From a50fe144b95ed460f4d2b0a3097aaabe5efe6d40 Mon Sep 17 00:00:00 2001
From: Felix Dittrich <31076102+f11h@users.noreply.github.com>
Date: Fri, 27 Jan 2023 10:53:42 +0100
Subject: [PATCH] Feat: Upgrade Keycloak 20+ (#100)

* Modify Dockerfile for Keycloak Quarkus

* Fix Copy

* Add extra image for Admin-IAM

* Fix CI Job
Fix Dockerfile

* Fix Dockerfile

* Fix Dockerfile

* Fix Dockerfile

* Update Image Tag for Admin Iam

* Add Theme-Property Files for Quicktest Theme

* Update Dockerfile
---
 .github/workflows/ci-master.yml               |  21 +-
 Dockerfile                                    |  42 +-
 Dockerfile-QT                                 |  25 -
 .../configuration/standalone-ha-qt.xml        | 733 -----------------
 .../configuration/standalone-ha.xml           | 738 ------------------
 src/themes/cwa/account/theme.properties       |   2 +
 src/themes/cwa/login/theme.properties         |   3 +
 .../quick-test/account/theme.properties       |   2 +
 src/themes/quick-test/login/theme.properties  |   3 +
 9 files changed, 44 insertions(+), 1525 deletions(-)
 delete mode 100644 Dockerfile-QT
 delete mode 100644 src/standalone/configuration/standalone-ha-qt.xml
 delete mode 100644 src/standalone/configuration/standalone-ha.xml
 create mode 100644 src/themes/cwa/login/theme.properties
 create mode 100644 src/themes/quick-test/login/theme.properties

diff --git a/.github/workflows/ci-master.yml b/.github/workflows/ci-master.yml
index 50591a4..667fa6a 100644
--- a/.github/workflows/ci-master.yml
+++ b/.github/workflows/ci-master.yml
@@ -5,7 +5,7 @@ on:
     branches:
       - master
 jobs:
-  build:
+  build-public:
     runs-on: ubuntu-latest
     steps:
       - uses: sigstore/cosign-installer@main
@@ -20,6 +20,7 @@ jobs:
           --tag docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:latest \
           --tag docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:${VERSION} \
           --tag ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION} \
+          --build-arg IAM_FLAVOUR=public \
           .
         env:
           MTR_REPOSITORY: ${{ secrets.MTR_REPOSITORY }}
@@ -41,7 +42,7 @@ jobs:
           MTR_TOKEN: ${{ secrets.MTR_TOKEN }}
           MTR_PRIVATE_KEY: ${{ secrets.MTR_PRIVATE_KEY }}
           COSIGN_PASSWORD: ${{ secrets.MTR_PRIVATE_KEY_PASSWORD }}
-  build-qt:
+  build-admin:
     runs-on: ubuntu-latest
     steps:
       - uses: sigstore/cosign-installer@main
@@ -53,25 +54,25 @@ jobs:
       - name: docker build
         run: |
           docker build \
-          --tag docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:latest-qt \
-          --tag docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:${VERSION}-qt \
-          --tag ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION}-qt \
-          -f ./Dockerfile-QT \
+          --tag docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:latest-ADMIN \
+          --tag docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:${VERSION}-ADMIN \
+          --tag ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION}-ADMIN \
+          --build-arg IAM_FLAVOUR=admin \
           .
         env:
           MTR_REPOSITORY: ${{ secrets.MTR_REPOSITORY }}
       - name: docker push github
         run: |
           echo ${GITHUB_TOKEN} | docker login docker.pkg.github.com -u ${GITHUB_REPOSITORY_OWNER} --password-stdin
-          docker push docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:latest-qt
-          docker push docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:${VERSION}-qt
+          docker push docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:latest-ADMIN
+          docker push docker.pkg.github.com/${GITHUB_REPOSITORY}/cwa-verification-iam:${VERSION}-ADMIN
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: docker push mtr
         run: |
           echo ${MTR_TOKEN} | docker login ${MTR_REPOSITORY} -u ${MTR_USER} --password-stdin
-          docker push ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION}-qt
-          cosign sign --key env://MTR_PRIVATE_KEY ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION}-qt
+          docker push ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION}-ADMIN
+          cosign sign --key env://MTR_PRIVATE_KEY ${MTR_REPOSITORY}/cwa-verification-iam:${VERSION}-ADMIN
         env:
           MTR_REPOSITORY: ${{ secrets.MTR_REPOSITORY }}
           MTR_USER: ${{ secrets.MTR_USER }}
diff --git a/Dockerfile b/Dockerfile
index 40b2d2c..77b3159 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,25 +1,29 @@
-FROM quay.io/keycloak/keycloak:15.1.0
+ARG IAM_FLAVOUR=public
+FROM quay.io/keycloak/keycloak:20.0.3 as base-image
 
-ARG WORK_DIR=/build
-WORKDIR ${WORK_DIR}
+# Enables Features for Admin Flavour of IAM Image
+FROM base-image as builder-admin
+ENV KC_FEATURES_ENABLED=admin2,admin-api
 
-COPY . ${WORK_DIR}/
+# Disable Features for Public Flavour of IAM Image
+FROM base-image as builder-public
+ENV KC_FEATURES_DISABLED=admin,admin2,admin-api
 
-RUN mkdir /opt/jboss/keycloak/themes/cwa && \
-    mkdir /opt/jboss/keycloak/themes/quick-test && \
-    cp -r /opt/jboss/keycloak/themes/base/* /opt/jboss/keycloak/themes/cwa/ && \
-    cp -r ${WORK_DIR}/src/themes/cwa/login /opt/jboss/keycloak/themes/cwa/ && \
-    cp -r ${WORK_DIR}/src/themes/cwa/account /opt/jboss/keycloak/themes/cwa/ && \
-    cp -r /opt/jboss/keycloak/themes/base/* /opt/jboss/keycloak/themes/quick-test/ && \
-    cp -r ${WORK_DIR}/src/themes/quick-test/login /opt/jboss/keycloak/themes/quick-test/ && \
-    cp -r ${WORK_DIR}/src/themes/quick-test/account /opt/jboss/keycloak/themes/quick-test/ && \
-    cp ${WORK_DIR}/src/standalone/configuration/standalone-ha.xml /opt/jboss/keycloak/standalone/configuration/standalone-ha.xml
+FROM builder-${IAM_FLAVOUR} as builder
+WORKDIR /opt/keycloak
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=false
+ENV KC_CACHE=ispn
+ENV KC_CACHE_STACK=kubernetes
+ENV KC_DB=postgres
+COPY src/themes/cwa /opt/keycloak/themes/cwa
+COPY src/themes/quick-test /opt/keycloak/themes/quick-test
+RUN /opt/keycloak/bin/kc.sh build
 
-EXPOSE 8080
-EXPOSE 8443
-EXPOSE 7080
-EXPOSE 7443
+FROM base-image
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
 
-ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ]
+EXPOSE 8443
 
-CMD ["-b", "0.0.0.0"]
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+CMD ["start", "--optimized"]
diff --git a/Dockerfile-QT b/Dockerfile-QT
deleted file mode 100644
index e0ec3ca..0000000
--- a/Dockerfile-QT
+++ /dev/null
@@ -1,25 +0,0 @@
-FROM quay.io/keycloak/keycloak:14.0.0
-
-ARG WORK_DIR=/build
-WORKDIR ${WORK_DIR}
-
-COPY . ${WORK_DIR}/
-
-RUN mkdir /opt/jboss/keycloak/themes/cwa && \
-    mkdir /opt/jboss/keycloak/themes/quick-test && \
-    cp -r /opt/jboss/keycloak/themes/base/* /opt/jboss/keycloak/themes/cwa/ && \
-    cp -r ${WORK_DIR}/src/themes/cwa/login /opt/jboss/keycloak/themes/cwa/ && \
-    cp -r ${WORK_DIR}/src/themes/cwa/account /opt/jboss/keycloak/themes/cwa/ && \
-    cp -r /opt/jboss/keycloak/themes/base/* /opt/jboss/keycloak/themes/quick-test/ && \
-    cp -r ${WORK_DIR}/src/themes/quick-test/login /opt/jboss/keycloak/themes/quick-test/ && \
-    cp -r ${WORK_DIR}/src/themes/quick-test/account /opt/jboss/keycloak/themes/quick-test/ && \
-    cp ${WORK_DIR}/src/standalone/configuration/standalone-ha-qt.xml /opt/jboss/keycloak/standalone/configuration/standalone-ha.xml
-
-EXPOSE 8080
-EXPOSE 8443
-EXPOSE 7080
-EXPOSE 7443
-
-ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ]
-
-CMD ["-b", "0.0.0.0"]
diff --git a/src/standalone/configuration/standalone-ha-qt.xml b/src/standalone/configuration/standalone-ha-qt.xml
deleted file mode 100644
index 5ef9660..0000000
--- a/src/standalone/configuration/standalone-ha-qt.xml
+++ /dev/null
@@ -1,733 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-
-<server xmlns="urn:jboss:domain:16.0">
-  <extensions>
-    <extension module="org.jboss.as.clustering.infinispan"/>
-    <extension module="org.jboss.as.clustering.jgroups"/>
-    <extension module="org.jboss.as.connector"/>
-    <extension module="org.jboss.as.deployment-scanner"/>
-    <extension module="org.jboss.as.ee"/>
-    <extension module="org.jboss.as.ejb3"/>
-    <extension module="org.jboss.as.jaxrs"/>
-    <extension module="org.jboss.as.jmx"/>
-    <extension module="org.jboss.as.jpa"/>
-    <extension module="org.jboss.as.logging"/>
-    <extension module="org.jboss.as.mail"/>
-    <extension module="org.jboss.as.modcluster"/>
-    <extension module="org.jboss.as.naming"/>
-    <extension module="org.jboss.as.remoting"/>
-    <extension module="org.jboss.as.security"/>
-    <extension module="org.jboss.as.transactions"/>
-    <extension module="org.jboss.as.weld"/>
-    <extension module="org.keycloak.keycloak-server-subsystem"/>
-    <extension module="org.wildfly.extension.bean-validation"/>
-    <extension module="org.wildfly.extension.core-management"/>
-    <extension module="org.wildfly.extension.elytron"/>
-    <extension module="org.wildfly.extension.health"/>
-    <extension module="org.wildfly.extension.io"/>
-    <extension module="org.wildfly.extension.metrics"/>
-    <extension module="org.wildfly.extension.request-controller"/>
-    <extension module="org.wildfly.extension.security.manager"/>
-    <extension module="org.wildfly.extension.undertow"/>
-  </extensions>
-  <management>
-    <security-realms>
-      <security-realm name="ManagementRealm">
-        <authentication>
-          <local default-user="$local" skip-group-loading="true"/>
-          <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
-        </authentication>
-        <authorization map-groups-to-roles="false">
-          <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
-        </authorization>
-      </security-realm>
-      <security-realm name="ApplicationRealm">
-        <server-identities>
-          <ssl>
-            <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password"
-                      alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
-          </ssl>
-        </server-identities>
-        <authentication>
-          <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
-          <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
-        </authentication>
-        <authorization>
-          <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
-        </authorization>
-      </security-realm>
-    </security-realms>
-    <audit-log>
-      <formatters>
-        <json-formatter name="json-formatter"/>
-      </formatters>
-      <handlers>
-        <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
-      </handlers>
-      <logger log-boot="true" log-read-only="false" enabled="false">
-        <handlers>
-          <handler name="file"/>
-        </handlers>
-      </logger>
-    </audit-log>
-    <management-interfaces>
-      <http-interface security-realm="ManagementRealm">
-        <http-upgrade enabled="true"/>
-        <socket-binding http="management-http"/>
-      </http-interface>
-    </management-interfaces>
-    <access-control provider="simple">
-      <role-mapping>
-        <role name="SuperUser">
-          <include>
-            <user name="$local"/>
-          </include>
-        </role>
-      </role-mapping>
-    </access-control>
-  </management>
-  <profile>
-    <subsystem xmlns="urn:jboss:domain:logging:8.0">
-      <console-handler name="CONSOLE">
-        <level name="INFO"/>
-        <formatter>
-          <named-formatter name="COLOR-PATTERN"/>
-        </formatter>
-      </console-handler>
-      <periodic-rotating-file-handler name="FILE" autoflush="true">
-        <formatter>
-          <named-formatter name="PATTERN"/>
-        </formatter>
-        <file relative-to="jboss.server.log.dir" path="server.log"/>
-        <suffix value=".yyyy-MM-dd"/>
-        <append value="true"/>
-      </periodic-rotating-file-handler>
-      <logger category="com.arjuna">
-        <level name="WARN"/>
-      </logger>
-      <logger category="io.jaegertracing.Configuration">
-        <level name="WARN"/>
-      </logger>
-      <logger category="org.jboss.as.config">
-        <level name="DEBUG"/>
-      </logger>
-      <logger category="sun.rmi">
-        <level name="WARN"/>
-      </logger>
-      <root-logger>
-        <level name="INFO"/>
-        <handlers>
-          <handler name="CONSOLE"/>
-          <handler name="FILE"/>
-        </handlers>
-      </root-logger>
-      <formatter name="PATTERN">
-        <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
-      </formatter>
-      <formatter name="COLOR-PATTERN">
-        <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
-      </formatter>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
-    <subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
-    <subsystem xmlns="urn:jboss:domain:datasources:6.0">
-      <datasources>
-        <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true"
-                    use-java-context="true"
-                    statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
-          <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
-          <driver>h2</driver>
-          <security>
-            <user-name>sa</user-name>
-            <password>sa</password>
-          </security>
-        </datasource>
-        <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true"
-                    use-java-context="true"
-                    statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
-          <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
-          <driver>h2</driver>
-          <security>
-            <user-name>sa</user-name>
-            <password>sa</password>
-          </security>
-        </datasource>
-        <drivers>
-          <driver name="h2" module="com.h2database.h2">
-            <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
-          </driver>
-        </drivers>
-      </datasources>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
-      <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000"
-                          runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:ee:6.0">
-      <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
-      <concurrent>
-        <context-services>
-          <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default"
-                           use-transaction-setup-provider="true"/>
-        </context-services>
-        <managed-thread-factories>
-          <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default"
-                                  context-service="default"/>
-        </managed-thread-factories>
-        <managed-executor-services>
-          <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default"
-                                    context-service="default" hung-task-termination-period="0"
-                                    hung-task-threshold="60000" keepalive-time="5000"/>
-        </managed-executor-services>
-        <managed-scheduled-executor-services>
-          <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default"
-                                              context-service="default" hung-task-termination-period="0"
-                                              hung-task-threshold="60000" keepalive-time="3000"/>
-        </managed-scheduled-executor-services>
-      </concurrent>
-      <default-bindings context-service="java:jboss/ee/concurrency/context/default"
-                        datasource="java:jboss/datasources/ExampleDS"
-                        managed-executor-service="java:jboss/ee/concurrency/executor/default"
-                        managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default"
-                        managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:ejb3:9.0">
-      <session-bean>
-        <stateless>
-          <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
-        </stateless>
-        <stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
-        <singleton default-access-timeout="5000"/>
-      </session-bean>
-      <pools>
-        <bean-instance-pools>
-          <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5"
-                           instance-acquisition-timeout-unit="MINUTES"/>
-          <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5"
-                           instance-acquisition-timeout-unit="MINUTES"/>
-        </bean-instance-pools>
-      </pools>
-      <caches>
-        <cache name="simple"/>
-        <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
-      </caches>
-      <passivation-stores>
-        <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
-      </passivation-stores>
-      <async thread-pool-name="default"/>
-      <timer-service thread-pool-name="default" default-data-store="default-file-store">
-        <data-stores>
-          <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
-        </data-stores>
-      </timer-service>
-      <remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
-        <channel-creation-options>
-          <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
-        </channel-creation-options>
-      </remote>
-      <thread-pools>
-        <thread-pool name="default">
-          <max-threads count="10"/>
-          <keepalive-time time="60" unit="seconds"/>
-        </thread-pool>
-      </thread-pools>
-      <default-security-domain value="other"/>
-      <default-missing-method-permissions-deny-access value="true"/>
-      <statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
-      <log-system-exceptions value="true"/>
-    </subsystem>
-    <subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers"
-               disallowed-providers="OracleUcrypto">
-      <providers>
-        <aggregate-providers name="combined-providers">
-          <providers name="elytron"/>
-          <providers name="openssl"/>
-        </aggregate-providers>
-        <provider-loader name="elytron" module="org.wildfly.security.elytron"/>
-        <provider-loader name="openssl" module="org.wildfly.openssl"/>
-      </providers>
-      <audit-logging>
-        <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
-      </audit-logging>
-      <security-domains>
-        <security-domain name="ApplicationDomain" default-realm="ApplicationRealm"
-                         permission-mapper="default-permission-mapper">
-          <realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
-          <realm name="local"/>
-        </security-domain>
-        <security-domain name="ManagementDomain" default-realm="ManagementRealm"
-                         permission-mapper="default-permission-mapper">
-          <realm name="ManagementRealm" role-decoder="groups-to-roles"/>
-          <realm name="local" role-mapper="super-user-mapper"/>
-        </security-domain>
-      </security-domains>
-      <security-realms>
-        <identity-realm name="local" identity="$local"/>
-        <properties-realm name="ApplicationRealm">
-          <users-properties path="application-users.properties" relative-to="jboss.server.config.dir"
-                            digest-realm-name="ApplicationRealm"/>
-          <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
-        </properties-realm>
-        <properties-realm name="ManagementRealm">
-          <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"
-                            digest-realm-name="ManagementRealm"/>
-          <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
-        </properties-realm>
-      </security-realms>
-      <mappers>
-        <simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
-          <permission-mapping>
-            <principal name="anonymous"/>
-            <permission-set name="default-permissions"/>
-          </permission-mapping>
-          <permission-mapping match-all="true">
-            <permission-set name="login-permission"/>
-            <permission-set name="default-permissions"/>
-          </permission-mapping>
-        </simple-permission-mapper>
-        <constant-realm-mapper name="local" realm-name="local"/>
-        <simple-role-decoder name="groups-to-roles" attribute="groups"/>
-        <constant-role-mapper name="super-user-mapper">
-          <role name="SuperUser"/>
-        </constant-role-mapper>
-      </mappers>
-      <permission-sets>
-        <permission-set name="login-permission">
-          <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
-        </permission-set>
-        <permission-set name="default-permissions">
-          <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission"
-                      module="org.wildfly.extension.batch.jberet" target-name="*"/>
-          <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission"
-                      module="org.wildfly.transaction.client"/>
-          <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
-          <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
-        </permission-set>
-      </permission-sets>
-      <http>
-        <http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain"
-                                     http-server-mechanism-factory="global">
-          <mechanism-configuration>
-            <mechanism mechanism-name="DIGEST">
-              <mechanism-realm realm-name="ManagementRealm"/>
-            </mechanism>
-          </mechanism-configuration>
-        </http-authentication-factory>
-        <provider-http-server-mechanism-factory name="global"/>
-      </http>
-      <sasl>
-        <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured"
-                                     security-domain="ApplicationDomain">
-          <mechanism-configuration>
-            <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
-            <mechanism mechanism-name="DIGEST-MD5">
-              <mechanism-realm realm-name="ApplicationRealm"/>
-            </mechanism>
-          </mechanism-configuration>
-        </sasl-authentication-factory>
-        <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured"
-                                     security-domain="ManagementDomain">
-          <mechanism-configuration>
-            <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
-            <mechanism mechanism-name="DIGEST-MD5">
-              <mechanism-realm realm-name="ManagementRealm"/>
-            </mechanism>
-          </mechanism-configuration>
-        </sasl-authentication-factory>
-        <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
-          <properties>
-            <property name="wildfly.sasl.local-user.default-user" value="$local"/>
-          </properties>
-        </configurable-sasl-server-factory>
-        <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
-          <filters>
-            <filter provider-name="WildFlyElytron"/>
-          </filters>
-        </mechanism-provider-filtering-sasl-server-factory>
-        <provider-sasl-server-factory name="global"/>
-      </sasl>
-      <tls>
-        <key-stores>
-          <key-store name="applicationKS">
-            <credential-reference clear-text="password"/>
-            <implementation type="JKS"/>
-            <file path="application.keystore" relative-to="jboss.server.config.dir"/>
-          </key-store>
-        </key-stores>
-        <key-managers>
-          <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
-            <credential-reference clear-text="password"/>
-          </key-manager>
-        </key-managers>
-        <server-ssl-contexts>
-          <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
-        </server-ssl-contexts>
-      </tls>
-    </subsystem>
-    <subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
-    <subsystem xmlns="urn:jboss:domain:infinispan:12.0">
-      <cache-container name="ejb" default-cache="dist" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
-        <transport lock-timeout="60000"/>
-        <distributed-cache name="dist">
-          <locking isolation="REPEATABLE_READ"/>
-          <transaction mode="BATCH"/>
-          <file-store/>
-        </distributed-cache>
-      </cache-container>
-      <cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
-        <transport lock-timeout="60000"/>
-        <local-cache name="realms">
-          <heap-memory size="10000"/>
-        </local-cache>
-        <local-cache name="users">
-          <heap-memory size="10000"/>
-        </local-cache>
-        <local-cache name="authorization">
-          <heap-memory size="10000"/>
-        </local-cache>
-        <local-cache name="keys">
-          <heap-memory size="1000"/>
-          <expiration max-idle="3600000"/>
-        </local-cache>
-        <replicated-cache name="work"/>
-        <distributed-cache name="sessions" owners="1"/>
-        <distributed-cache name="authenticationSessions" owners="1"/>
-        <distributed-cache name="offlineSessions" owners="1"/>
-        <distributed-cache name="clientSessions" owners="1"/>
-        <distributed-cache name="offlineClientSessions" owners="1"/>
-        <distributed-cache name="loginFailures" owners="1"/>
-        <distributed-cache name="actionTokens" owners="2">
-          <heap-memory size="-1"/>
-          <expiration interval="300000" max-idle="-1"/>
-        </distributed-cache>
-      </cache-container>
-      <cache-container name="server" default-cache="default" aliases="singleton cluster"
-                       modules="org.wildfly.clustering.server">
-        <transport lock-timeout="60000"/>
-        <replicated-cache name="default">
-          <transaction mode="BATCH"/>
-        </replicated-cache>
-      </cache-container>
-      <cache-container name="web" default-cache="dist" modules="org.wildfly.clustering.web.infinispan">
-        <transport lock-timeout="60000"/>
-        <replicated-cache name="sso">
-          <locking isolation="REPEATABLE_READ"/>
-          <transaction mode="BATCH"/>
-        </replicated-cache>
-        <distributed-cache name="dist">
-          <locking isolation="REPEATABLE_READ"/>
-          <transaction mode="BATCH"/>
-          <file-store/>
-        </distributed-cache>
-        <distributed-cache name="routing"/>
-      </cache-container>
-      <cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
-        <transport lock-timeout="60000"/>
-        <local-cache name="local-query">
-          <heap-memory size="10000"/>
-          <expiration max-idle="100000"/>
-        </local-cache>
-        <invalidation-cache name="entity">
-          <transaction mode="NON_XA"/>
-          <heap-memory size="10000"/>
-          <expiration max-idle="100000"/>
-        </invalidation-cache>
-        <replicated-cache name="timestamps"/>
-      </cache-container>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:io:3.0">
-      <worker name="default"/>
-      <buffer-pool name="default"/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
-    <subsystem xmlns="urn:jboss:domain:jca:5.0">
-      <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
-      <bean-validation enabled="true"/>
-      <default-workmanager>
-        <short-running-threads>
-          <core-threads count="50"/>
-          <queue-length count="50"/>
-          <max-threads count="50"/>
-          <keepalive-time time="10" unit="seconds"/>
-        </short-running-threads>
-        <long-running-threads>
-          <core-threads count="50"/>
-          <queue-length count="50"/>
-          <max-threads count="50"/>
-          <keepalive-time time="10" unit="seconds"/>
-        </long-running-threads>
-      </default-workmanager>
-      <cached-connection-manager/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:jgroups:8.0">
-      <channels default="ee">
-        <channel name="ee" stack="udp" cluster="ejb"/>
-      </channels>
-      <stacks>
-        <stack name="udp">
-          <transport type="UDP" socket-binding="jgroups-udp"/>
-          <protocol type="PING"/>
-          <protocol type="MERGE3"/>
-          <socket-protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
-          <protocol type="FD_ALL"/>
-          <protocol type="VERIFY_SUSPECT"/>
-          <protocol type="pbcast.NAKACK2"/>
-          <protocol type="UNICAST3"/>
-          <protocol type="pbcast.STABLE"/>
-          <protocol type="pbcast.GMS"/>
-          <protocol type="UFC"/>
-          <protocol type="MFC"/>
-          <protocol type="FRAG3"/>
-        </stack>
-        <stack name="tcp">
-          <transport type="TCP" socket-binding="jgroups-tcp"/>
-          <socket-protocol type="MPING" socket-binding="jgroups-mping"/>
-          <protocol type="MERGE3"/>
-          <socket-protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
-          <protocol type="FD_ALL"/>
-          <protocol type="VERIFY_SUSPECT"/>
-          <protocol type="pbcast.NAKACK2"/>
-          <protocol type="UNICAST3"/>
-          <protocol type="pbcast.STABLE"/>
-          <protocol type="pbcast.GMS"/>
-          <protocol type="MFC"/>
-          <protocol type="FRAG3"/>
-        </stack>
-      </stacks>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:jmx:1.3">
-      <expose-resolved-model/>
-      <expose-expression-model/>
-      <remoting-connector/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:jpa:1.1">
-      <jpa default-extended-persistence-inheritance="DEEP"/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
-      <web-context>auth</web-context>
-      <providers>
-        <provider>
-          classpath:${jboss.home.dir}/providers/*
-        </provider>
-      </providers>
-      <master-realm-name>master</master-realm-name>
-      <scheduled-task-interval>900</scheduled-task-interval>
-      <theme>
-        <staticMaxAge>2592000</staticMaxAge>
-        <cacheThemes>true</cacheThemes>
-        <cacheTemplates>true</cacheTemplates>
-        <welcomeTheme>${env.KEYCLOAK_WELCOME_THEME:keycloak}</welcomeTheme>
-        <default>${env.KEYCLOAK_DEFAULT_THEME:keycloak}</default>
-        <dir>${jboss.home.dir}/themes</dir>
-      </theme>
-      <spi name="eventsStore">
-        <provider name="jpa" enabled="true">
-          <properties>
-            <property name="exclude-events" value="[&quot;REFRESH_TOKEN&quot;]"/>
-          </properties>
-        </provider>
-      </spi>
-      <spi name="userCache">
-        <provider name="default" enabled="true"/>
-      </spi>
-      <spi name="userSessionPersister">
-        <default-provider>jpa</default-provider>
-      </spi>
-      <spi name="timer">
-        <default-provider>basic</default-provider>
-      </spi>
-      <spi name="connectionsHttpClient">
-        <provider name="default" enabled="true"/>
-      </spi>
-      <spi name="connectionsJpa">
-        <provider name="default" enabled="true">
-          <properties>
-            <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
-            <property name="initializeEmpty" value="true"/>
-            <property name="migrationStrategy" value="update"/>
-            <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
-          </properties>
-        </provider>
-      </spi>
-      <spi name="realmCache">
-        <provider name="default" enabled="true"/>
-      </spi>
-      <spi name="connectionsInfinispan">
-        <default-provider>default</default-provider>
-        <provider name="default" enabled="true">
-          <properties>
-            <property name="cacheContainer" value="java:jboss/infinispan/container/keycloak"/>
-          </properties>
-        </provider>
-      </spi>
-      <spi name="jta-lookup">
-        <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
-        <provider name="jboss" enabled="true"/>
-      </spi>
-      <spi name="publicKeyStorage">
-        <provider name="infinispan" enabled="true">
-          <properties>
-            <property name="minTimeBetweenRequests" value="10"/>
-          </properties>
-        </provider>
-      </spi>
-      <spi name="x509cert-lookup">
-        <default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
-        <provider name="default" enabled="true"/>
-      </spi>
-      <spi name="hostname">
-        <default-provider>default</default-provider>
-        <provider name="default" enabled="true">
-          <properties>
-            <property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
-            <property name="forceBackendUrlToFrontendUrl" value="false"/>
-          </properties>
-        </provider>
-      </spi>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:mail:4.0">
-      <mail-session name="default" jndi-name="java:jboss/mail/Default">
-        <smtp-server outbound-socket-binding-ref="mail-smtp"/>
-      </mail-session>
-    </subsystem>
-    <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*"
-               prefix="${wildfly.metrics.prefix:wildfly}"/>
-    <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
-      <proxy name="default" advertise-socket="modcluster" listener="ajp">
-        <dynamic-load-provider>
-          <load-metric type="cpu"/>
-        </dynamic-load-provider>
-      </proxy>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:naming:2.0">
-      <remote-naming/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:remoting:4.0">
-      <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
-    <subsystem xmlns="urn:jboss:domain:security:2.0">
-      <security-domains>
-        <security-domain name="other" cache-type="default">
-          <authentication>
-            <login-module code="Remoting" flag="optional">
-              <module-option name="password-stacking" value="useFirstPass"/>
-            </login-module>
-            <login-module code="RealmDirect" flag="required">
-              <module-option name="password-stacking" value="useFirstPass"/>
-            </login-module>
-          </authentication>
-        </security-domain>
-        <security-domain name="jboss-web-policy" cache-type="default">
-          <authorization>
-            <policy-module code="Delegating" flag="required"/>
-          </authorization>
-        </security-domain>
-        <security-domain name="jaspitest" cache-type="default">
-          <authentication-jaspi>
-            <login-module-stack name="dummy">
-              <login-module code="Dummy" flag="optional"/>
-            </login-module-stack>
-            <auth-module code="Dummy"/>
-          </authentication-jaspi>
-        </security-domain>
-        <security-domain name="jboss-ejb-policy" cache-type="default">
-          <authorization>
-            <policy-module code="Delegating" flag="required"/>
-          </authorization>
-        </security-domain>
-      </security-domains>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
-      <deployment-permissions>
-        <maximum-set>
-          <permission class="java.security.AllPermission"/>
-        </maximum-set>
-      </deployment-permissions>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:transactions:6.0">
-      <core-environment node-identifier="${jboss.tx.node.id:1}">
-        <process-id>
-          <uuid/>
-        </process-id>
-      </core-environment>
-      <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
-      <coordinator-environment
-        statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
-      <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server"
-               default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other"
-               statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
-      <buffer-cache name="default"/>
-      <server name="default-server">
-        <ajp-listener name="ajp" socket-binding="ajp"/>
-        <http-listener name="default" socket-binding="http" redirect-socket="https"
-                       proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}" enable-http2="true"/>
-        <https-listener name="https" socket-binding="https"
-                        proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}"
-                        enable-http2="true"
-                        ssl-context="applicationSSC"/>
-        <http-listener name="http-admin" socket-binding="http-admin" redirect-socket="https"
-                       proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}" enable-http2="true"/>
-        <https-listener name="https-admin" socket-binding="https-admin"
-                        proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}"
-                        enable-http2="true"
-                        ssl-context="applicationSSC"/>
-        <host name="default-host" alias="localhost">
-          <location name="/" handler="welcome-content"/>
-          <http-invoker security-realm="ApplicationRealm"/>
-          <filter-ref name="pragmaHeader"/>
-          <filter-ref name="adminAccess"/>
-          <filter-ref name="accountAccess"/>
-        </host>
-      </server>
-      <servlet-container name="default">
-        <jsp-config/>
-        <websockets/>
-      </servlet-container>
-      <handlers>
-        <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
-      </handlers>
-      <filters>
-        <response-header name="pragmaHeader" header-name="Pragma" header-value="no-cache"/>
-      </filters>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
-  </profile>
-  <interfaces>
-    <interface name="management">
-      <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
-    </interface>
-    <interface name="private">
-      <inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
-    </interface>
-    <interface name="public">
-      <inet-address value="${jboss.bind.address:127.0.0.1}"/>
-    </interface>
-  </interfaces>
-  <socket-binding-group name="standard-sockets" default-interface="public"
-                        port-offset="${jboss.socket.binding.port-offset:0}">
-    <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
-    <socket-binding name="http" port="${jboss.http.port:8080}"/>
-    <socket-binding name="https" port="${jboss.https.port:8443}"/>
-    <socket-binding name="http-admin" port="${jboss.admin.http.port:7080}"/>
-    <socket-binding name="https-admin" port="${jboss.admin.https.port:7443}"/>
-    <socket-binding name="jgroups-mping" interface="private"
-                    multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
-    <socket-binding name="jgroups-tcp" interface="private" port="7600"/>
-    <socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
-    <socket-binding name="jgroups-udp" interface="private" port="55200"
-                    multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
-    <socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
-    <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
-    <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
-    <socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}"
-                    multicast-port="23364"/>
-    <socket-binding name="txn-recovery-environment" port="4712"/>
-    <socket-binding name="txn-status-manager" port="4713"/>
-    <outbound-socket-binding name="mail-smtp">
-      <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
-    </outbound-socket-binding>
-  </socket-binding-group>
-</server>
diff --git a/src/standalone/configuration/standalone-ha.xml b/src/standalone/configuration/standalone-ha.xml
deleted file mode 100644
index dbdc20f..0000000
--- a/src/standalone/configuration/standalone-ha.xml
+++ /dev/null
@@ -1,738 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-
-<server xmlns="urn:jboss:domain:16.0">
-  <extensions>
-    <extension module="org.jboss.as.clustering.infinispan"/>
-    <extension module="org.jboss.as.clustering.jgroups"/>
-    <extension module="org.jboss.as.connector"/>
-    <extension module="org.jboss.as.deployment-scanner"/>
-    <extension module="org.jboss.as.ee"/>
-    <extension module="org.jboss.as.ejb3"/>
-    <extension module="org.jboss.as.jaxrs"/>
-    <extension module="org.jboss.as.jmx"/>
-    <extension module="org.jboss.as.jpa"/>
-    <extension module="org.jboss.as.logging"/>
-    <extension module="org.jboss.as.mail"/>
-    <extension module="org.jboss.as.modcluster"/>
-    <extension module="org.jboss.as.naming"/>
-    <extension module="org.jboss.as.remoting"/>
-    <extension module="org.jboss.as.security"/>
-    <extension module="org.jboss.as.transactions"/>
-    <extension module="org.jboss.as.weld"/>
-    <extension module="org.keycloak.keycloak-server-subsystem"/>
-    <extension module="org.wildfly.extension.bean-validation"/>
-    <extension module="org.wildfly.extension.core-management"/>
-    <extension module="org.wildfly.extension.elytron"/>
-    <extension module="org.wildfly.extension.health"/>
-    <extension module="org.wildfly.extension.io"/>
-    <extension module="org.wildfly.extension.metrics"/>
-    <extension module="org.wildfly.extension.request-controller"/>
-    <extension module="org.wildfly.extension.security.manager"/>
-    <extension module="org.wildfly.extension.undertow"/>
-  </extensions>
-  <management>
-    <security-realms>
-      <security-realm name="ManagementRealm">
-        <authentication>
-          <local default-user="$local" skip-group-loading="true"/>
-          <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
-        </authentication>
-        <authorization map-groups-to-roles="false">
-          <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
-        </authorization>
-      </security-realm>
-      <security-realm name="ApplicationRealm">
-        <server-identities>
-          <ssl>
-            <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password"
-                      alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
-          </ssl>
-        </server-identities>
-        <authentication>
-          <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
-          <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
-        </authentication>
-        <authorization>
-          <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
-        </authorization>
-      </security-realm>
-    </security-realms>
-    <audit-log>
-      <formatters>
-        <json-formatter name="json-formatter"/>
-      </formatters>
-      <handlers>
-        <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
-      </handlers>
-      <logger log-boot="true" log-read-only="false" enabled="false">
-        <handlers>
-          <handler name="file"/>
-        </handlers>
-      </logger>
-    </audit-log>
-    <management-interfaces>
-      <http-interface security-realm="ManagementRealm">
-        <http-upgrade enabled="true"/>
-        <socket-binding http="management-http"/>
-      </http-interface>
-    </management-interfaces>
-    <access-control provider="simple">
-      <role-mapping>
-        <role name="SuperUser">
-          <include>
-            <user name="$local"/>
-          </include>
-        </role>
-      </role-mapping>
-    </access-control>
-  </management>
-  <profile>
-    <subsystem xmlns="urn:jboss:domain:logging:8.0">
-      <console-handler name="CONSOLE">
-        <level name="INFO"/>
-        <formatter>
-          <named-formatter name="COLOR-PATTERN"/>
-        </formatter>
-      </console-handler>
-      <periodic-rotating-file-handler name="FILE" autoflush="true">
-        <formatter>
-          <named-formatter name="PATTERN"/>
-        </formatter>
-        <file relative-to="jboss.server.log.dir" path="server.log"/>
-        <suffix value=".yyyy-MM-dd"/>
-        <append value="true"/>
-      </periodic-rotating-file-handler>
-      <logger category="com.arjuna">
-        <level name="WARN"/>
-      </logger>
-      <logger category="io.jaegertracing.Configuration">
-        <level name="WARN"/>
-      </logger>
-      <logger category="org.jboss.as.config">
-        <level name="DEBUG"/>
-      </logger>
-      <logger category="sun.rmi">
-        <level name="WARN"/>
-      </logger>
-      <root-logger>
-        <level name="INFO"/>
-        <handlers>
-          <handler name="CONSOLE"/>
-          <handler name="FILE"/>
-        </handlers>
-      </root-logger>
-      <formatter name="PATTERN">
-        <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
-      </formatter>
-      <formatter name="COLOR-PATTERN">
-        <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
-      </formatter>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
-    <subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
-    <subsystem xmlns="urn:jboss:domain:datasources:6.0">
-      <datasources>
-        <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true"
-                    use-java-context="true"
-                    statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
-          <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
-          <driver>h2</driver>
-          <security>
-            <user-name>sa</user-name>
-            <password>sa</password>
-          </security>
-        </datasource>
-        <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true"
-                    use-java-context="true"
-                    statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
-          <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
-          <driver>h2</driver>
-          <security>
-            <user-name>sa</user-name>
-            <password>sa</password>
-          </security>
-        </datasource>
-        <drivers>
-          <driver name="h2" module="com.h2database.h2">
-            <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
-          </driver>
-        </drivers>
-      </datasources>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
-      <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000"
-                          runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:ee:6.0">
-      <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
-      <concurrent>
-        <context-services>
-          <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default"
-                           use-transaction-setup-provider="true"/>
-        </context-services>
-        <managed-thread-factories>
-          <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default"
-                                  context-service="default"/>
-        </managed-thread-factories>
-        <managed-executor-services>
-          <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default"
-                                    context-service="default" hung-task-termination-period="0"
-                                    hung-task-threshold="60000" keepalive-time="5000"/>
-        </managed-executor-services>
-        <managed-scheduled-executor-services>
-          <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default"
-                                              context-service="default" hung-task-termination-period="0"
-                                              hung-task-threshold="60000" keepalive-time="3000"/>
-        </managed-scheduled-executor-services>
-      </concurrent>
-      <default-bindings context-service="java:jboss/ee/concurrency/context/default"
-                        datasource="java:jboss/datasources/ExampleDS"
-                        managed-executor-service="java:jboss/ee/concurrency/executor/default"
-                        managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default"
-                        managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:ejb3:9.0">
-      <session-bean>
-        <stateless>
-          <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
-        </stateless>
-        <stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
-        <singleton default-access-timeout="5000"/>
-      </session-bean>
-      <pools>
-        <bean-instance-pools>
-          <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5"
-                           instance-acquisition-timeout-unit="MINUTES"/>
-          <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5"
-                           instance-acquisition-timeout-unit="MINUTES"/>
-        </bean-instance-pools>
-      </pools>
-      <caches>
-        <cache name="simple"/>
-        <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
-      </caches>
-      <passivation-stores>
-        <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
-      </passivation-stores>
-      <async thread-pool-name="default"/>
-      <timer-service thread-pool-name="default" default-data-store="default-file-store">
-        <data-stores>
-          <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
-        </data-stores>
-      </timer-service>
-      <remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
-        <channel-creation-options>
-          <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
-        </channel-creation-options>
-      </remote>
-      <thread-pools>
-        <thread-pool name="default">
-          <max-threads count="10"/>
-          <keepalive-time time="60" unit="seconds"/>
-        </thread-pool>
-      </thread-pools>
-      <default-security-domain value="other"/>
-      <default-missing-method-permissions-deny-access value="true"/>
-      <statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
-      <log-system-exceptions value="true"/>
-    </subsystem>
-    <subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers"
-               disallowed-providers="OracleUcrypto">
-      <providers>
-        <aggregate-providers name="combined-providers">
-          <providers name="elytron"/>
-          <providers name="openssl"/>
-        </aggregate-providers>
-        <provider-loader name="elytron" module="org.wildfly.security.elytron"/>
-        <provider-loader name="openssl" module="org.wildfly.openssl"/>
-      </providers>
-      <audit-logging>
-        <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
-      </audit-logging>
-      <security-domains>
-        <security-domain name="ApplicationDomain" default-realm="ApplicationRealm"
-                         permission-mapper="default-permission-mapper">
-          <realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
-          <realm name="local"/>
-        </security-domain>
-        <security-domain name="ManagementDomain" default-realm="ManagementRealm"
-                         permission-mapper="default-permission-mapper">
-          <realm name="ManagementRealm" role-decoder="groups-to-roles"/>
-          <realm name="local" role-mapper="super-user-mapper"/>
-        </security-domain>
-      </security-domains>
-      <security-realms>
-        <identity-realm name="local" identity="$local"/>
-        <properties-realm name="ApplicationRealm">
-          <users-properties path="application-users.properties" relative-to="jboss.server.config.dir"
-                            digest-realm-name="ApplicationRealm"/>
-          <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
-        </properties-realm>
-        <properties-realm name="ManagementRealm">
-          <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"
-                            digest-realm-name="ManagementRealm"/>
-          <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
-        </properties-realm>
-      </security-realms>
-      <mappers>
-        <simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
-          <permission-mapping>
-            <principal name="anonymous"/>
-            <permission-set name="default-permissions"/>
-          </permission-mapping>
-          <permission-mapping match-all="true">
-            <permission-set name="login-permission"/>
-            <permission-set name="default-permissions"/>
-          </permission-mapping>
-        </simple-permission-mapper>
-        <constant-realm-mapper name="local" realm-name="local"/>
-        <simple-role-decoder name="groups-to-roles" attribute="groups"/>
-        <constant-role-mapper name="super-user-mapper">
-          <role name="SuperUser"/>
-        </constant-role-mapper>
-      </mappers>
-      <permission-sets>
-        <permission-set name="login-permission">
-          <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
-        </permission-set>
-        <permission-set name="default-permissions">
-          <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission"
-                      module="org.wildfly.extension.batch.jberet" target-name="*"/>
-          <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission"
-                      module="org.wildfly.transaction.client"/>
-          <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
-          <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
-        </permission-set>
-      </permission-sets>
-      <http>
-        <http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain"
-                                     http-server-mechanism-factory="global">
-          <mechanism-configuration>
-            <mechanism mechanism-name="DIGEST">
-              <mechanism-realm realm-name="ManagementRealm"/>
-            </mechanism>
-          </mechanism-configuration>
-        </http-authentication-factory>
-        <provider-http-server-mechanism-factory name="global"/>
-      </http>
-      <sasl>
-        <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured"
-                                     security-domain="ApplicationDomain">
-          <mechanism-configuration>
-            <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
-            <mechanism mechanism-name="DIGEST-MD5">
-              <mechanism-realm realm-name="ApplicationRealm"/>
-            </mechanism>
-          </mechanism-configuration>
-        </sasl-authentication-factory>
-        <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured"
-                                     security-domain="ManagementDomain">
-          <mechanism-configuration>
-            <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
-            <mechanism mechanism-name="DIGEST-MD5">
-              <mechanism-realm realm-name="ManagementRealm"/>
-            </mechanism>
-          </mechanism-configuration>
-        </sasl-authentication-factory>
-        <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
-          <properties>
-            <property name="wildfly.sasl.local-user.default-user" value="$local"/>
-          </properties>
-        </configurable-sasl-server-factory>
-        <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
-          <filters>
-            <filter provider-name="WildFlyElytron"/>
-          </filters>
-        </mechanism-provider-filtering-sasl-server-factory>
-        <provider-sasl-server-factory name="global"/>
-      </sasl>
-      <tls>
-        <key-stores>
-          <key-store name="applicationKS">
-            <credential-reference clear-text="password"/>
-            <implementation type="JKS"/>
-            <file path="application.keystore" relative-to="jboss.server.config.dir"/>
-          </key-store>
-        </key-stores>
-        <key-managers>
-          <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
-            <credential-reference clear-text="password"/>
-          </key-manager>
-        </key-managers>
-        <server-ssl-contexts>
-          <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
-        </server-ssl-contexts>
-      </tls>
-    </subsystem>
-    <subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
-    <subsystem xmlns="urn:jboss:domain:infinispan:12.0">
-      <cache-container name="ejb" default-cache="dist" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
-        <transport lock-timeout="60000"/>
-        <distributed-cache name="dist">
-          <locking isolation="REPEATABLE_READ"/>
-          <transaction mode="BATCH"/>
-          <file-store/>
-        </distributed-cache>
-      </cache-container>
-      <cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
-        <transport lock-timeout="60000"/>
-        <local-cache name="realms">
-          <heap-memory size="10000"/>
-        </local-cache>
-        <local-cache name="users">
-          <heap-memory size="10000"/>
-        </local-cache>
-        <local-cache name="authorization">
-          <heap-memory size="10000"/>
-        </local-cache>
-        <local-cache name="keys">
-          <heap-memory size="1000"/>
-          <expiration max-idle="3600000"/>
-        </local-cache>
-        <replicated-cache name="work"/>
-        <distributed-cache name="sessions" owners="1"/>
-        <distributed-cache name="authenticationSessions" owners="1"/>
-        <distributed-cache name="offlineSessions" owners="1"/>
-        <distributed-cache name="clientSessions" owners="1"/>
-        <distributed-cache name="offlineClientSessions" owners="1"/>
-        <distributed-cache name="loginFailures" owners="1"/>
-        <distributed-cache name="actionTokens" owners="2">
-          <heap-memory size="-1"/>
-          <expiration interval="300000" max-idle="-1"/>
-        </distributed-cache>
-      </cache-container>
-      <cache-container name="server" default-cache="default" aliases="singleton cluster"
-                       modules="org.wildfly.clustering.server">
-        <transport lock-timeout="60000"/>
-        <replicated-cache name="default">
-          <transaction mode="BATCH"/>
-        </replicated-cache>
-      </cache-container>
-      <cache-container name="web" default-cache="dist" modules="org.wildfly.clustering.web.infinispan">
-        <transport lock-timeout="60000"/>
-        <replicated-cache name="sso">
-          <locking isolation="REPEATABLE_READ"/>
-          <transaction mode="BATCH"/>
-        </replicated-cache>
-        <distributed-cache name="dist">
-          <locking isolation="REPEATABLE_READ"/>
-          <transaction mode="BATCH"/>
-          <file-store/>
-        </distributed-cache>
-        <distributed-cache name="routing"/>
-      </cache-container>
-      <cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
-        <transport lock-timeout="60000"/>
-        <local-cache name="local-query">
-          <heap-memory size="10000"/>
-          <expiration max-idle="100000"/>
-        </local-cache>
-        <invalidation-cache name="entity">
-          <transaction mode="NON_XA"/>
-          <heap-memory size="10000"/>
-          <expiration max-idle="100000"/>
-        </invalidation-cache>
-        <replicated-cache name="timestamps"/>
-      </cache-container>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:io:3.0">
-      <worker name="default"/>
-      <buffer-pool name="default"/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
-    <subsystem xmlns="urn:jboss:domain:jca:5.0">
-      <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
-      <bean-validation enabled="true"/>
-      <default-workmanager>
-        <short-running-threads>
-          <core-threads count="50"/>
-          <queue-length count="50"/>
-          <max-threads count="50"/>
-          <keepalive-time time="10" unit="seconds"/>
-        </short-running-threads>
-        <long-running-threads>
-          <core-threads count="50"/>
-          <queue-length count="50"/>
-          <max-threads count="50"/>
-          <keepalive-time time="10" unit="seconds"/>
-        </long-running-threads>
-      </default-workmanager>
-      <cached-connection-manager/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:jgroups:8.0">
-      <channels default="ee">
-        <channel name="ee" stack="udp" cluster="ejb"/>
-      </channels>
-      <stacks>
-        <stack name="udp">
-          <transport type="UDP" socket-binding="jgroups-udp"/>
-          <protocol type="PING"/>
-          <protocol type="MERGE3"/>
-          <socket-protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
-          <protocol type="FD_ALL"/>
-          <protocol type="VERIFY_SUSPECT"/>
-          <protocol type="pbcast.NAKACK2"/>
-          <protocol type="UNICAST3"/>
-          <protocol type="pbcast.STABLE"/>
-          <protocol type="pbcast.GMS"/>
-          <protocol type="UFC"/>
-          <protocol type="MFC"/>
-          <protocol type="FRAG3"/>
-        </stack>
-        <stack name="tcp">
-          <transport type="TCP" socket-binding="jgroups-tcp"/>
-          <socket-protocol type="MPING" socket-binding="jgroups-mping"/>
-          <protocol type="MERGE3"/>
-          <socket-protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
-          <protocol type="FD_ALL"/>
-          <protocol type="VERIFY_SUSPECT"/>
-          <protocol type="pbcast.NAKACK2"/>
-          <protocol type="UNICAST3"/>
-          <protocol type="pbcast.STABLE"/>
-          <protocol type="pbcast.GMS"/>
-          <protocol type="MFC"/>
-          <protocol type="FRAG3"/>
-        </stack>
-      </stacks>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:jmx:1.3">
-      <expose-resolved-model/>
-      <expose-expression-model/>
-      <remoting-connector/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:jpa:1.1">
-      <jpa default-extended-persistence-inheritance="DEEP"/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
-      <web-context>auth</web-context>
-      <providers>
-        <provider>
-          classpath:${jboss.home.dir}/providers/*
-        </provider>
-      </providers>
-      <master-realm-name>master</master-realm-name>
-      <scheduled-task-interval>900</scheduled-task-interval>
-      <theme>
-        <staticMaxAge>2592000</staticMaxAge>
-        <cacheThemes>true</cacheThemes>
-        <cacheTemplates>true</cacheTemplates>
-        <welcomeTheme>${env.KEYCLOAK_WELCOME_THEME:keycloak}</welcomeTheme>
-        <default>${env.KEYCLOAK_DEFAULT_THEME:keycloak}</default>
-        <dir>${jboss.home.dir}/themes</dir>
-      </theme>
-      <spi name="eventsStore">
-        <provider name="jpa" enabled="true">
-          <properties>
-            <property name="exclude-events" value="[&quot;REFRESH_TOKEN&quot;]"/>
-          </properties>
-        </provider>
-      </spi>
-      <spi name="userCache">
-        <provider name="default" enabled="true"/>
-      </spi>
-      <spi name="userSessionPersister">
-        <default-provider>jpa</default-provider>
-      </spi>
-      <spi name="timer">
-        <default-provider>basic</default-provider>
-      </spi>
-      <spi name="connectionsHttpClient">
-        <provider name="default" enabled="true"/>
-      </spi>
-      <spi name="connectionsJpa">
-        <provider name="default" enabled="true">
-          <properties>
-            <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
-            <property name="initializeEmpty" value="true"/>
-            <property name="migrationStrategy" value="update"/>
-            <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
-          </properties>
-        </provider>
-      </spi>
-      <spi name="realmCache">
-        <provider name="default" enabled="true"/>
-      </spi>
-      <spi name="connectionsInfinispan">
-        <default-provider>default</default-provider>
-        <provider name="default" enabled="true">
-          <properties>
-            <property name="cacheContainer" value="java:jboss/infinispan/container/keycloak"/>
-          </properties>
-        </provider>
-      </spi>
-      <spi name="jta-lookup">
-        <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
-        <provider name="jboss" enabled="true"/>
-      </spi>
-      <spi name="publicKeyStorage">
-        <provider name="infinispan" enabled="true">
-          <properties>
-            <property name="minTimeBetweenRequests" value="10"/>
-          </properties>
-        </provider>
-      </spi>
-      <spi name="x509cert-lookup">
-        <default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
-        <provider name="default" enabled="true"/>
-      </spi>
-      <spi name="hostname">
-        <default-provider>default</default-provider>
-        <provider name="default" enabled="true">
-          <properties>
-            <property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
-            <property name="forceBackendUrlToFrontendUrl" value="false"/>
-          </properties>
-        </provider>
-      </spi>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:mail:4.0">
-      <mail-session name="default" jndi-name="java:jboss/mail/Default">
-        <smtp-server outbound-socket-binding-ref="mail-smtp"/>
-      </mail-session>
-    </subsystem>
-    <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*"
-               prefix="${wildfly.metrics.prefix:wildfly}"/>
-    <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
-      <proxy name="default" advertise-socket="modcluster" listener="ajp">
-        <dynamic-load-provider>
-          <load-metric type="cpu"/>
-        </dynamic-load-provider>
-      </proxy>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:naming:2.0">
-      <remote-naming/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:remoting:4.0">
-      <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
-    <subsystem xmlns="urn:jboss:domain:security:2.0">
-      <security-domains>
-        <security-domain name="other" cache-type="default">
-          <authentication>
-            <login-module code="Remoting" flag="optional">
-              <module-option name="password-stacking" value="useFirstPass"/>
-            </login-module>
-            <login-module code="RealmDirect" flag="required">
-              <module-option name="password-stacking" value="useFirstPass"/>
-            </login-module>
-          </authentication>
-        </security-domain>
-        <security-domain name="jboss-web-policy" cache-type="default">
-          <authorization>
-            <policy-module code="Delegating" flag="required"/>
-          </authorization>
-        </security-domain>
-        <security-domain name="jaspitest" cache-type="default">
-          <authentication-jaspi>
-            <login-module-stack name="dummy">
-              <login-module code="Dummy" flag="optional"/>
-            </login-module-stack>
-            <auth-module code="Dummy"/>
-          </authentication-jaspi>
-        </security-domain>
-        <security-domain name="jboss-ejb-policy" cache-type="default">
-          <authorization>
-            <policy-module code="Delegating" flag="required"/>
-          </authorization>
-        </security-domain>
-      </security-domains>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
-      <deployment-permissions>
-        <maximum-set>
-          <permission class="java.security.AllPermission"/>
-        </maximum-set>
-      </deployment-permissions>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:transactions:6.0">
-      <core-environment node-identifier="${jboss.tx.node.id:1}">
-        <process-id>
-          <uuid/>
-        </process-id>
-      </core-environment>
-      <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
-      <coordinator-environment
-        statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
-      <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server"
-               default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other"
-               statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
-      <buffer-cache name="default"/>
-      <server name="default-server">
-        <ajp-listener name="ajp" socket-binding="ajp"/>
-        <http-listener name="default" socket-binding="http" redirect-socket="https"
-                       proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}" enable-http2="true"/>
-        <https-listener name="https" socket-binding="https"
-                        proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}"
-                        enable-http2="true"
-                        ssl-context="applicationSSC"/>
-        <http-listener name="http-admin" socket-binding="http-admin" redirect-socket="https"
-                       proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}" enable-http2="true"/>
-        <https-listener name="https-admin" socket-binding="https-admin"
-                        proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING:false}"
-                        enable-http2="true"
-                        ssl-context="applicationSSC"/>
-        <host name="default-host" alias="localhost">
-          <location name="/" handler="welcome-content"/>
-          <http-invoker security-realm="ApplicationRealm"/>
-          <filter-ref name="pragmaHeader"/>
-          <filter-ref name="adminAccess"/>
-          <filter-ref name="accountAccess"/>
-        </host>
-      </server>
-      <servlet-container name="default">
-        <jsp-config/>
-        <websockets/>
-      </servlet-container>
-      <handlers>
-        <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
-      </handlers>
-      <filters>
-        <response-header name="pragmaHeader" header-name="Pragma" header-value="no-cache"/>
-        <expression-filter name="adminAccess"
-                           expression="path-prefix('/auth/admin') and not (equals(%p, 7080) or equals(%p, 7443)) -> response-code(403)"/>
-        <expression-filter name="accountAccess"
-                           expression="path-prefix('/auth/realms/cwa/account/totp') or path('/auth/realms/cwa/account')
-                           or path-prefix('/auth/realms/cwa/account/sessions') or path-prefix('/auth/realms/cwa/account/applications') -> response-code(403)"/>
-      </filters>
-    </subsystem>
-    <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
-  </profile>
-  <interfaces>
-    <interface name="management">
-      <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
-    </interface>
-    <interface name="private">
-      <inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
-    </interface>
-    <interface name="public">
-      <inet-address value="${jboss.bind.address:127.0.0.1}"/>
-    </interface>
-  </interfaces>
-  <socket-binding-group name="standard-sockets" default-interface="public"
-                        port-offset="${jboss.socket.binding.port-offset:0}">
-    <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
-    <socket-binding name="http" port="${jboss.http.port:8080}"/>
-    <socket-binding name="https" port="${jboss.https.port:8443}"/>
-    <socket-binding name="http-admin" port="${jboss.admin.http.port:7080}"/>
-    <socket-binding name="https-admin" port="${jboss.admin.https.port:7443}"/>
-    <socket-binding name="jgroups-mping" interface="private"
-                    multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
-    <socket-binding name="jgroups-tcp" interface="private" port="7600"/>
-    <socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
-    <socket-binding name="jgroups-udp" interface="private" port="55200"
-                    multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
-    <socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
-    <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
-    <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
-    <socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}"
-                    multicast-port="23364"/>
-    <socket-binding name="txn-recovery-environment" port="4712"/>
-    <socket-binding name="txn-status-manager" port="4713"/>
-    <outbound-socket-binding name="mail-smtp">
-      <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
-    </outbound-socket-binding>
-  </socket-binding-group>
-</server>
diff --git a/src/themes/cwa/account/theme.properties b/src/themes/cwa/account/theme.properties
index f038496..66a162e 100644
--- a/src/themes/cwa/account/theme.properties
+++ b/src/themes/cwa/account/theme.properties
@@ -1 +1,3 @@
+parent=base
+import=common/keycloak
 locales=de
diff --git a/src/themes/cwa/login/theme.properties b/src/themes/cwa/login/theme.properties
new file mode 100644
index 0000000..66a162e
--- /dev/null
+++ b/src/themes/cwa/login/theme.properties
@@ -0,0 +1,3 @@
+parent=base
+import=common/keycloak
+locales=de
diff --git a/src/themes/quick-test/account/theme.properties b/src/themes/quick-test/account/theme.properties
index f038496..66a162e 100644
--- a/src/themes/quick-test/account/theme.properties
+++ b/src/themes/quick-test/account/theme.properties
@@ -1 +1,3 @@
+parent=base
+import=common/keycloak
 locales=de
diff --git a/src/themes/quick-test/login/theme.properties b/src/themes/quick-test/login/theme.properties
new file mode 100644
index 0000000..66a162e
--- /dev/null
+++ b/src/themes/quick-test/login/theme.properties
@@ -0,0 +1,3 @@
+parent=base
+import=common/keycloak
+locales=de