diff --git a/distribution/modules/build.xml b/distribution/modules/build.xml
index 80ff507230..3c87a2f543 100755
--- a/distribution/modules/build.xml
+++ b/distribution/modules/build.xml
@@ -46,6 +46,12 @@
+
+
+
+
+
+
diff --git a/distribution/modules/pom.xml b/distribution/modules/pom.xml
index 9b69d37f60..aa14cb033a 100755
--- a/distribution/modules/pom.xml
+++ b/distribution/modules/pom.xml
@@ -144,6 +144,12 @@
org.jboss.aesh
aesh
+
+
+ org.bouncycastle
+ bcmail-jdk15on
+
+
diff --git a/distribution/modules/src/main/resources/modules/org/bouncycastle/main/module.xml b/distribution/modules/src/main/resources/modules/org/bouncycastle/main/module.xml
new file mode 100644
index 0000000000..c32565fb26
--- /dev/null
+++ b/distribution/modules/src/main/resources/modules/org/bouncycastle/main/module.xml
@@ -0,0 +1,13 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/examples/demo-template/README.md.unconfigured b/examples/demo-template/README.md.unconfigured
index 73279e09c1..2752997a39 100755
--- a/examples/demo-template/README.md.unconfigured
+++ b/examples/demo-template/README.md.unconfigured
@@ -129,7 +129,7 @@ Then edit `/standalone/configuration/standalone.xml` and add the f
demo
product-portal
- 484ba263-8bb5-4048-bb6f-40da75e9eefb
+ APPLICATION SECRET
In the above snippet replace the following:
diff --git a/examples/kerberos/README.md b/examples/kerberos/README.md
index 5acdb624ba..f594fa5492 100644
--- a/examples/kerberos/README.md
+++ b/examples/kerberos/README.md
@@ -31,8 +31,18 @@ Alternatively you can use OpenJDK7 but in this case you will need to use aes256-
you can add system property to the maven command when running ApacheDS Kerberos server `-Dkerberos.encTypes=aes256-cts-hmac-sha1-96` (see below) and for
client add encryption types to configuration file like `/etc/krb5.conf` (but they should be already available. See below).
+Also if you are on Linux, make sure that record like:
+```
+127.0.0.1 localhost
+```
+is in your `/etc/hosts` before other records for the 127.0.0.1 host to avoid issues related to incompatible reverse lookup (Ensure the similar for other OS as well)
-**4)** Run ApacheDS based Kerberos server embedded in Keycloak. Easiest is to checkout keycloak sources, build and then run KerberosEmbeddedServer
+
+**4)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm and enable `forwardable` flag, which is needed
+for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server.
+See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/main/resources/kerberos/test-krb5.conf) for inspiration.
+
+**5)** Run ApacheDS based Kerberos server embedded in Keycloak. Easiest is to checkout keycloak sources, build and then run KerberosEmbeddedServer
as shown here:
```
@@ -44,11 +54,6 @@ mvn exec:java -Pkerberos
More details about embedded Kerberos server in [testsuite README](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/README.md#kerberos-server).
-
-**5)** Configure Kerberos client (On linux it's in file `/etc/krb5.conf` ). You need to configure `KEYCLOAK.ORG` realm and enable `forwardable` flag, which is needed
-for credential delegation example, as application needs to forward Kerberos ticket and authenticate with it against LDAP server.
-See [this file](https://github.com/keycloak/keycloak/blob/master/testsuite/integration/src/main/resources/kerberos/test-krb5.conf) for inspiration.
-
**6)** Configure browser (Firefox, Chrome or other) and enable SPNEGO authentication and credential delegation for `localhost` .
In Firefox it can be done by adding `localhost` to both `network.negotiate-auth.trusted-uris` and `network.negotiate-auth.delegation-uris` .