom.xml
+++ b/social/stackoverflow/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/social/twitter/pom.xml b/social/twitter/pom.xml
index 43943fd11a..b2bc524d67 100755
--- a/social/twitter/pom.xml
+++ b/social/twitter/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-social-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/docker-cluster/pom.xml b/testsuite/docker-cluster/pom.xml
index bfe532ba45..180a636c86 100755
--- a/testsuite/docker-cluster/pom.xml
+++ b/testsuite/docker-cluster/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/testsuite/integration-arquillian/pom.xml b/testsuite/integration-arquillian/pom.xml
index 2435a1a57e..c297bdd7de 100644
--- a/testsuite/integration-arquillian/pom.xml
+++ b/testsuite/integration-arquillian/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml
index 6b5051a53c..0fe7b8cbf8 100755
--- a/testsuite/integration/pom.xml
+++ b/testsuite/integration/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/jetty/jetty81/pom.xml b/testsuite/jetty/jetty81/pom.xml
index 353d2d40af..0ec5e04148 100755
--- a/testsuite/jetty/jetty81/pom.xml
+++ b/testsuite/jetty/jetty81/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/jetty/jetty91/pom.xml b/testsuite/jetty/jetty91/pom.xml
index 7d9b91389d..93f1ef231a 100755
--- a/testsuite/jetty/jetty91/pom.xml
+++ b/testsuite/jetty/jetty91/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/jetty/jetty92/pom.xml b/testsuite/jetty/jetty92/pom.xml
index 3f72eb1ebc..352c3874bd 100755
--- a/testsuite/jetty/jetty92/pom.xml
+++ b/testsuite/jetty/jetty92/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/performance/pom.xml b/testsuite/performance/pom.xml
index 5fcb5fc27a..77a5a72c59 100755
--- a/testsuite/performance/pom.xml
+++ b/testsuite/performance/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/pom.xml b/testsuite/pom.xml
index 0f7b6a67ce..091d0ec3d6 100755
--- a/testsuite/pom.xml
+++ b/testsuite/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/proxy/pom.xml b/testsuite/proxy/pom.xml
index 164329618e..de6e1a0d98 100755
--- a/testsuite/proxy/pom.xml
+++ b/testsuite/proxy/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/tomcat6/pom.xml b/testsuite/tomcat6/pom.xml
index d10d244cb1..22a0d833a1 100755
--- a/testsuite/tomcat6/pom.xml
+++ b/testsuite/tomcat6/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/tomcat7/pom.xml b/testsuite/tomcat7/pom.xml
index 20934d35cd..8dc36b4723 100755
--- a/testsuite/tomcat7/pom.xml
+++ b/testsuite/tomcat7/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/testsuite/tomcat8/pom.xml b/testsuite/tomcat8/pom.xml
index 0377697f47..bf4c39a599 100755
--- a/testsuite/tomcat8/pom.xml
+++ b/testsuite/tomcat8/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-testsuite-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
diff --git a/timer/api/pom.xml b/timer/api/pom.xml
index f51b947f9c..23d6470fdf 100755
--- a/timer/api/pom.xml
+++ b/timer/api/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-timer-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/timer/basic/pom.xml b/timer/basic/pom.xml
index cde6e33afc..1017fced59 100755
--- a/timer/basic/pom.xml
+++ b/timer/basic/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-timer-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/timer/pom.xml b/timer/pom.xml
index 912db1f4e0..de37631a91 100755
--- a/timer/pom.xml
+++ b/timer/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

From 28a50df746827d01e9fbc2402677d08580fd5542 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 12 Jun 2015 15:33:22 +0200
Subject: [PATCH 47/53] KEYCLOAK-1411 DefaultCacheUserProvider addUser returns
 UserModel instance which is not cached/managed by the cache

---
 .../cache/DefaultCacheUserProvider.java       | 17 +++++++---
 .../keycloak/testsuite/model/CacheTest.java   | 33 ++++++++++++++++---
 2 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheUserProvider.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheUserProvider.java
index a37e2a4e47..2f766e0aa4 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheUserProvider.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/DefaultCacheUserProvider.java
@@ -31,9 +31,9 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
     protected boolean transactionActive;
     protected boolean setRollbackOnly;
 
-    protected Map<String, String> userInvalidations = new HashMap<String, String>();
-    protected Set<String> realmInvalidations = new HashSet<String>();
-    protected Map<String, UserModel> managedUsers = new HashMap<String, UserModel>();
+    protected Map<String, String> userInvalidations = new HashMap<>();
+    protected Set<String> realmInvalidations = new HashSet<>();
+    protected Map<String, UserModel> managedUsers = new HashMap<>();
 
     protected boolean clearAll;
 
@@ -131,6 +131,7 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
         if (cached == null) {
             UserModel model = getDelegate().getUserById(id, realm);
             if (model == null) return null;
+            if (managedUsers.containsKey(id)) return managedUsers.get(id);
             if (userInvalidations.containsKey(id)) return model;
             cached = new CachedUser(realm, model);
             cache.addCachedUser(realm.getId(), cached);
@@ -155,6 +156,7 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
         if (cached == null) {
             UserModel model = getDelegate().getUserByUsername(username, realm);
             if (model == null) return null;
+            if (managedUsers.containsKey(model.getId())) return managedUsers.get(model.getId());
             if (userInvalidations.containsKey(model.getId())) return model;
             cached = new CachedUser(realm, model);
             cache.addCachedUser(realm.getId(), cached);
@@ -181,6 +183,7 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
         if (cached == null) {
             UserModel model = getDelegate().getUserByEmail(email, realm);
             if (model == null) return null;
+            if (managedUsers.containsKey(model.getId())) return managedUsers.get(model.getId());
             if (userInvalidations.containsKey(model.getId())) return model;
             cached = new CachedUser(realm, model);
             cache.addCachedUser(realm.getId(), cached);
@@ -251,12 +254,16 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
 
     @Override
     public UserModel addUser(RealmModel realm, String id, String username, boolean addDefaultRoles) {
-        return getDelegate().addUser(realm, id, username, addDefaultRoles);
+        UserModel user = getDelegate().addUser(realm, id, username, addDefaultRoles);
+        managedUsers.put(user.getId(), user);
+        return user;
     }
 
     @Override
     public UserModel addUser(RealmModel realm, String username) {
-        return getDelegate().addUser(realm, username);
+        UserModel user = getDelegate().addUser(realm, username);
+        managedUsers.put(user.getId(), user);
+        return user;
     }
 
     @Override
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/CacheTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/CacheTest.java
index e16ae053ec..5f8371c663 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/CacheTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/CacheTest.java
@@ -5,11 +5,11 @@ import java.util.List;
 import org.junit.Assert;
 import org.junit.ClassRule;
 import org.junit.Test;
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
+import org.keycloak.models.*;
 import org.keycloak.testsuite.rule.KeycloakRule;
 
+import static org.junit.Assert.assertNotNull;
+
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
@@ -26,7 +26,7 @@ public class CacheTest {
             KeycloakSession session = kc.startSession();
             RealmModel realm = session.realms().getRealmByName("test");
             ClientModel testApp = realm.getClientByClientId("test-app");
-            Assert.assertNotNull(testApp);
+            assertNotNull(testApp);
             appId = testApp.getId();
             Assert.assertTrue(testApp.isEnabled());
             kc.stopSession(session, true);
@@ -48,7 +48,7 @@ public class CacheTest {
             Assert.assertTrue(realm instanceof org.keycloak.models.cache.RealmAdapter);
             realm.setAccessCodeLifespanLogin(200);
             ClientModel testApp = realm.getClientByClientId("test-app");
-            Assert.assertNotNull(testApp);
+            assertNotNull(testApp);
             testApp.setEnabled(false);
             kc.stopSession(session, true);
         }
@@ -65,4 +65,27 @@ public class CacheTest {
 
 
     }
+
+    @Test
+    public void testAddUserNotAddedToCache() {
+        KeycloakSession session = kc.startSession();
+        try {
+            RealmModel realm = session.realms().getRealmByName("test");
+
+            UserModel user = session.users().addUser(realm, "testAddUserNotAddedToCache");
+            user.setFirstName("firstName");
+            user.addRequiredAction(UserModel.RequiredAction.CONFIGURE_TOTP);
+
+            UserSessionModel userSession = session.sessions().createUserSession(realm, user, "testAddUserNotAddedToCache", "127.0.0.1", "auth", false, null, null);
+            UserModel user2 = userSession.getUser();
+
+            user.setLastName("lastName");
+
+            assertNotNull(user2.getLastName());
+        } finally {
+            session.getTransaction().commit();
+            session.close();
+        }
+    }
+
 }

From 162f31baa2879e4d08252b402fe3b5b067a21866 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 12 Jun 2015 16:13:51 +0200
Subject: [PATCH 48/53] Update server and adapter install docs

---
 .../modules/MigrationFromOlderVersions.xml    | 21 ++++++++++++
 .../en/en-US/modules/jboss-adapter.xml        | 12 +++++--
 .../en/en-US/modules/server-installation.xml  | 33 +++----------------
 3 files changed, 35 insertions(+), 31 deletions(-)

diff --git a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
index 68e48b4a1e..f4fdec29c8 100755
--- a/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
+++ b/docbook/reference/en/en-US/modules/MigrationFromOlderVersions.xml
@@ -102,6 +102,27 @@
                     to newer version and upgrade few methods, which has changed signature. Changes are really minor, but were needed to improve performance of federation.
                 </para>
             </simplesect>
+            <simplesect>
+                <title>WildFly 9.0.0.CR2</title>
+                <para>
+                    Following on from the distribution changes that was done in the last release the standalone download
+                    of Keycloak is now based on WildFly 9.0.0.CR2. This als affects the overlay which can only be deployed
+                    to WildFly 9.0.0.CR2 or JBoss EAP 6.4.0.GA. WildFly 8.2.0.Final is no longer supported for the server.
+                </para>
+            </simplesect>
+            <simplesect>
+                <title>WildFly, JBoss EAP and JBoss AS7 adapters</title>
+                <para>
+                    There are now 3 separate adapter downloads for WildFly, JBoss EAP and JBoss AS7:
+                    <itemizedlist>
+                        <listitem><literal>eap6</literal> - for JBoss EAP 6.x</listitem>
+                        <listitem><literal>wf9</literal> - for WildFly 9.x</listitem>
+                        <listitem><literal>wf8</literal> - for WildFly 8.x</listitem>
+                        <listitem><literal>as7</literal> - for JBoss AS 7.x</listitem>
+                    </itemizedlist>
+                    Make sure you grab the correct one.
+                </para>
+            </simplesect>
         </section>
         <section>
             <title>Migrating from 1.2.0.Beta1 to 1.2.0.RC1</title>
diff --git a/docbook/reference/en/en-US/modules/jboss-adapter.xml b/docbook/reference/en/en-US/modules/jboss-adapter.xml
index c89d9b1315..3995447e24 100755
--- a/docbook/reference/en/en-US/modules/jboss-adapter.xml
+++ b/docbook/reference/en/en-US/modules/jboss-adapter.xml
@@ -14,10 +14,17 @@
         the Keycloak download site.  They are also available as a maven artifact.
     </para>
     <para>
-        Install on Wildfly:
+        Install on Wildfly 9:
 <programlisting>
 $ cd $WILDFLY_HOME
-$ unzip keycloak-wildfly-adapter-dist.zip
+$ unzip keycloak-wf9-adapter-dist.zip
+</programlisting>
+    </para>
+    <para>
+        Install on Wildfly 8:
+<programlisting>
+$ cd $WILDFLY_HOME
+$ unzip keycloak-wf8-adapter-dist.zip
 </programlisting>
     </para>
     <para>
@@ -56,7 +63,6 @@ $ unzip keycloak-as7-adapter-dist.zip
     </profile>
 ]]>
 </programlisting>
-<note>For AS7, the extension module is org.keycloak.keycloak-as7-subsystem.</note>
     </para>
         <para>
             Finally, you must specify a shared keycloak security domain.
diff --git a/docbook/reference/en/en-US/modules/server-installation.xml b/docbook/reference/en/en-US/modules/server-installation.xml
index 9c321a2e8b..214d88af49 100755
--- a/docbook/reference/en/en-US/modules/server-installation.xml
+++ b/docbook/reference/en/en-US/modules/server-installation.xml
@@ -43,9 +43,9 @@
 
 
         <section id="overlay_install">
-            <title>Install on existing WildFly 8.2.0.Final</title>
+            <title>Install on existing WildFly 9.0.0.CR2</title>
             <para>
-                Keycloak can be installed into an existing WildFly 8.2.0.Final server. To do this download
+                Keycloak can be installed into an existing WildFly 9.0.0.CR2 server. To do this download
                 <literal>keycloak-overlay-&project.version;.zip</literal> or  <literal>keycloak-overlay-&project.version;.tar.gz</literal>.
                 Once downloaded extract into the root directory of your WildFly installation. To start WildFly with Keycloak
                 run:
@@ -72,32 +72,9 @@
             </para>
         </section>
         <section>
-            <title>Install on existing EAP 6.4.0.GA</title>
+            <title>Install on existing JBoss EAP 6.4.0.GA</title>
             <para>
-                Keycloak can be installed into an existing EAP 6.4.0.GA server. To do this download
-                <literal>keycloak-overlay-&project.version;.zip</literal> or  <literal>keycloak-overlay-&project.version;.tar.gz</literal>.
-                Once downloaded extract into the root directory of your EAP installation.
-            </para>
-            <para>
-                To add Keycloak to the a EAP sever configurations (standalone.xml, standalone-ha.xml, etc.) open
-                <literal>standalone/configuration/standalone-keycloak.xml</literal> and the configuration you want to add it
-                to, for example <literal>standalone/configuration/standalone.xml</literal>. From <literal>standalone-keycloak.xml</literal>
-                you need to copy 3 elements:
-                <itemizedlist>
-                    <listitem><literal>&lt;extension module="org.keycloak.keycloak-subsystem"/&gt;</literal></listitem>
-                    <listitem><literal>&lt;datasource jndi-name="java:jboss/datasources/KeycloakDS" ...&gt;</literal></listitem>
-                    <listitem><literal>&lt;subsystem xmlns="urn:jboss:domain:keycloak:1.0" ...&gt;</literal></listitem>
-                </itemizedlist>
-                <note>
-                    <literal>standalone-keycloak.xml</literal> is aimed at WildFly and won't work with EAP so you need to
-                    copy the required configuration
-                </note>
-            </para>
-            <para>
-                Once the server is started log into the admin console at
-                <ulink url="http://localhost:8080/auth/admin/index.html">http://localhost:8080/auth/admin/index.html</ulink>
-                (username: <emphasis>admin</emphasis> and password: <emphasis>admin</emphasis>). Keycloak will then prompt you to
-                enter in a new password.
+                Same procedure as JBoss EAP 6.4.0.GA, but download <literal>keycloak-overlay-eap6-&project.version;.zip</literal> or  <literal>keycloak-overlay-eap6-&project.version;.tar.gz</literal>.
             </para>
         </section>
         <section>
@@ -107,7 +84,7 @@
                 To install it first download <literal>keycloak-demo-&project.version;.zip</literal> or
                 <literal>keycloak-demo-&project.version;.tar.gz</literal>. Once downloaded extract it inside
                 <literal>keycloak-demo-&project.version;</literal> you'll find <literal>keycloak</literal> which contains
-                a full WildFly 8.2.0.Final server with Keycloak Server and Adapters included. You'll also find <literal>docs</literal>
+                a full WildFly 9.0.0.CR2 server with Keycloak Server and Adapters included. You'll also find <literal>docs</literal>
                 and <literal>examples</literal> which contains everything you need to get started developing applications that use Keycloak.
             </para>
             <para>

From afe088a9e8726d1f18638317c392dd622a0586a1 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Fri, 12 Jun 2015 16:05:50 +0200
Subject: [PATCH 49/53] Fix Oracle together with Sybase

---
 .../src/main/resources/META-INF/jpa-changelog-1.3.0.xml         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.xml
index db1adb8309..d0d44a3e0c 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.xml
@@ -134,7 +134,7 @@
         <dropColumn tableName="IDENTITY_PROVIDER" columnName="UPDATE_PROFILE_FIRST_LOGIN"/>
         
         <addColumn tableName="USER_REQUIRED_ACTION">
-            <column name="REQUIRED_ACTION" type="VARCHAR(255)" defaultValue="">
+            <column name="REQUIRED_ACTION" type="VARCHAR(255)" defaultValue=" ">
                 <constraints nullable="false"/>
             </column>
         </addColumn>

From 5c8e165080d606ad8a5377774080c7c664a1146a Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Fri, 12 Jun 2015 16:59:04 +0200
Subject: [PATCH 50/53] Enable liquibase trace logging with JPA profile

---
 testsuite/integration/pom.xml                             | 2 ++
 testsuite/integration/src/test/resources/log4j.properties | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml
index 0fe7b8cbf8..98bdf98e15 100755
--- a/testsuite/integration/pom.xml
+++ b/testsuite/integration/pom.xml
@@ -381,6 +381,8 @@
                                 <keycloak.user.provider>jpa</keycloak.user.provider>
                                 <keycloak.eventsStore.provider>jpa</keycloak.eventsStore.provider>
                                 <keycloak.userSessions.provider>jpa</keycloak.userSessions.provider>
+
+                                <keycloak.liquibase.logging.level>trace</keycloak.liquibase.logging.level>
                             </systemPropertyVariables>
                         </configuration>
                     </plugin>
diff --git a/testsuite/integration/src/test/resources/log4j.properties b/testsuite/integration/src/test/resources/log4j.properties
index 98e8f6bbfb..c4ff48b95b 100755
--- a/testsuite/integration/src/test/resources/log4j.properties
+++ b/testsuite/integration/src/test/resources/log4j.properties
@@ -14,8 +14,11 @@ log4j.logger.org.keycloak=info
 # log4j.logger.org.keycloak.provider.ProviderManager=debug
 # log4j.logger.org.keycloak.provider.FileSystemProviderLoaderFactory=debug
 
+# Liquibase updates logged with "info" by default. Logging level can be changed by system property "keycloak.liquibase.logging.level"
+keycloak.liquibase.logging.level=info
+log4j.logger.org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider=${keycloak.liquibase.logging.level}
+
 # Enable to view database updates
-# log4j.logger.org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider=trace
 # log4j.logger.org.keycloak.connections.mongo.updater.DefaultMongoUpdaterProvider=debug
 # log4j.logger.org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory=debug
 # log4j.logger.org.keycloak.migration.MigrationModelManager=debug

From 20e245cb0532d8247141016c39e658eb4e6ab40f Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Fri, 12 Jun 2015 18:59:49 +0200
Subject: [PATCH 51/53] KEYCLOAK-1298 Fix constraint names to be uppercased

---
 .../resources/META-INF/jpa-changelog-1.3.0.xml    | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.xml
index d0d44a3e0c..8b2124635d 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.xml
@@ -177,9 +177,22 @@
         <dropDefaultValue tableName="REALM" columnName="PASSWORD_CRED_GRANT_ALLOWED" />
         <dropColumn tableName="REALM" columnName="PASSWORD_CRED_GRANT_ALLOWED"/>
 
+        <!-- KEYCLOAK-1298 Change constraint names to be upper-cased -->
+        <dropForeignKeyConstraint baseTableName="PROTOCOL_MAPPER_CONFIG" constraintName="FK_PMConfig" />
+        <dropPrimaryKey constraintName="CONSTRAINT_PMConfig" tableName="PROTOCOL_MAPPER_CONFIG"/>
+        <addPrimaryKey columnNames="PROTOCOL_MAPPER_ID, NAME" constraintName="CONSTRAINT_PMCONFIG" tableName="PROTOCOL_MAPPER_CONFIG"/>
+        <addForeignKeyConstraint baseColumnNames="PROTOCOL_MAPPER_ID" baseTableName="PROTOCOL_MAPPER_CONFIG" constraintName="FK_PMCONFIG" referencedColumnNames="ID" referencedTableName="PROTOCOL_MAPPER"/>
+
+        <dropForeignKeyConstraint baseTableName="IDP_MAPPER_CONFIG" constraintName="FK_IDPMConfig" />
+        <dropPrimaryKey constraintName="CONSTRAINT_IDPMConfig" tableName="IDP_MAPPER_CONFIG"/>
+        <addPrimaryKey columnNames="IDP_MAPPER_ID, NAME" constraintName="CONSTRAINT_IDPMCONFIG" tableName="IDP_MAPPER_CONFIG"/>
+        <addForeignKeyConstraint baseColumnNames="IDP_MAPPER_ID" baseTableName="IDP_MAPPER_CONFIG" constraintName="FK_IDPMCONFIG" referencedColumnNames="ID" referencedTableName="IDENTITY_PROVIDER_MAPPER"/>
+
         <!-- Sybase specific hacks -->
         <modifySql dbms="sybase">
-            <replace replace="DROP PRIMARY KEY" with="DROP CONSTRAINT CONSTRAINT_2" />
+            <replace replace="[USER_REQUIRED_ACTION] DROP PRIMARY KEY" with="[USER_REQUIRED_ACTION] DROP CONSTRAINT CONSTRAINT_2" />
+            <replace replace="[PROTOCOL_MAPPER_CONFIG] DROP PRIMARY KEY" with="[PROTOCOL_MAPPER_CONFIG] DROP CONSTRAINT CONSTRAINT_PMConfig" />
+            <replace replace="[IDP_MAPPER_CONFIG] DROP PRIMARY KEY" with="[IDP_MAPPER_CONFIG] DROP CONSTRAINT CONSTRAINT_IDPMConfig" />
             <regExpReplace replace=".*(SET DEFAULT NULL)" with="SELECT 1" />
         </modifySql>
 

From a1124c9e1fc2c7448b61d81a38b2fbb182fdb45a Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Fri, 12 Jun 2015 19:40:56 +0200
Subject: [PATCH 52/53] KEYCLOAK-1260 Upgrade h2 version to fix locking issues
 in SAMLKeyCloakServerBrokerWithSignatureTest

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e3b8aa2c53..322d156fc9 100755
--- a/pom.xml
+++ b/pom.xml
@@ -42,7 +42,7 @@
         <xnio.netty.netty-xnio-transport.version>0.1.1.Final</xnio.netty.netty-xnio-transport.version>
         <hibernate.javax.persistence.version>1.0.1.Final</hibernate.javax.persistence.version>
         <hibernate.entitymanager.version>4.0.1.Final</hibernate.entitymanager.version>
-        <h2.version>1.3.168</h2.version>
+        <h2.version>1.4.187</h2.version>
         <mysql.version>5.1.29</mysql.version>
         <postgresql.version>9.3-1100-jdbc41</postgresql.version>
         <dom4j.version>1.6.1</dom4j.version>

From 87636669ae5a13a8cc956b01d432c90549bc43a1 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Mon, 15 Jun 2015 07:39:46 +0200
Subject: [PATCH 53/53] Fix testsuite/docker-cluster deps

---
 pom.xml                          | 2 +-
 testsuite/docker-cluster/pom.xml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 322d156fc9..0bb8beb794 100755
--- a/pom.xml
+++ b/pom.xml
@@ -1137,7 +1137,7 @@
             </dependency>
             <dependency>
                 <groupId>org.keycloak</groupId>
-                <artifactId>keycloak-wildfly-adapter-dist</artifactId>
+                <artifactId>keycloak-wf8-adapter-dist</artifactId>
                 <version>${project.version}</version>
                 <type>zip</type>
             </dependency>
diff --git a/testsuite/docker-cluster/pom.xml b/testsuite/docker-cluster/pom.xml
index 180a636c86..6de2d2c068 100755
--- a/testsuite/docker-cluster/pom.xml
+++ b/testsuite/docker-cluster/pom.xml
@@ -21,7 +21,7 @@
         </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-adapter-dist</artifactId>
+            <artifactId>keycloak-wf8-adapter-dist</artifactId>
             <type>zip</type>
         </dependency>
         <dependency>
@@ -69,7 +69,7 @@
                                 </artifactItem>
                                 <artifactItem>
                                     <groupId>org.keycloak</groupId>
-                                    <artifactId>keycloak-wildfly-adapter-dist</artifactId>
+                                    <artifactId>keycloak-wf8-adapter-dist</artifactId>
                                     <type>zip</type>
                                     <version>${project.version}</version>
                                     <outputDirectory>${project.build.directory}/wildfly-adapter</outputDirectory>