diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java
index 557fc82ec9..cdf0656750 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java
@@ -23,7 +23,6 @@ import org.keycloak.credential.CredentialInput;
 import org.keycloak.models.ClientScopeModel;
 import org.keycloak.models.CredentialValidationOutput;
 import org.keycloak.models.IdentityProviderModel;
-import org.keycloak.models.LegacySessionSupportProvider;
 import org.keycloak.models.cache.infinispan.events.InvalidationEvent;
 import org.keycloak.common.constants.ServiceAccountConstants;
 import org.keycloak.component.ComponentModel;
@@ -377,7 +376,6 @@ public class UserCacheSession implements UserCache, OnCreateComponent, OnUpdateC
 
     private void onCache(RealmModel realm, UserAdapter adapter, UserModel delegate) {
         ((OnUserCache)getDelegate()).onCache(realm, adapter, delegate);
-        ((OnUserCache) session.getProvider(LegacySessionSupportProvider.class).userCredentialManager()).onCache(realm, adapter, delegate);
     }
 
     @Override
diff --git a/model/legacy-services/src/main/java/org/keycloak/credential/UserCredentialStoreManager.java b/model/legacy-services/src/main/java/org/keycloak/credential/UserCredentialStoreManager.java
deleted file mode 100644
index 97c3bcb5b4..0000000000
--- a/model/legacy-services/src/main/java/org/keycloak/credential/UserCredentialStoreManager.java
+++ /dev/null
@@ -1,210 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.credential;
-
-import org.jboss.logging.Logger;
-import org.keycloak.common.util.reflections.Types;
-import org.keycloak.models.CredentialValidationOutput;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserCredentialManager;
-import org.keycloak.models.UserModel;
-import org.keycloak.models.cache.CachedUserModel;
-import org.keycloak.models.cache.OnUserCache;
-
-import java.util.Arrays;
-import java.util.List;
-import java.util.stream.Stream;
-
-/**
- * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
- */
-@Deprecated
-public class UserCredentialStoreManager implements UserCredentialManager, OnUserCache {
-
-    private final static Logger log = Logger.getLogger(UserCredentialStoreManager.class);
-
-    private final KeycloakSession session;
-
-    public UserCredentialStoreManager(KeycloakSession session) {
-        this.session = session;
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public void updateCredential(RealmModel realm, UserModel user, CredentialModel cred) {
-        warnAboutUsage();
-        user.credentialManager().updateStoredCredential(cred);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public CredentialModel createCredential(RealmModel realm, UserModel user, CredentialModel cred) {
-        warnAboutUsage();
-        return user.credentialManager().createStoredCredential(cred);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public boolean removeStoredCredential(RealmModel realm, UserModel user, String id) {
-        warnAboutUsage();
-        return user.credentialManager().removeStoredCredentialById(id);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public CredentialModel getStoredCredentialById(RealmModel realm, UserModel user, String id) {
-        warnAboutUsage();
-        return user.credentialManager().getStoredCredentialById(id);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public Stream<CredentialModel> getStoredCredentialsStream(RealmModel realm, UserModel user) {
-        warnAboutUsage();
-        return user.credentialManager().getStoredCredentialsStream();
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public Stream<CredentialModel> getStoredCredentialsByTypeStream(RealmModel realm, UserModel user, String type) {
-        warnAboutUsage();
-        return user.credentialManager().getStoredCredentialsByTypeStream(type);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public CredentialModel getStoredCredentialByNameAndType(RealmModel realm, UserModel user, String name, String type) {
-        warnAboutUsage();
-        return user.credentialManager().getStoredCredentialByNameAndType(name, type);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public boolean moveCredentialTo(RealmModel realm, UserModel user, String id, String newPreviousCredentialId){
-        warnAboutUsage();
-        return user.credentialManager().moveStoredCredentialTo(id, newPreviousCredentialId);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public boolean isValid(RealmModel realm, UserModel user, CredentialInput... inputs) {
-        warnAboutUsage();
-        return isValid(realm, user, Arrays.asList(inputs));
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public CredentialModel createCredentialThroughProvider(RealmModel realm, UserModel user, CredentialModel model){
-        warnAboutUsage();
-        return user.credentialManager().createCredentialThroughProvider(model);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public void updateCredentialLabel(RealmModel realm, UserModel user, String credentialId, String userLabel){
-        warnAboutUsage();
-        user.credentialManager().updateCredentialLabel(credentialId, userLabel);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public boolean isValid(RealmModel realm, UserModel user, List<CredentialInput> inputs) {
-        warnAboutUsage();
-        return user.credentialManager().isValid(inputs);
-    }
-
-    @Deprecated // Keep this up to and including Keycloak 19, then inline
-    public static <T> Stream<T> getCredentialProviders(KeycloakSession session, Class<T> type) {
-        // called via #onCache()
-        // warnAboutUsage();
-        return session.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class)
-                .filter(f -> Types.supports(type, f, CredentialProviderFactory.class))
-                .map(f -> (T) session.getProvider(CredentialProvider.class, f.getId()));
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
-        warnAboutUsage();
-        return user.credentialManager().updateCredential(input);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public void disableCredentialType(RealmModel realm, UserModel user, String credentialType) {
-        warnAboutUsage();
-        user.credentialManager().disableCredentialType(credentialType);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public Stream<String> getDisableableCredentialTypesStream(RealmModel realm, UserModel user) {
-        warnAboutUsage();
-        return user.credentialManager().getDisableableCredentialTypesStream();
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public boolean isConfiguredFor(RealmModel realm, UserModel user, String type) {
-        warnAboutUsage();
-        return user.credentialManager().isConfiguredFor(type);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public boolean isConfiguredLocally(RealmModel realm, UserModel user, String type) {
-        warnAboutUsage();
-        return user.credentialManager().isConfiguredLocally(type);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public CredentialValidationOutput authenticate(KeycloakSession session, RealmModel realm, CredentialInput input) {
-        warnAboutUsage();
-        return session.users().getUserByCredential(realm, input);
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, then remove it together with the OnUserCache class
-    public void onCache(RealmModel realm, CachedUserModel user, UserModel delegate) {
-        // called by UserCacheSession#onCache, therefore don't warn here
-        // warnAboutUsage();
-        getCredentialProviders(session, OnUserCache.class).forEach(validator -> validator.onCache(realm, user, delegate));
-    }
-
-    @Override
-    @Deprecated // Keep this up to and including Keycloak 19, the use methods on user.userCredentialManager() instead
-    public Stream<String> getConfiguredUserStorageCredentialTypesStream(RealmModel realm, UserModel user) {
-        warnAboutUsage();
-        return user.credentialManager().getConfiguredUserStorageCredentialTypesStream();
-    }
-
-    @Override
-    public void close() {
-
-    }
-
-    private static void warnAboutUsage() {
-        if (log.isEnabled(Logger.Level.WARN)) {
-            // check if warning is enabled first before constructing the exception that is expensive to construct
-            log.warn("Calls to session.userCredentialManager() now deprecated. Use user.userCredentialManager() instead!", new RuntimeException());
-        }
-    }
-
-}
diff --git a/model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportProviderFactory.java b/model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportProviderFactory.java
deleted file mode 100644
index b8248a0e70..0000000000
--- a/model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportProviderFactory.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright 2022 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.services.legacysessionsupport;
-
-import org.keycloak.models.LegacySessionSupportProvider;
-import org.keycloak.provider.ProviderFactory;
-
-/**
- * @author Alexander Schwartz
- */
-public interface LegacySessionSupportProviderFactory<T extends LegacySessionSupportProvider> extends ProviderFactory<T> {
-}
diff --git a/model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportProviderFactoryImpl.java b/model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportProviderFactoryImpl.java
deleted file mode 100644
index 2e3845e557..0000000000
--- a/model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportProviderFactoryImpl.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright 2022 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.services.legacysessionsupport;
-
-import org.keycloak.Config;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.KeycloakSessionFactory;
-import org.keycloak.models.LegacySessionSupportProvider;
-
-/**
- * @author Alexander Schwartz
- */
-public class LegacySessionSupportProviderFactoryImpl implements LegacySessionSupportProviderFactory<LegacySessionSupportProvider> {
-
-    private static final String PROVIDER_ID = "default";
-
-    @Override
-    public LegacySessionSupportProvider create(KeycloakSession session) {
-        return new LegacySessionSupportProviderImpl(session);
-    }
-
-    @Override
-    public void init(Config.Scope config) {
-    }
-
-    @Override
-    public void postInit(KeycloakSessionFactory factory) {
-    }
-
-    @Override
-    public void close() {
-    }
-
-    @Override
-    public String getId() {
-        return PROVIDER_ID;
-    }
-
-}
diff --git a/model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportProviderImpl.java b/model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportProviderImpl.java
deleted file mode 100644
index 73860a0145..0000000000
--- a/model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportProviderImpl.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2022 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.services.legacysessionsupport;
-
-import org.keycloak.credential.UserCredentialStoreManager;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.UserCredentialManager;
-import org.keycloak.models.LegacySessionSupportProvider;
-import org.keycloak.models.cache.UserCache;
-
-/**
- * @author Alexander Schwartz
- */
-public class LegacySessionSupportProviderImpl implements LegacySessionSupportProvider {
-
-    private final KeycloakSession session;
-
-    public LegacySessionSupportProviderImpl(KeycloakSession session) {
-        this.session = session;
-    }
-
-    @Override
-    public void close() {
-
-    }
-
-    @Override
-    @Deprecated
-    public UserCredentialManager userCredentialManager() {
-        // UserCacheSession calls session.userCredentialManager().onCache(), therefore can't trigger a warning here at the moment.
-        return new UserCredentialStoreManager(session);
-    }
-
-}
diff --git a/model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportSpi.java b/model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportSpi.java
deleted file mode 100644
index 2a97c0df4c..0000000000
--- a/model/legacy-services/src/main/java/org/keycloak/services/legacysessionsupport/LegacySessionSupportSpi.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2022 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.services.legacysessionsupport;
-
-import org.keycloak.models.LegacySessionSupportProvider;
-import org.keycloak.provider.Provider;
-import org.keycloak.provider.Spi;
-
-/**
- * @author Alexander Schwartz
- */
-public class LegacySessionSupportSpi implements Spi {
-
-    @Override
-    public boolean isInternal() {
-        return true;
-    }
-
-    @Override
-    public String getName() {
-        return "legacy-session-support";
-    }
-
-    @Override
-    public Class<? extends Provider> getProviderClass() {
-        return LegacySessionSupportProvider.class;
-    }
-
-    @Override
-    public Class<? extends LegacySessionSupportProviderFactory> getProviderFactoryClass() {
-        return LegacySessionSupportProviderFactory.class;
-    }
-
-}
diff --git a/model/legacy-services/src/main/resources/META-INF/services/org.keycloak.provider.Spi b/model/legacy-services/src/main/resources/META-INF/services/org.keycloak.provider.Spi
deleted file mode 100644
index eb71290fb7..0000000000
--- a/model/legacy-services/src/main/resources/META-INF/services/org.keycloak.provider.Spi
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# Copyright 2023 Red Hat, Inc. and/or its affiliates
-# and other contributors as indicated by the @author tags.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-org.keycloak.services.legacysessionsupport.LegacySessionSupportSpi
\ No newline at end of file
diff --git a/model/legacy-services/src/main/resources/META-INF/services/org.keycloak.services.legacysessionsupport.LegacySessionSupportProviderFactory b/model/legacy-services/src/main/resources/META-INF/services/org.keycloak.services.legacysessionsupport.LegacySessionSupportProviderFactory
deleted file mode 100644
index 182d5fb380..0000000000
--- a/model/legacy-services/src/main/resources/META-INF/services/org.keycloak.services.legacysessionsupport.LegacySessionSupportProviderFactory
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# Copyright 2022 Red Hat, Inc. and/or its affiliates
-# and other contributors as indicated by the @author tags.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-org.keycloak.services.legacysessionsupport.LegacySessionSupportProviderFactoryImpl
\ No newline at end of file
diff --git a/model/legacy/src/main/java/org/keycloak/models/LegacySessionSupportProvider.java b/model/legacy/src/main/java/org/keycloak/models/LegacySessionSupportProvider.java
deleted file mode 100644
index d1de386bfd..0000000000
--- a/model/legacy/src/main/java/org/keycloak/models/LegacySessionSupportProvider.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright 2022 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.models;
-
-import org.keycloak.provider.Provider;
-
-/**
- * Support for elements in Keycloak's session that are deprecated.
- * This allows the deprecated implementations to be moved to the legacy module.
- *
- * @author Alexander Schwartz
- */
-public interface LegacySessionSupportProvider extends Provider {
-
-    @Deprecated
-    UserCredentialManager userCredentialManager();
-
-}
diff --git a/model/legacy/src/main/java/org/keycloak/models/UserCredentialManager.java b/model/legacy/src/main/java/org/keycloak/models/UserCredentialManager.java
deleted file mode 100644
index 3e66f52145..0000000000
--- a/model/legacy/src/main/java/org/keycloak/models/UserCredentialManager.java
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.models;
-
-import org.keycloak.credential.CredentialInput;
-import org.keycloak.credential.CredentialModel;
-import org.keycloak.credential.UserCredentialStore;
-
-import java.util.List;
-import java.util.stream.Stream;
-
-/**
- * Manage the credentials for a user.
- *
- * @deprecated Instead of this class, use {@link UserModel#credentialManager()} instead.
- * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
- */
-@Deprecated
-public interface UserCredentialManager extends UserCredentialStore {
-
-    /**
-     * Validates list of credentials.  Will call UserStorageProvider and UserFederationProviders first, then loop through
-     * each CredentialProvider.
-     *
-     * @param realm
-     * @param user
-     * @param inputs
-     * @return
-     */
-    boolean isValid(RealmModel realm, UserModel user, List<CredentialInput> inputs);
-
-    /**
-     * Validates list of credentials.  Will call UserStorageProvider and UserFederationProviders first, then loop through
-     * each CredentialProvider.
-     *
-     * @param realm
-     * @param user
-     * @param inputs
-     * @return
-     */
-    boolean isValid(RealmModel realm, UserModel user, CredentialInput... inputs);
-
-    /**
-     * Updates a credential.  Will call UserStorageProvider and UserFederationProviders first, then loop through
-     * each CredentialProvider.  Update is finished whenever any one provider returns true.
-     *
-     * @param realm
-     * @param user
-     * @return true if credential was successfully updated by UserStorage or any CredentialInputUpdater
-     */
-    boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input);
-
-    /**
-     * Creates a credential from the credentialModel, by looping through the providers to find a match for the type
-     * @param realm
-     * @param user
-     * @param model
-     * @return
-     */
-    CredentialModel createCredentialThroughProvider(RealmModel realm, UserModel user, CredentialModel model);
-
-    /**
-     * Updates the credential label and invalidates the cache for the user.
-     * @param realm
-     * @param user
-     * @param credentialId
-     * @param userLabel
-     */
-    void updateCredentialLabel(RealmModel realm, UserModel user, String credentialId, String userLabel);
-
-    /**
-     * Calls disableCredential on UserStorageProvider and UserFederationProviders first, then loop through
-     * each CredentialProvider.
-     *
-     * @param realm
-     * @param user
-     * @param credentialType
-     */
-    void disableCredentialType(RealmModel realm, UserModel user, String credentialType);
-
-    /**
-     * Obtains the credential types that can be disabled.
-     * method.
-     *
-     * @param realm a reference to the realm.
-     * @param user the user whose credentials are being searched.
-     * @return a non-null {@link Stream} of credential types.
-     *
-     * @deprecated Use {@link UserModel#credentialManager()} and then call {@link SubjectCredentialManager#getDisableableCredentialTypesStream()}
-     */
-    default Stream<String> getDisableableCredentialTypesStream(RealmModel realm, UserModel user) {
-        return user.credentialManager().getDisableableCredentialTypesStream();
-    }
-
-    /**
-     * Checks to see if user has credential type configured.  Looks in UserStorageProvider or UserFederationProvider first,
-     * then loops through each CredentialProvider.
-     *
-     * @param realm
-     * @param user
-     * @param type
-     * @return
-     */
-    boolean isConfiguredFor(RealmModel realm, UserModel user, String type);
-
-    /**
-     * Only loops through each CredentialProvider to see if credential type is configured for the user.
-     * This allows UserStorageProvider and UserFederationProvider isValid() implementations to punt to local storage
-     * when validating a credential that has been overriden in Keycloak storage.
-     *
-     * @param realm
-     * @param user
-     * @param type
-     * @return
-     */
-    boolean isConfiguredLocally(RealmModel realm, UserModel user, String type);
-
-    /**
-     * Given a CredentialInput, authenticate the user.  This is used in the case where the credential must be processed
-     * to determine and find the user.  An example is Kerberos where the kerberos token might be validated and processed
-     * by a variety of different storage providers.
-     *
-     *
-     * @param session
-     * @param realm
-     * @param input
-     * @return
-     */
-    CredentialValidationOutput authenticate(KeycloakSession session, RealmModel realm, CredentialInput input);
-
-    /**
-     * Obtains the credential types provided by the user storage where the specified user is stored. Examples of returned
-     * values are "password", "otp", etc.
-     * <p/>
-     * This method will always return an empty stream for "local" users - i.e. users that are not backed by any user storage.
-     *
-     * @param realm a reference to the realm.
-     * @param user a reference to the user.
-     * @return a non-null {@link Stream} of credential types.
-     *
-     * @deprecated Use {@link UserModel#credentialManager()} and then call {@link SubjectCredentialManager#getConfiguredUserStorageCredentialTypesStream()}
-     */
-    default Stream<String> getConfiguredUserStorageCredentialTypesStream(RealmModel realm, UserModel user) {
-        return user.credentialManager().getConfiguredUserStorageCredentialTypesStream();
-    }
-
-    /**
-     * @deprecated This interface is no longer necessary, collection-based methods were removed from the parent interface
-     * and therefore the parent interface can be used directly
-     */
-    @Deprecated
-    interface Streams extends UserCredentialManager, UserCredentialStore {
-    }
-}
diff --git a/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/Infinispan.java b/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/Infinispan.java
index 54b3235689..cc15ca41a8 100644
--- a/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/Infinispan.java
+++ b/testsuite/model/src/test/java/org/keycloak/testsuite/model/parameters/Infinispan.java
@@ -33,8 +33,6 @@ import org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionPr
 import org.keycloak.models.sessions.infinispan.InfinispanSingleUseObjectProviderFactory;
 import org.keycloak.models.sessions.infinispan.InfinispanUserLoginFailureProviderFactory;
 import org.keycloak.models.sessions.infinispan.InfinispanUserSessionProviderFactory;
-import org.keycloak.services.legacysessionsupport.LegacySessionSupportProviderFactory;
-import org.keycloak.services.legacysessionsupport.LegacySessionSupportSpi;
 import org.keycloak.sessions.AuthenticationSessionSpi;
 import org.keycloak.sessions.StickySessionEncoderProviderFactory;
 import org.keycloak.sessions.StickySessionEncoderSpi;
@@ -72,8 +70,6 @@ public class Infinispan extends KeycloakModelParameters {
       .add(PublicKeyStorageSpi.class)
       .add(CachePublicKeyProviderSpi.class)
 
-      .add(LegacySessionSupportSpi.class) // necessary as it will call session.userCredentialManager().onCache()
-
       .build();
 
     static final Set<Class<? extends ProviderFactory>> ALLOWED_FACTORIES = ImmutableSet.<Class<? extends ProviderFactory>>builder()
@@ -90,7 +86,6 @@ public class Infinispan extends KeycloakModelParameters {
       .add(TimerProviderFactory.class)
       .add(InfinispanPublicKeyStorageProviderFactory.class)
       .add(InfinispanCachePublicKeyProviderFactory.class)
-      .add(LegacySessionSupportProviderFactory.class)
       .build();
 
     @Override