keycloak-memoizeit

diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java
index f4f7e3d..035c623 100644
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java
@@ -99,6 +99,10 @@ public class HardcodedLDAPAttributeMapper extends AbstractLDAPStorageMapper {
 
     @Override
     public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) {
+        // Don't update attribute in LDAP later. It's supposed to be written just at registration time
+        String ldapAttrName = mapperModel.get(LDAP_ATTRIBUTE_NAME);
+        ldapUser.addReadOnlyAttributeName(ldapAttrName);
+
         return delegate;
     }
 

diff --git a/server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java b/server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java
index 045258c..cba5ed6 100644
--- a/server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java
+++ b/server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java
@@ -151,5 +151,10 @@ public enum ResourceType {
     /**
      *
      */
-    , CLUSTER_NODE;
+    , CLUSTER_NODE
+
+    /**
+     *
+     */
+    , COMPONENT;
 }

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
index daffd90..2f7362b 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
@@ -221,7 +221,7 @@ public class AuthenticationManagementResource {
 
         flow.setId(createdModel.getId());
         adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, createdModel.getId()).representation(flow).success();
-        return Response.status(201).build();
+        return Response.created(uriInfo.getAbsolutePathBuilder().path(flow.getId()).build()).build();
     }
 
     /**

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
index c5e1edb..b39b773 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
@@ -25,6 +25,7 @@ import org.keycloak.component.ComponentModel;
 import org.keycloak.component.ComponentValidationException;
 import org.keycloak.component.SubComponentFactory;
 import org.keycloak.events.admin.OperationType;
+import org.keycloak.events.admin.ResourceType;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.utils.ModelToRepresentation;
@@ -93,7 +94,7 @@ public class ComponentResource {
     public ComponentResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) {
         this.auth = auth;
         this.realm = realm;
-        this.adminEvent = adminEvent;
+        this.adminEvent = adminEvent.resource(ResourceType.COMPONENT);
 
         auth.init(RealmAuth.Resource.REALM);
     }
@@ -175,7 +176,7 @@ public class ComponentResource {
                 throw new NotFoundException("Could not find component");
             }
             RepresentationToModel.updateComponent(session, rep, model, false);
-            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo, model.getId()).representation(StripSecretsUtils.strip(session, rep)).success();
+            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(StripSecretsUtils.strip(session, rep)).success();
             realm.updateComponent(model);
             return Response.noContent().build();
         } catch (ComponentValidationException e) {
@@ -192,7 +193,7 @@ public class ComponentResource {
         if (model == null) {
             throw new NotFoundException("Could not find component");
         }
-        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo, model.getId()).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
         realm.removeComponent(model);
 
     }

diff --git a/testsuite/integration-arquillian/HOW-TO-RUN.md b/testsuite/integration-arquillian/HOW-TO-RUN.md
index 0fb9b4b..c1341fb 100644
--- a/testsuite/integration-arquillian/HOW-TO-RUN.md
+++ b/testsuite/integration-arquillian/HOW-TO-RUN.md
@@ -21,8 +21,10 @@ Adding this system property when running any test:
     
     -Darquillian.debug=true
     
-will add lots of info to the log. Especially about all the triggered arquillian lifecycle events and executed observers listening to those events.
-Also the bootstrap of WebDriver will be unlimited (by default there is 1 minute timeout and test is cancelled when WebDriver is not bootstrapped within it.)
+will add lots of info to the log. Especially about:
+* The test method names, which will be executed for each test class, will be written at the proper running order to the log at the beginning of each test (done by KcArquillian class). 
+* All the triggered arquillian lifecycle events and executed observers listening to those events will be written to the log
+* The bootstrap of WebDriver will be unlimited. By default there is just 1 minute timeout and test is cancelled when WebDriver is not bootstrapped within it.
 
 ### WebDriver timeout
 
@@ -41,7 +43,7 @@ and adapter are all in the same JVM and you can debug them easily. If it is not 
     -Dmaven.surefire.debug=true
    
    
-and you will be able to attach remote debugger to the test. Unfortunately server and adapter are running in different JVMs, so you won't be able to debug them. 
+and you will be able to attach remote debugger to the test. Unfortunately server and adapter are running in different JVMs, so this won't help to debug those. 
 
 TODO: Improve and add more info about Wildfly debugging...
 

diff --git a/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java b/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java
index bdbd4d9..5f7520f 100644
--- a/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java
+++ b/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java
@@ -146,6 +146,11 @@ public class KeycloakOnUndertow implements DeployableContainer<KeycloakOnUnderto
 
     @Override
     public void start() throws LifecycleException {
+        if (isRemoteMode()) {
+            log.info("Skip bootstrap undertow. We are in remote mode");
+            return;
+        }
+
         log.info("Starting auth server on embedded Undertow.");
         long start = System.currentTimeMillis();
 
@@ -169,11 +174,21 @@ public class KeycloakOnUndertow implements DeployableContainer<KeycloakOnUnderto
 
     @Override
     public void stop() throws LifecycleException {
+        if (isRemoteMode()) {
+            log.info("Skip stopping undertow. We are in remote mode");
+            return;
+        }
+
         log.info("Stopping auth server.");
         sessionFactory.close();
         undertow.stop();
     }
 
+    private boolean isRemoteMode() {
+        //return true;
+        return "true".equals(System.getProperty("remote.mode"));
+    }
+
     @Override
     public void undeploy(Archive<?> archive) throws DeploymentException {
         Field containerField = Reflections.findDeclaredField(UndertowJaxrsServer.class, "container");

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java
index ccc4f80..6ca5135 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java
@@ -28,9 +28,13 @@ import org.jboss.arquillian.core.api.annotation.Inject;
 import org.jboss.arquillian.core.api.annotation.Observes;
 import org.jboss.arquillian.test.spi.annotation.ClassScoped;
 import org.jboss.arquillian.test.spi.annotation.SuiteScoped;
+import org.jboss.arquillian.test.spi.event.suite.AfterClass;
 import org.jboss.arquillian.test.spi.event.suite.BeforeClass;
 import org.jboss.arquillian.test.spi.event.suite.BeforeSuite;
 import org.jboss.logging.Logger;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.client.KeycloakTestingClient;
 import org.keycloak.testsuite.util.LogChecker;
 import org.keycloak.testsuite.util.OAuthClient;
 
@@ -38,8 +42,11 @@ import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.LinkedHashSet;
+import java.util.List;
 import java.util.Set;
 
+import javax.ws.rs.NotFoundException;
+
 /**
  *
  * @author tkyjovsk
@@ -203,4 +210,33 @@ public class AuthServerTestEnricher {
         oAuthClientProducer.set(oAuthClient);
     }
 
+    public void afterClass(@Observes(precedence = 2) AfterClass event) {
+        TestContext testContext = testContextProducer.get();
+
+        List<RealmRepresentation> testRealmReps = testContext.getTestRealmReps();
+        Keycloak adminClient = testContext.getAdminClient();
+        KeycloakTestingClient testingClient = testContext.getTestingClient();
+
+        if (testRealmReps != null) {
+            log.info("removing test realms after test class");
+            for (RealmRepresentation testRealm : testRealmReps) {
+                String realmName = testRealm.getRealm();
+                log.info("removing realm: " + realmName);
+                try {
+                    adminClient.realms().realm(realmName).remove();
+                } catch (NotFoundException e) {
+                    // Ignore
+                }
+            }
+        }
+
+        if (adminClient != null) {
+            adminClient.close();
+        }
+
+        if (testingClient != null) {
+            testingClient.close();
+        }
+    }
+
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KcArquillian.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KcArquillian.java
new file mode 100644
index 0000000..c743ca8
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KcArquillian.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.arquillian;
+
+import java.util.List;
+
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.logging.Logger;
+import org.junit.runners.model.FrameworkMethod;
+import org.junit.runners.model.InitializationError;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class KcArquillian extends Arquillian {
+
+    protected final Logger log = Logger.getLogger(this.getClass());
+
+    public static final boolean ARQUILLIAN_DEBUG = "true".equals(System.getProperty("arquillian.debug"));
+
+    public KcArquillian(Class<?> testClass) throws InitializationError
+    {
+        super(testClass);
+    }
+
+    @Override
+    protected List<FrameworkMethod> getChildren() {
+        List<FrameworkMethod> children = super.getChildren();
+
+        if (ARQUILLIAN_DEBUG) {
+            for (FrameworkMethod method : children) {
+                log.info(method.getName());
+            }
+        }
+
+        return children;
+    }
+}

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java
index fc63b22..30b0405 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java
@@ -21,6 +21,13 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import javax.ws.rs.NotFoundException;
+
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.client.KeycloakTestingClient;
+import org.keycloak.testsuite.util.TestCleanup;
+
 /**
  *
  * @author tkyjovsk
@@ -38,6 +45,17 @@ public final class TestContext {
     
     private final Map customContext = new HashMap<>();
 
+    private Keycloak adminClient;
+    private KeycloakTestingClient testingClient;
+    private List<RealmRepresentation> testRealmReps;
+
+    // Track if particular test was initialized. What exactly means "initialized" is test dependent (Eg. some user in @Before method was created, so we can set initialized to true
+    // to avoid creating user when @Before method is executed for 2nd time)
+    private boolean initialized;
+
+    // Key is realmName, value are objects to clean after the test method
+    private Map<String, TestCleanup> cleanups = new HashMap<>();
+
     public TestContext(SuiteContext suiteContext, Class testClass) {
         this.suiteContext = suiteContext;
         this.testClass = testClass;
@@ -92,6 +110,52 @@ public final class TestContext {
                 + (isAdapterTest() ? "App server container: " + getAppServerInfo() + "\n" : "");
     }
 
+    public Keycloak getAdminClient() {
+        return adminClient;
+    }
+
+    public void setAdminClient(Keycloak adminClient) {
+        this.adminClient = adminClient;
+    }
+
+    public KeycloakTestingClient getTestingClient() {
+        return testingClient;
+    }
+
+    public void setTestingClient(KeycloakTestingClient testingClient) {
+        this.testingClient = testingClient;
+    }
+
+    public List<RealmRepresentation> getTestRealmReps() {
+        return testRealmReps;
+    }
+
+    public void setTestRealmReps(List<RealmRepresentation> testRealmReps) {
+        this.testRealmReps = testRealmReps;
+    }
+
+    public boolean isInitialized() {
+        return initialized;
+    }
+
+    public void setInitialized(boolean initialized) {
+        this.initialized = initialized;
+    }
+
+    public TestCleanup getOrCreateCleanup(String realmName) {
+        TestCleanup cleanup = cleanups.get(realmName);
+        if (cleanup == null) {
+            cleanup = new TestCleanup(adminClient, realmName);
+            cleanups.put(realmName, cleanup);
+        }
+        return cleanup;
+    }
+
+    public Map<String, TestCleanup> getCleanups() {
+        return cleanups;
+    }
+
+
     public Object getCustomValue(Object key) {
         return customContext.get(key);
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java
index a89d70c..afefde3 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java
@@ -53,7 +53,7 @@ public interface TestApplicationResource {
 
     @POST
     @Path("/clear-admin-actions")
-    Response clearAdminActions();
+    void clearAdminActions();
 
     @GET
     @Produces(MediaType.TEXT_HTML)

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java
index 0c2f106..a66fce5 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java
@@ -35,12 +35,12 @@ public interface TestingExportImportResource {
     @GET
     @Path("/run-import")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response runImport();
+    void runImport();
 
     @GET
     @Path("/run-export")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response runExport();
+    void runExport();
 
     @GET
     @Path("/get-users-per-file")

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java
index 02d889f..32b05e7 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java
@@ -72,27 +72,27 @@ public interface TestingResource {
     @POST
     @Path("/clear-event-queue")
     @Produces(MediaType.APPLICATION_JSON)
-    Response clearEventQueue();
+    void clearEventQueue();
 
     @POST
     @Path("/clear-admin-event-queue")
     @Produces(MediaType.APPLICATION_JSON)
-    Response clearAdminEventQueue();
+    void clearAdminEventQueue();
 
     @GET
     @Path("/clear-event-store")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearEventStore();
+    void clearEventStore();
 
     @GET
     @Path("/clear-event-store-for-realm")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearEventStore(@QueryParam("realmId") String realmId);
+    void clearEventStore(@QueryParam("realmId") String realmId);
 
     @GET
     @Path("/clear-event-store-older-than")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
+    void clearEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
 
     /**
      * Query events
@@ -127,17 +127,17 @@ public interface TestingResource {
     @GET
     @Path("/clear-admin-event-store")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearAdminEventStore();
+    void clearAdminEventStore();
 
     @GET
     @Path("/clear-admin-event-store-for-realm")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearAdminEventStore(@QueryParam("realmId") String realmId);
+    void clearAdminEventStore(@QueryParam("realmId") String realmId);
 
     @GET
     @Path("/clear-admin-event-store-older-than")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearAdminEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
+    void clearAdminEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
 
     /**
      * Get admin events
@@ -170,17 +170,17 @@ public interface TestingResource {
     @POST
     @Path("/on-admin-event")
     @Consumes(MediaType.APPLICATION_JSON)
-    public void onAdminEvent(final AdminEventRepresentation rep, @QueryParam("includeRepresentation") boolean includeRepresentation);
+    void onAdminEvent(final AdminEventRepresentation rep, @QueryParam("includeRepresentation") boolean includeRepresentation);
 
     @POST
     @Path("/remove-user-session")
     @Produces(MediaType.APPLICATION_JSON)
-    Response removeUserSession(@QueryParam("realm") final String realm, @QueryParam("session") final String sessionId);
+    void removeUserSession(@QueryParam("realm") final String realm, @QueryParam("session") final String sessionId);
 
     @POST
     @Path("/remove-user-sessions")
     @Produces(MediaType.APPLICATION_JSON)
-    Response removeUserSessions(@QueryParam("realm") final String realm);
+    void removeUserSessions(@QueryParam("realm") final String realm);
 
     @GET
     @Path("/get-user-session")
@@ -190,7 +190,7 @@ public interface TestingResource {
     @POST
     @Path("/remove-expired")
     @Produces(MediaType.APPLICATION_JSON)
-    Response removeExpired(@QueryParam("realm") final String realm);
+    void removeExpired(@QueryParam("realm") final String realm);
 
     @Path("/cache/{cache}")
     TestingCacheResource cache(@PathParam("cache") String cacheName);

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java
new file mode 100644
index 0000000..9543373
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.util;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.http.ssl.SSLContexts;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.models.Constants;
+import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
+
+import static org.keycloak.testsuite.auth.page.AuthRealm.ADMIN;
+import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
+import static org.keycloak.testsuite.util.IOUtil.PROJECT_BUILD_DIRECTORY;
+
+
+public class AdminClientUtil {
+
+    public static Keycloak createAdminClient() throws Exception {
+        SSLContext ssl = null;
+        if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
+            File trustore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore");
+            ssl = getSSLContextWithTrustore(trustore, "secret");
+
+            System.setProperty("javax.net.ssl.trustStore", trustore.getAbsolutePath());
+        }
+
+        return Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
+                MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID, null, ssl);
+    }
+
+
+    private static SSLContext getSSLContextWithTrustore(File file, String password) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
+        if (!file.isFile()) {
+            throw new RuntimeException("Truststore file not found: " + file.getAbsolutePath());
+        }
+        SSLContext theContext = SSLContexts.custom()
+                .useProtocol("TLS")
+                .loadTrustMaterial(file, password == null ? null : password.toCharArray())
+                .build();
+        return theContext;
+    }
+
+}

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
index d7509ed..d54924b 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
@@ -54,6 +54,8 @@ import org.openqa.selenium.By;
 import org.openqa.selenium.WebDriver;
 
 import javax.ws.rs.core.UriBuilder;
+
+import java.io.Closeable;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
@@ -271,7 +273,9 @@ public class OAuthClient {
             try {
                 ByteArrayOutputStream out = new ByteArrayOutputStream();
 
-                client.execute(post).getEntity().writeTo(out);
+                CloseableHttpResponse response = client.execute(post);
+                response.getEntity().writeTo(out);
+                response.close();
 
                 return new String(out.toByteArray());
             } catch (Exception e) {
@@ -776,28 +780,32 @@ public class OAuthClient {
         private String error;
         private String errorDescription;
 
-        public AccessTokenResponse(HttpResponse response) throws Exception {
-            statusCode = response.getStatusLine().getStatusCode();
-            if (!"application/json".equals(response.getHeaders("Content-Type")[0].getValue())) {
-                Assert.fail("Invalid content type");
-            }
-
-            String s = IOUtils.toString(response.getEntity().getContent());
-            Map responseJson = JsonSerialization.readValue(s, Map.class);
-
-            if (statusCode == 200) {
-                idToken = (String)responseJson.get("id_token");
-                accessToken = (String)responseJson.get("access_token");
-                tokenType = (String)responseJson.get("token_type");
-                expiresIn = (Integer)responseJson.get("expires_in");
-                refreshExpiresIn = (Integer)responseJson.get("refresh_expires_in");
+        public AccessTokenResponse(CloseableHttpResponse response) throws Exception {
+            try {
+                statusCode = response.getStatusLine().getStatusCode();
+                if (!"application/json".equals(response.getHeaders("Content-Type")[0].getValue())) {
+                    Assert.fail("Invalid content type");
+                }
 
-                if (responseJson.containsKey(OAuth2Constants.REFRESH_TOKEN)) {
-                    refreshToken = (String)responseJson.get(OAuth2Constants.REFRESH_TOKEN);
+                String s = IOUtils.toString(response.getEntity().getContent());
+                Map responseJson = JsonSerialization.readValue(s, Map.class);
+
+                if (statusCode == 200) {
+                    idToken = (String) responseJson.get("id_token");
+                    accessToken = (String) responseJson.get("access_token");
+                    tokenType = (String) responseJson.get("token_type");
+                    expiresIn = (Integer) responseJson.get("expires_in");
+                    refreshExpiresIn = (Integer) responseJson.get("refresh_expires_in");
+
+                    if (responseJson.containsKey(OAuth2Constants.REFRESH_TOKEN)) {
+                        refreshToken = (String) responseJson.get(OAuth2Constants.REFRESH_TOKEN);
+                    }
+                } else {
+                    error = (String) responseJson.get(OAuth2Constants.ERROR);
+                    errorDescription = responseJson.containsKey(OAuth2Constants.ERROR_DESCRIPTION) ? (String) responseJson.get(OAuth2Constants.ERROR_DESCRIPTION) : null;
                 }
-            } else {
-                error = (String)responseJson.get(OAuth2Constants.ERROR);
-                errorDescription = responseJson.containsKey(OAuth2Constants.ERROR_DESCRIPTION) ? (String)responseJson.get(OAuth2Constants.ERROR_DESCRIPTION) : null;
+            } finally {
+                response.close();
             }
         }
 

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TestCleanup.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TestCleanup.java
new file mode 100644
index 0000000..17ff44a
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TestCleanup.java
@@ -0,0 +1,202 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.util;
+
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.ws.rs.NotFoundException;
+
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.resource.RealmResource;
+
+/**
+ * Enlist resources to be cleaned after test method
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class TestCleanup {
+
+    private final Keycloak adminClient;
+    private final String realmName;
+
+
+    private List<String> identityProviderAliases;
+    private List<String> userIds;
+    private List<String> componentIds;
+    private List<String> clientUuids;
+    private List<String> roleIds;
+    private List<String> groupIds;
+    private List<String> authFlowIds;
+    private List<String> authConfigIds;
+
+    public TestCleanup(Keycloak adminClient, String realmName) {
+        this.adminClient = adminClient;
+        this.realmName = realmName;
+    }
+
+
+    public void addUserId(String userId) {
+        if (userIds == null) {
+            userIds = new LinkedList<>();
+        }
+        userIds.add(userId);
+    }
+
+
+    public void addIdentityProviderAlias(String identityProviderAlias) {
+        if (identityProviderAliases == null) {
+            identityProviderAliases = new LinkedList<>();
+        }
+        identityProviderAliases.add(identityProviderAlias);
+    }
+
+
+    public void addComponentId(String componentId) {
+        if (componentIds == null) {
+            componentIds = new LinkedList<>();
+        }
+        componentIds.add(componentId);
+    }
+
+
+    public void addClientUuid(String clientUuid) {
+        if (clientUuids == null) {
+            clientUuids = new LinkedList<>();
+        }
+        clientUuids.add(clientUuid);
+    }
+
+
+    public void addRoleId(String roleId) {
+        if (roleIds == null) {
+            roleIds = new LinkedList<>();
+        }
+        roleIds.add(roleId);
+    }
+
+
+    public void addGroupId(String groupId) {
+        if (groupIds == null) {
+            groupIds = new LinkedList<>();
+        }
+        groupIds.add(groupId);
+    }
+
+
+    public void addAuthenticationFlowId(String flowId) {
+        if (authFlowIds == null) {
+            authFlowIds = new LinkedList<>();
+        }
+        authFlowIds.add(flowId);
+    }
+
+
+    public void addAuthenticationConfigId(String executionConfigId) {
+        if (authConfigIds == null) {
+            authConfigIds = new LinkedList<>();
+        }
+        authConfigIds.add(executionConfigId);
+    }
+
+
+    public void executeCleanup() {
+        RealmResource realm = adminClient.realm(realmName);
+
+        if (userIds != null) {
+            for (String userId : userIds) {
+                try {
+                    realm.users().get(userId).remove();
+                } catch (NotFoundException nfe) {
+                    // User might be already deleted in the test
+                }
+            }
+        }
+
+        if (identityProviderAliases != null) {
+            for (String idpAlias : identityProviderAliases) {
+                try {
+                    realm.identityProviders().get(idpAlias).remove();
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (componentIds != null) {
+            for (String componentId : componentIds) {
+                try {
+                    realm.components().component(componentId).remove();
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (clientUuids != null) {
+            for (String clientUuId : clientUuids) {
+                try {
+                    realm.clients().get(clientUuId).remove();
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (roleIds != null) {
+            for (String roleId : roleIds) {
+                try {
+                    realm.rolesById().deleteRole(roleId);
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (groupIds != null) {
+            for (String groupId : groupIds) {
+                try {
+                    realm.groups().group(groupId).remove();
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (authFlowIds != null) {
+            for (String flowId : authFlowIds) {
+                try {
+                    realm.flows().deleteFlow(flowId);
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (authConfigIds != null) {
+            for (String configId : authConfigIds) {
+                try {
+                    realm.flows().removeAuthenticatorConfig(configId);
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+    }
+
+}

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java
index 7fbab6a..4e6d767 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java
@@ -21,6 +21,7 @@ import org.junit.Before;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.auth.page.AuthRealm;
 import org.keycloak.testsuite.auth.page.account.Account;
 import org.keycloak.testsuite.auth.page.login.OIDCLogin;
@@ -63,6 +64,7 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest {
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation testRealmRep = new RealmRepresentation();
+        testRealmRep.setId(TEST);
         testRealmRep.setRealm(TEST);
         testRealmRep.setEnabled(true);
         testRealms.add(testRealmRep);
@@ -89,6 +91,8 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest {
 
 
     public void createTestUserWithAdminClient() {
+        ApiUtil.removeUserByUsername(testRealmResource(), "test");
+
         log.debug("creating test user");
         String id = createUserAndResetPasswordWithAdminClient(testRealmResource(), testUser, PASSWORD);
         testUser.setId(id);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
index 2d61388..136a145 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
@@ -19,19 +19,15 @@ package org.keycloak.testsuite;
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.configuration.PropertiesConfiguration;
 import org.apache.http.ssl.SSLContexts;
-import org.h2.util.IOUtils;
 import org.keycloak.common.util.KeycloakUriBuilder;
 import org.keycloak.common.util.Time;
-import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
+import org.keycloak.testsuite.arquillian.KcArquillian;
 import org.keycloak.testsuite.arquillian.TestContext;
 
 import java.io.File;
-import java.io.FileOutputStream;
 import java.io.IOException;
-import java.io.InputStream;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.URL;
 import java.security.KeyManagementException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
@@ -46,7 +42,6 @@ import javax.ws.rs.NotFoundException;
 import org.jboss.arquillian.container.test.api.RunAsClient;
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.jboss.arquillian.graphene.page.Page;
-import org.jboss.arquillian.junit.Arquillian;
 import org.jboss.arquillian.test.api.ArquillianResource;
 import org.jboss.logging.Logger;
 import org.junit.After;
@@ -73,7 +68,9 @@ import org.keycloak.testsuite.auth.page.account.Account;
 import org.keycloak.testsuite.auth.page.login.OIDCLogin;
 import org.keycloak.testsuite.auth.page.login.UpdatePassword;
 import org.keycloak.testsuite.client.KeycloakTestingClient;
+import org.keycloak.testsuite.util.AdminClientUtil;
 import org.keycloak.testsuite.util.OAuthClient;
+import org.keycloak.testsuite.util.TestCleanup;
 import org.keycloak.testsuite.util.TestEventsLogger;
 import org.openqa.selenium.WebDriver;
 
@@ -86,7 +83,7 @@ import static org.keycloak.testsuite.util.IOUtil.PROJECT_BUILD_DIRECTORY;
  *
  * @author tkyjovsk
  */
-@RunWith(Arquillian.class)
+@RunWith(KcArquillian.class)
 @RunAsClient
 public abstract class AbstractKeycloakTest {
 
@@ -136,17 +133,12 @@ public abstract class AbstractKeycloakTest {
 
     @Before
     public void beforeAbstractKeycloakTest() throws Exception {
-        SSLContext ssl = null;
-        if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
-            File trustore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore");
-            ssl = getSSLContextWithTrustore(trustore, "secret");
-
-            System.setProperty("javax.net.ssl.trustStore", trustore.getAbsolutePath());
+        adminClient = testContext.getAdminClient();
+        if (adminClient == null) {
+            adminClient = AdminClientUtil.createAdminClient();
+            testContext.setAdminClient(adminClient);
         }
 
-        adminClient = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
-                MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID, null, ssl);
-
         getTestingClient();
 
         adminUser = createAdminUserRepresentation();
@@ -161,7 +153,13 @@ public abstract class AbstractKeycloakTest {
             suiteContext.setAdminPasswordUpdated(true);
         }
 
-        importTestRealms();
+        if (testContext.getTestRealmReps() == null) {
+            importTestRealms();
+
+            if (!isImportAfterEachMethod()) {
+                testContext.setTestRealmReps(testRealmReps);
+            }
+        }
 
         oauth.init(adminClient, driver);
     }
@@ -172,8 +170,36 @@ public abstract class AbstractKeycloakTest {
             resetTimeOffset();
         }
 
-        removeTestRealms(); // Remove realms after tests. Tests should cleanup after themselves!
-        adminClient.close(); // don't keep admin connection open
+        if (isImportAfterEachMethod()) {
+            log.info("removing test realms after test method");
+            for (RealmRepresentation testRealm : testRealmReps) {
+                removeRealm(testRealm.getRealm());
+            }
+        } else {
+            // Logout all users after the test
+            List<RealmRepresentation> realms = testContext.getTestRealmReps();
+            for (RealmRepresentation realm : realms) {
+                adminClient.realm(realm.getRealm()).logoutAll();
+            }
+
+            // Cleanup objects
+            for (TestCleanup cleanup : testContext.getCleanups().values()) {
+                cleanup.executeCleanup();
+            }
+            testContext.getCleanups().clear();
+        }
+    }
+
+    protected TestCleanup getCleanup(String realmName) {
+        return testContext.getOrCreateCleanup(realmName);
+    }
+
+    protected TestCleanup getCleanup() {
+        return getCleanup("test");
+    }
+
+    protected boolean isImportAfterEachMethod() {
+        return false;
     }
 
     private void updateMasterAdminPassword() {
@@ -194,6 +220,13 @@ public abstract class AbstractKeycloakTest {
         driver.manage().deleteAllCookies();
     }
 
+    protected void deleteAllCookiesForRealm(String realmName) {
+        // masterRealmPage.navigateTo();
+        driver.navigate().to(oauth.AUTH_SERVER_ROOT + "/realms/" + realmName + "/account"); // Because IE webdriver freezes when loading a JSON page (realm page), we need to use this alternative
+        log.info("deleting cookies in '" + realmName + "' realm");
+        driver.manage().deleteAllCookies();
+    }
+
     public void setDefaultPageUriParameters() {
         masterRealmPage.setAuthRealm(MASTER);
         loginPage.setAuthRealm(MASTER);
@@ -201,11 +234,19 @@ public abstract class AbstractKeycloakTest {
 
     public KeycloakTestingClient getTestingClient() {
         if (testingClient == null) {
-            testingClient = KeycloakTestingClient.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth");
+            testingClient = testContext.getTestingClient();
+            if (testingClient == null) {
+                testingClient = KeycloakTestingClient.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth");
+                testContext.setTestingClient(testingClient);
+            }
         }
         return testingClient;
     }
 
+    public TestContext getTestContext() {
+        return testContext;
+    }
+
     public Keycloak getAdminClient() {
         return adminClient;
     }
@@ -230,13 +271,6 @@ public abstract class AbstractKeycloakTest {
         }
     }
 
-    public void removeTestRealms() {
-        log.info("removing test realms");
-        for (RealmRepresentation testRealm : testRealmReps) {
-            removeRealm(testRealm);
-        }
-    }
-
     private UserRepresentation createAdminUserRepresentation() {
         UserRepresentation adminUserRep = new UserRepresentation();
         adminUserRep.setUsername(ADMIN);
@@ -264,10 +298,6 @@ public abstract class AbstractKeycloakTest {
         } catch (NotFoundException e) {
         }
     }
-
-    public void removeRealm(RealmRepresentation realm) {
-        removeRealm(realm.getRealm());
-    }
     
     public RealmsResource realmsResouce() {
         return adminClient.realms();
@@ -360,15 +390,4 @@ public abstract class AbstractKeycloakTest {
             throw new RuntimeException(e);
         }
     }
-
-    public static SSLContext getSSLContextWithTrustore(File file, String password) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
-        if (!file.isFile()) {
-            throw new RuntimeException("Truststore file not found: " + file.getAbsolutePath());
-        }
-        SSLContext theContext = SSLContexts.custom()
-                .useProtocol("TLS")
-                .loadTrustMaterial(file, password == null ? null : password.toCharArray())
-                .build();
-        return theContext;
-    }
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java
index a2d23f7..692f149 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java
@@ -17,6 +17,7 @@
 
 package org.keycloak.testsuite;
 
+import org.junit.After;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.common.util.reflections.Reflections;
 import org.keycloak.events.Details;
@@ -71,6 +72,13 @@ public abstract class AbstractTestRealmKeycloakTest extends AbstractKeycloakTest
         configureTestRealm(testRealm);
     }
 
+
+    // Logout user after test
+    @After
+    public void deleteCookies() {
+        deleteAllCookiesForRealm("test");
+    }
+
     /**
      * This allows a subclass to change the configuration of the testRealm before
      * it is imported.  This method will be called prior to any @Before methods

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
index db5c4ed..40fd420 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
@@ -18,6 +18,7 @@ package org.keycloak.testsuite.account;
 
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.jboss.arquillian.graphene.page.Page;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
@@ -159,6 +160,10 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
     public void before() {
         oauth.state("mystate"); // keycloak enforces that a state param has been sent by client
         userId = findUser("test-user@localhost").getId();
+
+        // Revert any password policy and user password changes
+        setPasswordPolicy("");
+        ApiUtil.resetUserPassword(testRealm().users().get(userId), "password", false);
     }
 
     @Test
@@ -399,18 +404,18 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
         events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent();
 
         assertChangePasswordFails   ("password",  "password");  // current: password
-        assertChangePasswordSucceeds("password",  "password1"); // current: password
+        assertChangePasswordSucceeds("password",  "password3"); // current: password
 
-        assertChangePasswordFails   ("password1", "password");  // current: password1, history: password
-        assertChangePasswordFails   ("password1", "password1"); // current: password1, history: password
-        assertChangePasswordSucceeds("password1", "password2"); // current: password1, history: password
+        assertChangePasswordFails   ("password3", "password");  // current: password1, history: password
+        assertChangePasswordFails   ("password3", "password3"); // current: password1, history: password
+        assertChangePasswordSucceeds("password3", "password4"); // current: password1, history: password
 
-        assertChangePasswordFails   ("password2", "password");  // current: password2, history: password, password1
-        assertChangePasswordFails   ("password2", "password1"); // current: password2, history: password, password1
-        assertChangePasswordFails   ("password2", "password2"); // current: password2, history: password, password1
-        assertChangePasswordSucceeds("password2", "password3"); // current: password2, history: password, password1
+        assertChangePasswordFails   ("password4", "password");  // current: password2, history: password, password1
+        assertChangePasswordFails   ("password4", "password3"); // current: password2, history: password, password1
+        assertChangePasswordFails   ("password4", "password4"); // current: password2, history: password, password1
+        assertChangePasswordSucceeds("password4", "password5"); // current: password2, history: password, password1
 
-        assertChangePasswordSucceeds("password3", "password");  // current: password3, history: password1, password2
+        assertChangePasswordSucceeds("password5", "password");  // current: password3, history: password1, password2
     }
 
     @Test
@@ -443,10 +448,10 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
         events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent();
 
         assertChangePasswordFails   ("password",  "password");  // current: password
-        assertChangePasswordSucceeds("password",  "password1"); // current: password
+        assertChangePasswordSucceeds("password",  "password6"); // current: password
 
-        assertChangePasswordFails   ("password1", "password1"); // current: password1
-        assertChangePasswordSucceeds("password1", "password");  // current: password1
+        assertChangePasswordFails   ("password6", "password6"); // current: password1
+        assertChangePasswordSucceeds("password6", "password");  // current: password1
     }
 
     @Test
@@ -611,6 +616,9 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
         Assert.assertEquals("New first", profilePage.getFirstName());
         Assert.assertEquals("New last", profilePage.getLastName());
         Assert.assertEquals("new@email.com", profilePage.getEmail());
+
+        // Revert
+        profilePage.updateProfile("test-user@localhost", "Tom", "Brady", "test-user@localhost");
     }
 
     private void addUser(String username, String email) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java
index aa86133..b1ffef6 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java
@@ -20,9 +20,12 @@ import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.models.AuthenticationExecutionModel.Requirement;
 import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 
 import java.util.Arrays;
 
+import javax.ws.rs.core.Response;
+
 import static org.junit.Assert.assertEquals;
 import static org.keycloak.testsuite.util.OAuthClient.APP_ROOT;
 
@@ -36,7 +39,7 @@ public class CustomAuthFlowCookieTest extends AbstractCustomAccountManagementTes
     @Override
     public void beforeTest() {
         super.beforeTest();
-        
+
         ClientRepresentation testApp = new ClientRepresentation();
         testApp.setClientId("test-app");
         testApp.setEnabled(true);
@@ -44,7 +47,10 @@ public class CustomAuthFlowCookieTest extends AbstractCustomAccountManagementTes
         testApp.setRedirectUris(Arrays.asList(new String[]{APP_ROOT + "/*"}));
         testApp.setAdminUrl(APP_ROOT + "/logout");
         testApp.setSecret("password");
-        assertEquals(201, testRealmResource().clients().create(testApp).getStatus());
+        Response response = testRealmResource().clients().create(testApp);
+        assertEquals(201, response.getStatus());
+        getCleanup().addClientUuid(ApiUtil.getCreatedId(response));
+        response.close();
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java
index e492672..4f192e6 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java
@@ -20,15 +20,18 @@ import org.jboss.arquillian.graphene.page.Page;
 import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.models.AuthenticationExecutionModel.Requirement;
+import org.keycloak.models.utils.DefaultAuthenticationFlows;
 import org.keycloak.models.utils.TimeBasedOTP;
 import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
 import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.admin.Users;
 import org.keycloak.testsuite.auth.page.login.OneTimeCode;
 import org.keycloak.testsuite.pages.LoginConfigTotpPage;
 
+import javax.ws.rs.NotFoundException;
 import javax.ws.rs.core.Response;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -101,6 +104,10 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
 
     @Test
     public void requireOTPTest() {
+        //update realm browser flow
+        RealmRepresentation realm = testRealmResource().toRepresentation();
+        realm.setBrowserFlow("browser");
+        testRealmResource().update(realm);
 
         updateRequirement("browser", "auth-otp-form", Requirement.REQUIRED);
         testRealmAccountManagementPage.navigateTo();
@@ -225,10 +232,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         setConditionalOTPForm(config);
 
         //create role
-        RoleRepresentation role = new RoleRepresentation("otp_role", "", false);
-        testRealmResource().roles().create(role);
-        //obtain id
-        role = testRealmResource().roles().get("otp_role").toRepresentation();
+        RoleRepresentation role = getOrCreateOTPRole();
+
         //add role to user
         List<RoleRepresentation> realmRoles = new ArrayList<>();
         realmRoles.add(role);
@@ -250,10 +255,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         setConditionalOTPForm(config);
 
         //create role
-        RoleRepresentation role = new RoleRepresentation("otp_role", "", false);
-        testRealmResource().roles().create(role);
-        //obtain id
-        role = testRealmResource().roles().get("otp_role").toRepresentation();
+        RoleRepresentation role = getOrCreateOTPRole();
+
         //add role to user
         List<RoleRepresentation> realmRoles = new ArrayList<>();
         realmRoles.add(role);
@@ -273,6 +276,17 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         assertCurrentUrlStartsWith(testLoginOneTimeCodePage);
     }
 
+    private RoleRepresentation getOrCreateOTPRole() {
+        try {
+            return testRealmResource().roles().get("otp_role").toRepresentation();
+        } catch (NotFoundException ex) {
+            RoleRepresentation role = new RoleRepresentation("otp_role", "", false);
+            testRealmResource().roles().create(role);
+            //obtain id
+            return testRealmResource().roles().get("otp_role").toRepresentation();
+        }
+    }
+
     @Test
     public void conditionalOTPRequestHeaderSkip() {
         //prepare config - request header skip, default to force
@@ -313,6 +327,19 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
     }
 
     private void setConditionalOTPForm(Map<String, String> config) {
+        List<AuthenticationFlowRepresentation> authFlows = getAuthMgmtResource().getFlows();
+        for (AuthenticationFlowRepresentation flow : authFlows) {
+            if ("ConditionalOTPFlow".equals(flow.getAlias())) {
+                //update realm browser flow
+                RealmRepresentation realm = testRealmResource().toRepresentation();
+                realm.setBrowserFlow(DefaultAuthenticationFlows.BROWSER_FLOW);
+                testRealmResource().update(realm);
+
+                getAuthMgmtResource().deleteFlow(flow.getId());
+                break;
+            }
+        }
+
         String flowAlias = "ConditionalOTPFlow";
         String provider = "auth-conditional-otp-form";
         
@@ -335,7 +362,7 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         
         //set username-password requirement to required
         updateRequirement(flowAlias, "auth-username-password-form", Requirement.REQUIRED);
-        
+
         //add execution - conditional OTP
         data.clear();
         data.put("provider", provider);
@@ -360,6 +387,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         //add auth config to the execution
         response = getAuthMgmtResource().newExecutionConfig(executionId, authConfig);
         assertEquals("new execution success", 201, response.getStatus());
+        getCleanup().addAuthenticationConfigId(ApiUtil.getCreatedId(response));
         response.close();
     }
+
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
index 63a2315..95274c6 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
@@ -191,6 +191,13 @@ public class ProfileTest extends AbstractTestRealmKeycloakTest {
         assertEquals("newemail@localhost", profile.getEmail());
         assertEquals("NewFirst", profile.getFirstName());
         assertEquals("NewLast", profile.getLastName());
+
+        // Revert
+        user.setFirstName("First");
+        user.setLastName("Last");
+        user.setEmail("test-user@localhost");
+        doUpdateProfile(token, null, JsonSerialization.writeValueAsString(user));
+        assertEquals(200, response.getStatusLine().getStatusCode());
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java
index 9b03ccc..59d277c 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java
@@ -22,6 +22,7 @@ import org.junit.Test;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.auth.page.AuthRealm;
 import org.keycloak.testsuite.auth.page.account.AccountManagement;
 import org.keycloak.testsuite.auth.page.login.OIDCLogin;
@@ -53,13 +54,10 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
     @Page
     private VerifyEmail testRealmVerifyEmailPage;
 
-    private UserRepresentation user;
-
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
         log.info("enable verify email and configure smtp server to run with ssl in test realm");
 
-        user = RealmRepUtil.findUser(testRealm, "test-user@localhost");
         testRealm.setSmtpServer(SslMailServer.getServerConfiguration());
         testRealm.setVerifyEmail(true);
     }
@@ -82,6 +80,8 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
 
     @Test
     public void verifyEmailWithSslEnabled() {
+        UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost");
+
         SslMailServer.startWithSsl(this.getClass().getClassLoader().getResource(SslMailServer.PRIVATE_KEY).getFile());
         accountManagement.navigateTo();
         testRealmLoginPage.form().login(user.getUsername(), "password");
@@ -98,15 +98,17 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
 
         assertCurrentUrlStartsWith(accountManagement);
         accountManagement.signOut();
-        testRealmLoginPage.form().login(user);
+        testRealmLoginPage.form().login(user.getUsername(), "password");
         assertCurrentUrlStartsWith(accountManagement);
     }
 
     @Test
     public void verifyEmailWithSslWrongCertificate() {
+        UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost");
+
         SslMailServer.startWithSsl(this.getClass().getClassLoader().getResource(SslMailServer.INVALID_KEY).getFile());
         accountManagement.navigateTo();
-        loginPage.form().login(user);
+        loginPage.form().login(user.getUsername(), "password");
 
         assertEquals("Failed to send email, please try again later.\n" +
                         "« Back to Application",

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
index 16223e7..539267f 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
@@ -27,8 +27,10 @@ import org.keycloak.events.Errors;
 import org.keycloak.events.EventType;
 import org.keycloak.representations.idm.EventRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -38,11 +40,13 @@ import org.keycloak.testsuite.pages.RegisterPage;
 import org.keycloak.testsuite.pages.VerifyEmailPage;
 import org.keycloak.testsuite.util.GreenMailRule;
 import org.keycloak.testsuite.util.MailUtils;
+import org.keycloak.testsuite.util.UserBuilder;
 
 import javax.mail.MessagingException;
 import javax.mail.Multipart;
 import javax.mail.internet.MimeMessage;
 import java.io.IOException;
+import java.util.Collections;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
@@ -85,6 +89,13 @@ public class RequiredActionEmailVerificationTest extends AbstractTestRealmKeyclo
     @Before
     public void before() {
         oauth.state("mystate"); // have to set this as keycloak validates that state is sent
+
+
+        ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost");
+        UserRepresentation user = UserBuilder.create().enabled(true)
+                .username("test-user@localhost")
+                .email("test-user@localhost").build();
+        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
index f3d0904..f613087 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
@@ -17,6 +17,7 @@
 package org.keycloak.testsuite.actions;
 
 import org.jboss.arquillian.graphene.page.Page;
+import org.jboss.arquillian.junit.InSequence;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
@@ -32,8 +33,10 @@ import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentatio
 import org.keycloak.representations.idm.EventRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AccountTotpPage;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
@@ -42,7 +45,9 @@ import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.pages.LoginTotpPage;
 import org.keycloak.testsuite.pages.RegisterPage;
 import org.keycloak.testsuite.util.RealmBuilder;
+import org.keycloak.testsuite.util.UserBuilder;
 
+import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -75,6 +80,15 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
                 adminClient.realm("test").flows().updateExecutions("browser", execution);
             }
         }
+
+        ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost");
+        UserRepresentation user = UserBuilder.create().enabled(true)
+                .username("test-user@localhost")
+                .email("test-user@localhost")
+                .firstName("Tom")
+                .lastName("Brady")
+                .requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build();
+        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
     }
 
 
@@ -266,6 +280,12 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
         Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
 
         events.expectLogin().assertEvent();
+
+        // Revert
+        realmRep = adminClient.realm("test").toRepresentation();
+        RealmBuilder.edit(realmRep)
+                .otpDigits(6);
+        adminClient.realm("test").update(realmRep);
     }
 
     @Test
@@ -334,6 +354,18 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
         Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
 
         events.expectLogin().assertEvent();
+
+        // Revert
+        realmRep = adminClient.realm("test").toRepresentation();
+        RealmBuilder.edit(realmRep)
+                .otpLookAheadWindow(1)
+                .otpDigits(6)
+                .otpPeriod(30)
+                .otpType(UserCredentialModel.TOTP)
+                .otpAlgorithm(HmacOTP.HMAC_SHA1)
+                .otpInitialCounter(0);
+        adminClient.realm("test").update(realmRep);
+
     }
 
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
index 7113ce3..80ee0fe 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
@@ -18,6 +18,7 @@ package org.keycloak.testsuite.actions;
 
 import org.jboss.arquillian.graphene.page.Page;
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.events.Details;
@@ -27,10 +28,12 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.pages.LoginUpdateProfileEditUsernameAllowedPage;
+import org.keycloak.testsuite.util.UserBuilder;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -55,6 +58,27 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe
         ActionUtil.addRequiredActionForUser(testRealm, "john-doh@localhost", UserModel.RequiredAction.UPDATE_PROFILE.name());
     }
 
+    @Before
+    public void beforeTest() {
+        ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost");
+        UserRepresentation user = UserBuilder.create().enabled(true)
+                .username("test-user@localhost")
+                .email("test-user@localhost")
+                .firstName("Tom")
+                .lastName("Brady")
+                .requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build();
+        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
+
+        ApiUtil.removeUserByUsername(testRealm(), "john-doh@localhost");
+        user = UserBuilder.create().enabled(true)
+                .username("john-doh@localhost")
+                .email("john-doh@localhost")
+                .firstName("John")
+                .lastName("Doh")
+                .requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build();
+        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
+    }
+
     @Test
     public void updateProfile() {
         loginPage.open();
@@ -112,6 +136,7 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe
         Assert.assertEquals("New last", user.getLastName());
         Assert.assertEquals("john-doh@localhost", user.getEmail());
         Assert.assertEquals("new", user.getUsername());
+        getCleanup().addUserId(user.getId());
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
index 8eebf8f..f1edf4a 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
@@ -79,6 +79,12 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
         }
     }
 
+    // TODO: Fix to not require re-import
+    @Override
+    protected boolean isImportAfterEachMethod() {
+        return true;
+    }
+
     private void modifyClientJWKSUrl(RealmRepresentation realm, String regex, String replacement) {
         if (realm.getClients() != null) {
             realm.getClients().stream().

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java
index 85c6a5e..275a078 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java
@@ -30,7 +30,6 @@ import org.keycloak.OAuth2Constants;
 import org.keycloak.admin.client.resource.ClientResource;
 import org.keycloak.common.Version;
 import org.keycloak.common.util.Time;
-import org.keycloak.common.util.UriUtils;
 import org.keycloak.constants.AdapterConstants;
 import org.keycloak.events.Details;
 import org.keycloak.events.EventType;
@@ -51,6 +50,7 @@ import org.keycloak.testsuite.auth.page.login.OAuthGrant;
 import org.keycloak.testsuite.console.page.events.Config;
 import org.keycloak.testsuite.console.page.events.LoginEvents;
 import org.keycloak.testsuite.util.*;
+import org.keycloak.testsuite.util.URLUtils;
 import org.keycloak.util.BasicAuthHelper;
 
 import org.openqa.selenium.By;
@@ -79,6 +79,7 @@ import javax.ws.rs.core.Response.Status;
 import static org.hamcrest.Matchers.*;
 import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO;
 import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlEquals;
+import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
 import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf;
 import static org.keycloak.testsuite.util.WaitUtils.*;
 
@@ -372,7 +373,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
         Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
 
         RealmRepresentation demoRealmRep = testRealmResource().toRepresentation();
-        int originalIdle = demoRealmRep.getSsoSessionMaxLifespan();
+        int originalMax = demoRealmRep.getSsoSessionMaxLifespan();
         demoRealmRep.setSsoSessionMaxLifespan(1);
         testRealmResource().update(demoRealmRep);
 
@@ -380,7 +381,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
         productPortal.navigateTo();
         assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
 
-        demoRealmRep.setSsoSessionIdleTimeout(originalIdle);
+        demoRealmRep.setSsoSessionMaxLifespan(originalMax);
         testRealmResource().update(demoRealmRep);
 
         String logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder())
@@ -660,6 +661,11 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
                 .assertEvent();
 
         assertEvents.assertEmpty();
+
+        // Revert consent
+        client = clientResource.toRepresentation();
+        client.setConsentRequired(false);
+        clientResource.update(client);
     }
 
     @Test
@@ -701,6 +707,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
 
 
         driver.navigate().to(testRealmPage.getOIDCLogoutUrl() + "?redirect_uri=" + customerPortal);
+        assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
 
         assertEvents.expectLogout(null)
                 .realm(realm.getId())

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java
index fc6bd67..c31b9c5 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java
@@ -19,7 +19,6 @@ package org.keycloak.testsuite.adapter.servlet;
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
 import javax.ws.rs.core.Response;
@@ -100,8 +99,6 @@ public abstract class AbstractOIDCPublicKeyRotationAdapterTest extends AbstractS
     }
 
 
-
-
     @Before
     public void beforeRotationAdapterTest() {
         // Delete all cookies from token-min-ttl page to be sure we are logged out

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java
index 25ba365..ca4c5c2 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java
@@ -27,9 +27,4 @@ import org.junit.Ignore;
  */
 @AppServerContainer("auth-server-undertow")
 public class UndertowDemoFilterServletAdapterTest extends AbstractDemoFilterServletAdapterTest {
-    @Ignore
-    @Override
-    public void testAuthenticatedWithCustomSessionConfig() {
-        // Undertow deployment ignores session cookie settings in web.xml, see org.keycloak.testsuite.arquillian.undertow.SimpleWebXmlParser class
-    }
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java
index 01456d4..7d466a6 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java
@@ -17,7 +17,6 @@
 
 package org.keycloak.testsuite.admin;
 
-import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
 import org.keycloak.admin.client.resource.RealmResource;
@@ -25,6 +24,7 @@ import org.keycloak.events.log.JBossLoggingEventListenerProviderFactory;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
 import org.keycloak.testsuite.events.EventsListenerProviderFactory;
+import org.keycloak.testsuite.util.TestCleanup;
 import org.keycloak.testsuite.util.AssertAdminEvents;
 import org.keycloak.util.JsonSerialization;
 
@@ -55,11 +55,14 @@ public abstract class AbstractAdminTest extends AbstractTestRealmKeycloakTest {
         findTestApp(testRealm).setDirectAccessGrantsEnabled(true);
     }
 
+
+
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         super.addTestRealms(testRealms);
 
         RealmRepresentation adminRealmRep = new RealmRepresentation();
+        adminRealmRep.setId(REALM_NAME);
         adminRealmRep.setRealm(REALM_NAME);
         adminRealmRep.setEnabled(true);
         Map<String, String> config = new HashMap<>();
@@ -82,14 +85,9 @@ public abstract class AbstractAdminTest extends AbstractTestRealmKeycloakTest {
         realmId = realm.toRepresentation().getId();
     }
 
-    // old testsuite expects this realm to be removed at the end of the test
-    @After
-    public void after() {
-        for (RealmRepresentation r : adminClient.realms().findAll()) {
-            if (r.getRealm().equals(REALM_NAME)) {
-                removeRealm(r);
-            }
-        }
+    @Override
+    protected TestCleanup getCleanup() {
+        return getCleanup(REALM_NAME);
     }
 
     // Taken from Keycloak class in old testsuite.

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java
index bf366cf..cc47020 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java
@@ -35,7 +35,6 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import javax.ws.rs.core.Response.StatusType;
 import java.net.URI;
-import java.security.PublicKey;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -174,6 +173,13 @@ public class ApiUtil {
         userResource.roles().realmLevel().add(roleRepresentations);
     }
 
+    public static void removeUserByUsername(RealmResource realmResource, String username) {
+        UserRepresentation user = findUserByUsername(realmResource, username);
+        if (user != null) {
+            realmResource.users().delete(user.getId());
+        }
+    }
+
     public static void assignClientRoles(RealmResource realm, String userId, String clientName, String... roles) {
         String realmName = realm.toRepresentation().getRealm();
         String clientId = "";

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java
index 540a5dc..383be49 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java
@@ -30,6 +30,7 @@ import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
 import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.util.AdminEventPaths;
 import org.keycloak.testsuite.util.AssertAdminEvents;
 import org.keycloak.testsuite.util.RealmBuilder;
@@ -196,6 +197,8 @@ public abstract class AbstractAuthenticationTest extends AbstractKeycloakTest {
         Response response = authMgmtResource.createFlow(flowRep);
         org.keycloak.testsuite.Assert.assertEquals(201, response.getStatus());
         response.close();
+        String flowId = ApiUtil.getCreatedId(response);
+        getCleanup().addAuthenticationFlowId(flowId);
         assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authFlowsPath()), flowRep, ResourceType.AUTH_FLOW);
     }
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java
index 990175d..a728c8e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java
@@ -24,7 +24,9 @@ import org.keycloak.events.admin.OperationType;
 import org.keycloak.events.admin.ResourceType;
 import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation;
 import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.util.AdminEventPaths;
+import org.keycloak.testsuite.util.AssertAdminEvents;
 
 import javax.ws.rs.BadRequestException;
 import javax.ws.rs.NotFoundException;
@@ -45,15 +47,16 @@ public class FlowTest extends AbstractAuthenticationTest {
     // KEYCLOAK-3681: Delete top flow doesn't delete all subflows
     @Test
     public void testRemoveSubflows() {
-        authMgmtResource.createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
+        createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
         addFlowToParent("Foo", "child");
         addFlowToParent("child", "grandchild");
         
         List<AuthenticationFlowRepresentation> flows = authMgmtResource.getFlows();
         AuthenticationFlowRepresentation found = findFlowByAlias("Foo", flows);
         authMgmtResource.deleteFlow(found.getId());
-        
-        authMgmtResource.createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
+        assertAdminEvents.clear();
+
+        createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
         addFlowToParent("Foo", "child");
         
         // Under the old code, this would throw an error because "grandchild"

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java
index c247009..244323b 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java
@@ -36,7 +36,6 @@ import org.keycloak.testsuite.util.RealmBuilder;
 
 import javax.ws.rs.core.Response;
 import java.util.List;
-import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
 
 /**
  *
@@ -50,11 +49,10 @@ public abstract class AbstractClientTest extends AbstractAuthTest {
     @Override
     public void setDefaultPageUriParameters() {
         super.setDefaultPageUriParameters();
-        testRealmPage.setAuthRealm(MASTER);
-        testRealmLoginPage.setAuthRealm(testRealmPage);
-        testRealmAccountPage.setAuthRealm(testRealmPage);
+        testRealmPage.setAuthRealm("test");
+        accountPage.setAuthRealm("test");
     }    
-    
+
     @Before
     public void setupAdminEvents() {
         RealmRepresentation realm = testRealmResource().toRepresentation();
@@ -75,7 +73,7 @@ public abstract class AbstractClientTest extends AbstractAuthTest {
     }
 
     protected String getRealmId() {
-        return MASTER;
+        return "test";
     }
 
     // returns UserRepresentation retrieved from server, with all fields, including id

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java
index 2922a3e..4b2168f 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java
@@ -17,20 +17,16 @@
 
 package org.keycloak.testsuite.admin.client.authorization;
 
-import static com.sun.corba.se.impl.oa.poa.Policies.defaultPolicies;
 import static org.junit.Assert.assertEquals;
 
-import java.util.List;
 
+import org.junit.After;
+import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.AuthorizationResource;
 import org.keycloak.admin.client.resource.ClientResource;
-import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
 import org.keycloak.representations.idm.ClientRepresentation;
-import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
-import org.keycloak.representations.idm.authorization.PolicyRepresentation;
-import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
 import org.keycloak.util.JsonSerialization;
 
@@ -40,6 +36,27 @@ import org.keycloak.util.JsonSerialization;
  */
 public class ImportAuthorizationSettingsTest extends AbstractAuthorizationTest {
 
+    @Before
+    public void createRole() {
+        ClientResource clientResource = getClientResource();
+
+        RoleRepresentation role = new RoleRepresentation();
+        role.setName("admin");
+        clientResource.roles().create(role);
+    }
+
+    @After
+    public void onAfterAuthzTests() {
+        ClientResource clientResource = getClientResource();
+
+        // Needed to disable authz first. TODO: Looks like a bug. Check later...
+        ClientRepresentation client = clientResource.toRepresentation();
+        client.setAuthorizationServicesEnabled(false);
+        clientResource.update(client);
+
+        getClientResource().remove();
+    }
+
     @Test
     public void testImportUnorderedSettings() throws Exception {
         ClientResource clientResource = getClientResource();

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java
index a33b2a1..eb3d2df 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java
@@ -75,7 +75,7 @@ public class InstallationTest extends AbstractClientTest {
     }
 
     private String samlUrl() {
-        return authServerUrl() + "/realms/master/protocol/saml";
+        return authServerUrl() + "/realms/test/protocol/saml";
     }
 
     @Test
@@ -111,7 +111,7 @@ public class InstallationTest extends AbstractClientTest {
     }
 
     private void assertOidcInstallationConfig(String config) {
-        assertThat(config, containsString("master"));
+        assertThat(config, containsString("test"));
         assertThat(config, not(containsString(ApiUtil.findActiveKey(testRealmResource()).getPublicKey())));
         assertThat(config, containsString(authServerUrl()));
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java
index e25533f..6d99297 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java
@@ -38,7 +38,7 @@ import static org.junit.Assert.assertNotNull;
  * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
  */
 public class SessionTest extends AbstractClientTest {
-    private static boolean testUserCreated = false;
+
 
     @Page
     protected AccountManagement testRealmAccountManagementPage;
@@ -46,13 +46,18 @@ public class SessionTest extends AbstractClientTest {
     @Before
     public void init() {
         // make user test user exists in test realm
-        if (!testUserCreated) {
-            createTestUserWithAdminClient();
+        createTestUserWithAdminClient();
+        getCleanup().addUserId(testUser.getId());
+
+        assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId()), ResourceType.USER);
+        assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId()), ResourceType.USER);
+    }
 
-            assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId()), ResourceType.USER);
-            assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId()), ResourceType.USER);
-        }
-        testUserCreated = true;
+    @Override
+    public void setDefaultPageUriParameters() {
+        super.setDefaultPageUriParameters();
+        testRealmAccountManagementPage.setAuthRealm(getRealmId());
+        loginPage.setAuthRealm(getRealmId());
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
index 3589291..6405d8c 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
@@ -81,6 +81,7 @@ public class ClientTest extends AbstractAdminTest {
         Response response = realm.clients().create(rep);
         response.close();
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(id);
 
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), rep, ResourceType.CLIENT);
 
@@ -212,6 +213,8 @@ public class ClientTest extends AbstractAdminTest {
     public void serviceAccount() {
         Response response = realm.clients().create(ClientBuilder.create().clientId("serviceClient").serviceAccount().build());
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(id);
+        response.close();
         UserRepresentation userRep = realm.clients().get(id).getServiceAccountUser();
         assertEquals("service-account-serviceclient", userRep.getUsername());
     }
@@ -237,7 +240,10 @@ public class ClientTest extends AbstractAdminTest {
                 .redirectUris("http://localhost/auth", "http://localhost/auth*")
                 .build();
         Response response = realm.clients().create(client);
-        ClientResource clientResource = realm.clients().get(ApiUtil.getCreatedId(response));
+        String clientUuid = ApiUtil.getCreatedId(response);
+        ClientResource clientResource = realm.clients().get(clientUuid);
+        getCleanup().addClientUuid(clientUuid);
+        response.close();
 
         client = clientResource.toRepresentation();
         client.setRootUrl("http://localhost/base#someFragment");
@@ -291,6 +297,7 @@ public class ClientTest extends AbstractAdminTest {
 
         Response response = realm.clients().create(client);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(id);
         response.close();
 
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), client, ResourceType.CLIENT);
@@ -378,6 +385,7 @@ public class ClientTest extends AbstractAdminTest {
     public void scopes() {
         Response response = realm.clients().create(ClientBuilder.create().clientId("client").fullScopeEnabled(false).build());
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(id);
         response.close();
 
         assertAdminEvents.poll();

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java
index 16a6ff3..4634bfb 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java
@@ -49,7 +49,7 @@ public class ComponentsTest extends AbstractAdminTest {
 
     @Test
     public void testNotDeadlocked() {
-        for (int i = 0; i < 100; i++) {
+        for (int i = 0; i < 50; i++) {
             ComponentRepresentation rep = createComponentRepresentation("test-" + i);
             rep.getConfig().putSingle("required", "required-value");
             createComponent(rep);
@@ -263,6 +263,7 @@ public class ComponentsTest extends AbstractAdminTest {
         ComponentsResource components = realm.components();
         Response response = components.add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
         response.close();
         return id;
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java
index 157a98d..583ec1b 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java
@@ -268,12 +268,13 @@ public class ConcurrencyTest extends AbstractAdminTest {
             Thread thread = new Thread() {
                 @Override
                 public void run() {
+                    Keycloak keycloak = null;
                     try {
                         if (lock != null) {
                             lock.lock();
                         }
 
-                        Keycloak keycloak = Keycloak.getInstance(getAuthServerRoot().toString(), "master", "admin", "admin", org.keycloak.models.Constants.ADMIN_CLI_CLIENT_ID);
+                        keycloak = Keycloak.getInstance(getAuthServerRoot().toString(), "master", "admin", "admin", org.keycloak.models.Constants.ADMIN_CLI_CLIENT_ID);
                         RealmResource realm = keycloak.realm(REALM_NAME);
                         for (int i = 0; i < numIterationsPerThread && latch.getCount() > 0; i++) {
                             log.infov("thread {0}, iteration {1}", threadNum, i);
@@ -286,6 +287,7 @@ public class ConcurrencyTest extends AbstractAdminTest {
                             latch.countDown();
                         }
                     } finally {
+                        keycloak.close();
                         if (lock != null) {
                             lock.unlock();
                         }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java
index 100e452..557177b 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java
@@ -17,36 +17,26 @@
 
 package org.keycloak.testsuite.admin;
 
-import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.admin.client.Keycloak;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.common.util.Time;
 import org.keycloak.models.AdminRoles;
 import org.keycloak.models.Constants;
-import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.services.resources.admin.RealmAuth.Resource;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
 import org.keycloak.testsuite.util.ClientBuilder;
-import org.keycloak.testsuite.util.CredentialBuilder;
-import org.keycloak.testsuite.util.GreenMailRule;
 import org.keycloak.testsuite.util.RealmBuilder;
 import org.keycloak.testsuite.util.UserBuilder;
 
 import javax.ws.rs.ClientErrorException;
 import javax.ws.rs.core.Response;
-import java.lang.reflect.Method;
-import java.util.Arrays;
-import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.atomic.AtomicReference;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
 import static org.junit.Assert.fail;
 
 /**
@@ -60,8 +50,6 @@ public class CrossRealmPermissionsTest extends AbstractKeycloakTest {
     private RealmResource realm1;
     private RealmResource realm2;
 
-    @Rule public GreenMailRule greenMailRule = new GreenMailRule();
-
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmBuilder builder = RealmBuilder.create().name(REALM_NAME).testMail();

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java
index 9cb3c32..414151c 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java
@@ -17,9 +17,11 @@
 package org.keycloak.testsuite.admin.event;
 
 import org.junit.Before;
+import org.junit.Rule;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
 import org.keycloak.testsuite.AbstractAuthTest;
+import org.keycloak.testsuite.util.TestCleanup;
 
 import java.util.Collections;
 import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
@@ -32,14 +34,6 @@ public abstract class AbstractEventTest extends AbstractAuthTest {
 
     protected RealmEventsConfigRepresentation configRep;
 
-    @Override
-    public void setDefaultPageUriParameters() {
-        super.setDefaultPageUriParameters();
-        testRealmPage.setAuthRealm(MASTER);
-        testRealmLoginPage.setAuthRealm(testRealmPage);
-        testRealmAccountPage.setAuthRealm(testRealmPage);
-    }
-
     @Before
     public void setConfigRep() {
         RealmResource testRsc = testRealmResource();
@@ -51,6 +45,12 @@ public abstract class AbstractEventTest extends AbstractAuthTest {
         saveConfig();
     }
 
+    @Override
+    public void setDefaultPageUriParameters() {
+        testRealmPage.setAuthRealm("test");
+        accountPage.setAuthRealm("test");
+    }
+
     protected void saveConfig() {
         RealmResource testRsc = testRealmResource();
         testRsc.updateRealmEventsConfig(configRep);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java
index 96e2920..ce23308 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java
@@ -59,7 +59,9 @@ public class AdminEventTest extends AbstractEventTest {
 
     private String createUser(String username) {
         UserRepresentation user = createUserRepresentation(username, username + "@foo.com", "foo", "bar", true);
-        return ApiUtil.createUserWithAdminClient(testRealmResource(), user);
+        String userId = ApiUtil.createUserWithAdminClient(testRealmResource(), user);
+        getCleanup().addUserId(userId);
+        return userId;
     }
 
     private void updateRealm() {
@@ -90,7 +92,7 @@ public class AdminEventTest extends AbstractEventTest {
         assertNull(event.getError());
 
         AuthDetailsRepresentation details = event.getAuthDetails();
-        assertEquals(realmName(), details.getRealmId());
+        assertEquals("master", details.getRealmId());
         assertNotNull(details.getClientId());
         assertNotNull(details.getUserId());
         assertNotNull(details.getIpAddress());
@@ -106,7 +108,7 @@ public class AdminEventTest extends AbstractEventTest {
         assertEquals("CREATE", event.getOperationType());
 
         assertEquals(realmName(), event.getRealmId());
-        assertEquals(realmName(), event.getAuthDetails().getRealmId());
+        assertEquals("master", event.getAuthDetails().getRealmId());
         assertNull(event.getRepresentation());
     }
 
@@ -130,7 +132,7 @@ public class AdminEventTest extends AbstractEventTest {
         updateRealm();
         assertEquals(3, events().size());
 
-        List<AdminEventRepresentation> events = testRealmResource().getAdminEvents(Arrays.asList("CREATE"), realmName(), null, null, null, null, null, null, null, null);
+        List<AdminEventRepresentation> events = testRealmResource().getAdminEvents(Arrays.asList("CREATE"), null, null, null, null, null, null, null, null, null);
         assertEquals(2, events.size());
     }
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java
index dc0d787..e356227 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java
@@ -60,7 +60,7 @@ public class LoginEventsTest extends AbstractEventTest {
     }
 
     private void badLogin() {
-        loginEventsPage.navigateTo();
+        accountPage.navigateTo();
         loginPage.form().login("bad", "user");
     }
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java
index 79908d8..b7274ec 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java
@@ -142,6 +142,7 @@ public class GroupTest extends AbstractGroupTest {
     private GroupRepresentation createGroup(RealmResource realm, GroupRepresentation group) {
         Response response = realm.groups().add(group);
         String groupId = ApiUtil.getCreatedId(response);
+        getCleanup().addGroupId(groupId);
         response.close();
 
         assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupPath(groupId), group, ResourceType.GROUP);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
index 2fbb5a3..5d93d39 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
@@ -207,6 +207,8 @@ public class IdentityProviderTest extends AbstractAdminTest {
         Assert.assertNotNull(ApiUtil.getCreatedId(response));
         response.close();
 
+        getCleanup().addIdentityProviderAlias(idpRep.getAlias());
+
         String secret = idpRep.getConfig() != null ? idpRep.getConfig().get("clientSecret") : null;
         idpRep = StripSecretsUtils.strip(idpRep);
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java
index 26b1b16..72421cc 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java
@@ -18,6 +18,7 @@
 package org.keycloak.testsuite.admin;
 
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.Config;
@@ -63,11 +64,6 @@ public class ImpersonationTest extends AbstractKeycloakTest {
     private String impersonatedUserId;
 
     @Override
-    public void beforeAbstractKeycloakTest() throws Exception {
-        super.beforeAbstractKeycloakTest();
-    }
-
-    @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmBuilder realm = RealmBuilder.create().name("test").testEventListener();
 
@@ -85,10 +81,15 @@ public class ImpersonationTest extends AbstractKeycloakTest {
     
     @BeforeClass
     public static void enabled() {
-        Assume.assumeFalse("impersonation".equals(System.getProperty("feature.name")) 
+        Assume.assumeFalse("impersonation".equals(System.getProperty("feature.name"))
                 && "disabled".equals(System.getProperty("feature.value")));
     }
 
+    @Before
+    public void beforeTest() {
+        impersonatedUserId = ApiUtil.findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId();
+    }
+
     @Test
     public void testImpersonateByMasterAdmin() {
         // test that composite is set up right for impersonation role

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
index ce2863b..d821179 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
@@ -18,6 +18,8 @@
 package org.keycloak.testsuite.admin;
 
 import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput;
+import org.junit.AfterClass;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.admin.client.Keycloak;
@@ -55,12 +57,14 @@ import org.keycloak.services.resources.admin.RealmAuth.Resource;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.Assert;
 import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
+import org.keycloak.testsuite.util.AdminClientUtil;
 import org.keycloak.testsuite.util.ClientBuilder;
 import org.keycloak.testsuite.util.CredentialBuilder;
 import org.keycloak.testsuite.util.FederatedIdentityBuilder;
 import org.keycloak.testsuite.util.GreenMailRule;
 import org.keycloak.testsuite.util.IdentityProviderBuilder;
 import org.keycloak.testsuite.util.RealmBuilder;
+import org.keycloak.testsuite.util.TestCleanup;
 import org.keycloak.testsuite.util.UserBuilder;
 
 import javax.ws.rs.ClientErrorException;
@@ -100,17 +104,11 @@ public class PermissionsTest extends AbstractKeycloakTest {
                 .username(AdminRoles.REALM_ADMIN)
                 .role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN)
                 .addPassword("password"));
-        clients.put(AdminRoles.REALM_ADMIN,
-                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, AdminRoles.REALM_ADMIN, "password", "test-client",
-                        "secret"));
 
         builder.user(UserBuilder.create().username("none").addPassword("password"));
-        clients.put("none",
-                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, "none", "password", "test-client", "secret"));
 
         for (String role : AdminRoles.ALL_REALM_ROLES) {
             builder.user(UserBuilder.create().username(role).role(Constants.REALM_MANAGEMENT_CLIENT_ID, role).addPassword("password"));
-            clients.put(role, Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, role, "password", "test-client"));
         }
         testRealms.add(builder.build());
 
@@ -118,40 +116,88 @@ public class PermissionsTest extends AbstractKeycloakTest {
         builder2.client(ClientBuilder.create().clientId("test-client").publicClient().directAccessGrants());
         builder2.user(UserBuilder.create().username("admin").role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN).addPassword("password"));
         testRealms.add(builder2.build());
-
-        clients.put("REALM2", Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "realm2", "admin", "password", "test-client"));
     }
 
-    @Override
-    public void beforeAbstractKeycloakTest() throws Exception {
-        super.beforeAbstractKeycloakTest();
 
-        clients.put("master-admin", adminClient);
+    @Before
+    public void beforeClazz() {
+        if (testContext.isInitialized()) {
+            return;
+        }
 
-        RealmResource master = adminClient.realm("master");
+        createTestUsers();
 
-        {
-            Response response = master.users().create(UserBuilder.create().username("permissions-test-master-none").build());
-            String userId = ApiUtil.getCreatedId(response);
-            response.close();
+        testContext.setInitialized(true);
+    }
 
-            master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
+    private void createTestUsers() {
+        RealmResource master = adminClient.realm("master");
 
-            clients.put("master-none",
-                    Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-none", "password",
-                            Constants.ADMIN_CLI_CLIENT_ID));
-        }
+        Response response = master.users().create(UserBuilder.create().username("permissions-test-master-none").build());
+        String userId = ApiUtil.getCreatedId(response);
+        response.close();
+        master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
 
         for (String role : AdminRoles.ALL_REALM_ROLES) {
-            Response response = master.users().create(UserBuilder.create().username("permissions-test-master-" + role).build());
-            String userId = ApiUtil.getCreatedId(response);
+            response = master.users().create(UserBuilder.create().username("permissions-test-master-" + role).build());
+            userId = ApiUtil.getCreatedId(response);
             response.close();
 
             master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
             String clientId = master.clients().findByClientId(REALM_NAME + "-realm").get(0).getId();
             RoleRepresentation roleRep = master.clients().get(clientId).roles().get(role).toRepresentation();
             master.users().get(userId).roles().clientLevel(clientId).add(Collections.singletonList(roleRep));
+        }
+    }
+
+    @AfterClass
+    public static void removeTestUsers() throws Exception {
+        Keycloak adminClient = AdminClientUtil.createAdminClient();
+        try {
+            for (UserRepresentation u : adminClient.realm("master").users().search("permissions-test-master-", 0, 100)) {
+                adminClient.realm("master").users().get(u.getId()).remove();
+            }
+        } finally {
+            adminClient.close();
+        }
+    }
+
+    private void recreatePermissionRealm() throws Exception {
+        RealmRepresentation permissionRealm = testContext.getTestRealmReps().stream().filter(realm -> {
+            return realm.getRealm().equals(REALM_NAME);
+        }).findFirst().get();
+        adminClient.realms().create(permissionRealm);
+
+        removeTestUsers();
+        createTestUsers();
+    }
+
 
+    @Override
+    public void beforeAbstractKeycloakTest() throws Exception {
+        super.beforeAbstractKeycloakTest();
+
+        clients.put(AdminRoles.REALM_ADMIN,
+                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, AdminRoles.REALM_ADMIN, "password", "test-client",
+                        "secret"));
+
+        clients.put("none",
+                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, "none", "password", "test-client", "secret"));
+
+        for (String role : AdminRoles.ALL_REALM_ROLES) {
+            clients.put(role, Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, role, "password", "test-client"));
+        }
+
+        clients.put("REALM2", Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "realm2", "admin", "password", "test-client"));
+
+        clients.put("master-admin", adminClient);
+
+        clients.put("master-none",
+                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-none", "password",
+                        Constants.ADMIN_CLI_CLIENT_ID));
+
+
+        for (String role : AdminRoles.ALL_REALM_ROLES) {
             clients.put("master-" + role,
                     Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-" + role, "password",
                             Constants.ADMIN_CLI_CLIENT_ID));
@@ -160,15 +206,22 @@ public class PermissionsTest extends AbstractKeycloakTest {
 
     @Override
     public void afterAbstractKeycloakTest() {
-        for (UserRepresentation u : adminClient.realm("master").users().search("permissions-test-master-", 0, 100)) {
-            adminClient.realm("master").users().get(u.getId()).remove();
-        }
+        // Don't close the "main" adminClient, but all others yes
+        clients.entrySet().stream().filter(entry -> {
 
-        super.afterAbstractKeycloakTest();
+            return !entry.getKey().equals("master-admin");
+
+        }).forEach(consumer -> {
+
+            consumer.getValue().close();
+
+        });
+
+        clients.clear();
     }
 
     @Test
-    public void realms() {
+    public void realms() throws Exception {
         // Check returned realms
         invoke(new Invocation() {
             public void invoke(RealmResource realm) {
@@ -312,6 +365,9 @@ public class PermissionsTest extends AbstractKeycloakTest {
                 clients.get(AdminRoles.REALM_ADMIN).realms().realm(REALM_NAME).remove();
             }
         }, adminClient, true);
+
+        // Revert realm removal
+        recreatePermissionRealm();
     }
 
     @Test
@@ -959,7 +1015,7 @@ public class PermissionsTest extends AbstractKeycloakTest {
     }
 
     @Test
-    public void flows() {
+    public void flows() throws Exception {
         invoke(new Invocation() {
             public void invoke(RealmResource realm) {
                 realm.flows().getFormProviders();
@@ -1113,6 +1169,11 @@ public class PermissionsTest extends AbstractKeycloakTest {
                 realm.flows().updateAuthenticatorConfig("nosuch", new AuthenticatorConfigRepresentation());
             }
         }, Resource.REALM, true);
+
+        // Re-create realm
+        adminClient.realm(REALM_NAME).remove();
+
+        recreatePermissionRealm();
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java
index bf9c794..4fa09df 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java
@@ -65,6 +65,8 @@ public class RealmRolesTest extends AbstractAdminTest {
         ClientRepresentation clientRep = ClientBuilder.create().clientId("client-a").build();
         Response response = adminClient.realm(REALM_NAME).clients().create(clientRep);
         clientUuid = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(clientUuid);
+        response.close();
 
         RoleRepresentation roleC = RoleBuilder.create().name("role-c").description("Role C").build();
         adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().create(roleC);
@@ -77,6 +79,10 @@ public class RealmRolesTest extends AbstractAdminTest {
             ids.put(r.getName(), r.getId());
         }
 
+        getCleanup().addRoleId(ids.get("role-a"));
+        getCleanup().addRoleId(ids.get("role-b"));
+        getCleanup().addRoleId(ids.get("role-c"));
+
         resource = adminClient.realm(REALM_NAME).roles();
 
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-a"), roleA, ResourceType.REALM_ROLE);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
index db10d02..e5c1287 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
@@ -202,6 +202,17 @@ public class RealmTest extends AbstractAdminTest {
         realm.remove();
 
         Assert.assertNames(adminClient.realms().findAll(), "master", AuthRealm.TEST);
+
+        // Re-create realm
+        reCreateRealm();
+    }
+
+    private void reCreateRealm() {
+        // Re-create realm
+        RealmRepresentation realmRep = testContext.getTestRealmReps().stream().filter((RealmRepresentation realm) -> {
+            return realm.getRealm().equals(REALM_NAME);
+        }).findFirst().get();
+        adminClient.realms().create(realmRep);
     }
 
     @Test
@@ -210,6 +221,8 @@ public class RealmTest extends AbstractAdminTest {
 
         ServerInfoResource serverInfoResource = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID).serverInfo();
         serverInfoResource.getInfo();
+
+        reCreateRealm();
     }
 
     /**
@@ -608,6 +621,7 @@ public class RealmTest extends AbstractAdminTest {
         client.setSecret("secret");
         Response resp = realm.clients().create(client);
         String clientDbId = ApiUtil.getCreatedId(resp);
+        getCleanup().addClientUuid(clientDbId);
         resp.close();
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientDbId), client, ResourceType.CLIENT);
 
@@ -618,6 +632,7 @@ public class RealmTest extends AbstractAdminTest {
         Response response = realm.users().create(userRep);
         String userId = ApiUtil.getCreatedId(response);
         response.close();
+        getCleanup().addUserId(userId);
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), userRep, ResourceType.USER);
 
         realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java
index 77c4ea7..ee4326a 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java
@@ -59,6 +59,8 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
 
         Response response = adminClient.realm(REALM_NAME).clients().create(ClientBuilder.create().clientId("client-a").build());
         clientUuid = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(clientUuid);
+        response.close();
         adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().create(RoleBuilder.create().name("role-c").description("Role C").build());
 
         for (RoleRepresentation r : adminClient.realm(REALM_NAME).roles().list()) {
@@ -69,6 +71,10 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
             ids.put(r.getName(), r.getId());
         }
 
+        getCleanup().addRoleId(ids.get("role-a"));
+        getCleanup().addRoleId(ids.get("role-b"));
+        getCleanup().addRoleId(ids.get("role-c"));
+
         resource = adminClient.realm(REALM_NAME).rolesById();
 
         assertAdminEvents.clear(); // Tested in RealmRolesTest already

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java
index e443191..6a75b33 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java
@@ -21,7 +21,9 @@ import org.hamcrest.Matchers;
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.jboss.arquillian.graphene.page.Page;
 import org.jboss.arquillian.test.api.ArquillianResource;
+import org.junit.After;
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.IdentityProviderResource;
@@ -60,6 +62,7 @@ import org.openqa.selenium.WebDriver;
 import javax.mail.MessagingException;
 import javax.mail.internet.MimeMessage;
 import javax.ws.rs.ClientErrorException;
+import javax.ws.rs.NotFoundException;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import java.io.IOException;
@@ -118,6 +121,9 @@ public class UserTest extends AbstractAdminTest {
         response.close();
 
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(createdId), userRep, ResourceType.USER);
+
+        getCleanup().addUserId(createdId);
+
         return createdId;
     }
 
@@ -280,7 +286,7 @@ public class UserTest extends AbstractAdminTest {
     @Test
     public void delete() {
         String userId = createUser();
-        Response response = realm.users().delete( userId );
+        Response response = realm.users().delete(userId);
         assertEquals(204, response.getStatus());
         response.close();
         assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userResourcePath(userId), ResourceType.USER);
@@ -288,7 +294,7 @@ public class UserTest extends AbstractAdminTest {
 
     @Test
     public void deleteNonExistent() {
-        Response response = realm.users().delete( "does-not-exist" );
+        Response response = realm.users().delete("does-not-exist");
         assertEquals(404, response.getStatus());
         response.close();
         assertAdminEvents.assertEmpty();
@@ -671,7 +677,7 @@ public class UserTest extends AbstractAdminTest {
 
     @Test
     public void updateUserWithNewUsername() {
-        switchEditUsernameAllowedOn();
+        switchEditUsernameAllowedOn(true);
         String id = createUser();
 
         UserResource user = realm.users().get(id);
@@ -681,13 +687,14 @@ public class UserTest extends AbstractAdminTest {
 
         userRep = realm.users().get(id).toRepresentation();
         assertEquals("user11", userRep.getUsername());
+
+        // Revert
+        switchEditUsernameAllowedOn(false);
     }
 
     @Test
     public void updateUserWithoutUsername() {
-
-
-        switchEditUsernameAllowedOn();
+        switchEditUsernameAllowedOn(true);
 
         String id = createUser();
 
@@ -711,6 +718,9 @@ public class UserTest extends AbstractAdminTest {
         assertEquals("user1@localhost", rep.getEmail());
         assertEquals("Firstname", rep.getFirstName());
         assertEquals("Lastname", rep.getLastName());
+
+        // Revert
+        switchEditUsernameAllowedOn(false);
     }
 
     @Test
@@ -728,7 +738,7 @@ public class UserTest extends AbstractAdminTest {
 
     @Test
     public void updateUserWithNewUsernameAccessingViaOldUsername() {
-        switchEditUsernameAllowedOn();
+        switchEditUsernameAllowedOn(true);
         createUser();
 
         try {
@@ -741,13 +751,15 @@ public class UserTest extends AbstractAdminTest {
             fail("Expected failure");
         } catch (ClientErrorException e) {
             assertEquals(404, e.getResponse().getStatus());
+        } finally {
+            switchEditUsernameAllowedOn(false);
         }
     }
 
     @Test
     public void updateUserWithExistingUsername() {
-        switchEditUsernameAllowedOn();
-        enableBruteForce();
+        switchEditUsernameAllowedOn(true);
+        enableBruteForce(true);
         createUser();
 
         UserRepresentation userRep = new UserRepresentation();
@@ -767,6 +779,9 @@ public class UserTest extends AbstractAdminTest {
             // TODO adminEvents: Event queue should be empty, but it's not because of bug in UsersResource.updateUser, which sends event earlier than transaction commit.
             // assertAdminEvents.assertEmpty();
             assertAdminEvents.poll();
+        } finally {
+            enableBruteForce(false);
+            switchEditUsernameAllowedOn(false);
         }
     }
 
@@ -927,16 +942,16 @@ public class UserTest extends AbstractAdminTest {
         assertEquals(111, users.search("test", 0, 1000).size());
     }
 
-    private void switchEditUsernameAllowedOn() {
+    private void switchEditUsernameAllowedOn(boolean enable) {
         RealmRepresentation rep = realm.toRepresentation();
-        rep.setEditUsernameAllowed(true);
+        rep.setEditUsernameAllowed(enable);
         realm.update(rep);
         assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
     }
 
-    private void enableBruteForce() {
+    private void enableBruteForce(boolean enable) {
         RealmRepresentation rep = realm.toRepresentation();
-        rep.setBruteForceProtected(true);
+        rep.setBruteForceProtected(enable);
         realm.update(rep);
         assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java
index d9a0291..4445de9 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java
@@ -64,7 +64,7 @@ public class AssertEvents implements TestRule {
             @Override
             public void evaluate() throws Throwable {
                 // TODO: Ideally clear the queue just before testClass rather then before each method
-                context.getTestingClient().testing().clearEventQueue();
+                clear();
                 base.evaluate();
                 // TODO Test should fail if there are leftover events
             }
@@ -84,12 +84,7 @@ public class AssertEvents implements TestRule {
     }
 
     public void clear() {
-        Response res = context.testingClient.testing().clearEventQueue();
-        try {
-            Assert.assertEquals("clear-event-queue success", res.getStatus(), 200);
-        } finally {
-            res.close();
-        }
+        context.getTestingClient().testing().clearEventQueue();
     }
 
     public ExpectedEvent expectRequiredAction(EventType event) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java
index f9e50e5..eabc7d1 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java
@@ -20,10 +20,14 @@ package org.keycloak.testsuite.broker;
 import java.util.List;
 
 import org.jboss.arquillian.graphene.page.Page;
+import org.junit.After;
+import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.Assert;
 import org.keycloak.testsuite.Retry;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AccountPasswordPage;
 import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -82,6 +86,22 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
     }
 
 
+    @After
+    public void cleanupUsers() {
+        RealmResource providerRealm = adminClient.realm(bc.providerRealmName());
+        UserRepresentation userRep = ApiUtil.findUserByUsername(providerRealm, bc.getUserLogin());
+        if (userRep != null) {
+            providerRealm.users().get(userRep.getId()).remove();
+        }
+
+        RealmResource childRealm = adminClient.realm(bc.consumerRealmName());
+        userRep = ApiUtil.findUserByUsername(childRealm, bc.getUserLogin());
+        if (userRep != null) {
+            childRealm.users().get(userRep.getId()).remove();
+        }
+    }
+
+
     protected void logInAsUserInIDP() {
         driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java
index f6e575f..8129243 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java
@@ -1,5 +1,6 @@
 package org.keycloak.testsuite.broker;
 
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -13,6 +14,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.Assert;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.ConsentPage;
 import org.keycloak.testsuite.util.*;
 
@@ -39,7 +41,7 @@ import static org.keycloak.testsuite.broker.BrokerTestTools.*;
 public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
 
     @Before
-    public void createUser() {
+    public void beforeBrokerTest() {
         log.debug("creating user for realm " + bc.providerRealmName());
 
         UserRepresentation user = new UserRepresentation();
@@ -52,18 +54,16 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
         userId = createUserWithAdminClient(realmResource, user);
 
         resetUserPassword(realmResource.users().get(userId), bc.getUserPassword(), false);
-    }
 
-    @Before
-    public void addIdentityProviderToProviderRealm() {
-        log.debug("adding identity provider to realm " + bc.consumerRealmName());
+        if (testContext.isInitialized()) {
+            return;
+        }
 
+        log.debug("adding identity provider to realm " + bc.consumerRealmName());
         RealmResource realm = adminClient.realm(bc.consumerRealmName());
         realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
-    }
 
-    @Before
-    public void addClients() {
+        // addClients
         List<ClientRepresentation> clients = bc.createProviderClients(suiteContext);
         if (clients != null) {
             RealmResource providerRealm = adminClient.realm(bc.providerRealmName());
@@ -83,6 +83,8 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
                 consumerRealm.clients().create(client);
             }
         }
+
+        testContext.setInitialized(true);
     }
 
 
@@ -302,6 +304,13 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
         consentPage.cancel();
 
         waitForPage(driver, "log in to");
+
+        // Revert consentRequired
+        adminClient.realm(bc.providerRealmName())
+                .clients()
+                .get(client.getId())
+                .update(ClientBuilder.edit(client).consentRequired(false).build());
+
     }
 
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java
index 2e15ad1..045aeb9 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java
@@ -49,12 +49,13 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker
 
         RealmResource realm = adminClient.realm(bc.consumerRealmName());
         final IdentityProviderRepresentation idp = bc.setUpIdentityProvider(suiteContext);
-        realm.identityProviders().create(idp);
+        Response resp = realm.identityProviders().create(idp);
+        resp.close();
 
         IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
         for (IdentityProviderMapperRepresentation mapper : createIdentityProviderMappers()) {
             mapper.setIdentityProviderAlias(bc.getIDPAlias());
-            Response resp = idpResource.addMapper(mapper);
+            resp = idpResource.addMapper(mapper);
             resp.close();
         }
     }
@@ -67,7 +68,8 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker
             for (ClientRepresentation client : clients) {
                 log.debug("adding client " + client.getName() + " to realm " + bc.providerRealmName());
 
-                providerRealm.clients().create(client);
+                Response resp = providerRealm.clients().create(client);
+                resp.close();
             }
         }
 
@@ -77,7 +79,8 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker
             for (ClientRepresentation client : clients) {
                 log.debug("adding client " + client.getName() + " to realm " + bc.consumerRealmName());
 
-                consumerRealm.clients().create(client);
+                Response resp = consumerRealm.clients().create(client);
+                resp.close();
             }
         }
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java
index 7e796cd..f08b4bf 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java
@@ -75,46 +75,40 @@ public class AccountLinkTest extends AbstractKeycloakTest {
     }
 
     @Before
-    public void addIdpUser() {
-        RealmResource realm = adminClient.realms().realm(PARENT_IDP);
+    public void beforeBrokerTest() {
+        if (testContext.isInitialized()) {
+            return;
+        }
+
+        // addIdpUser
+        RealmResource realmParent = adminClient.realms().realm(PARENT_IDP);
         UserRepresentation user = new UserRepresentation();
         user.setUsername(PARENT_USERNAME);
         user.setEnabled(true);
-        String userId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
-
-    }
+        String userId = createUserAndResetPasswordWithAdminClient(realmParent, user, "password");
 
-    @Before
-    public void addChildUser() {
-        RealmResource realm = adminClient.realms().realm(CHILD_IDP);
-        UserRepresentation user = new UserRepresentation();
+        // addChildUser
+        RealmResource realmChild = adminClient.realms().realm(CHILD_IDP);
+        user = new UserRepresentation();
         user.setUsername("child");
         user.setEnabled(true);
-        String userId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
-
-    }
+        userId = createUserAndResetPasswordWithAdminClient(realmChild, user, "password");
 
-    @Before
-    public void setupUserStorageProvider() {
+        // setupUserStorageProvider
         ComponentRepresentation provider = new ComponentRepresentation();
         provider.setName("passthrough");
         provider.setProviderId(PassThroughFederatedUserStorageProviderFactory.PROVIDER_ID);
         provider.setProviderType(UserStorageProvider.class.getName());
         provider.setConfig(new MultivaluedHashMap<>());
         provider.getConfig().putSingle("priority", Integer.toString(1));
+        realmChild.components().add(provider);
 
-        RealmResource realm = adminClient.realms().realm(CHILD_IDP);
-        realm.components().add(provider);
-
-
-
+        // createBroker
+        createParentChild();
 
+        testContext.setInitialized(true);
     }
 
-    @Before
-    public void createBroker() {
-        createParentChild();
-    }
 
     public void createParentChild() {
         BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java
index e7d8d44..566d288 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java
@@ -78,7 +78,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
         log.debug("adding identity provider to realm " + bc.consumerRealmName());
 
         RealmResource realm = adminClient.realm(bc.consumerRealmName());
-        realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
+        Response resp = realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
+        resp.close();
     }
 
 
@@ -90,7 +91,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
             for (ClientRepresentation client : clients) {
                 log.debug("adding client " + client.getName() + " to realm " + bc.providerRealmName());
 
-                providerRealm.clients().create(client);
+                Response resp = providerRealm.clients().create(client);
+                resp.close();
             }
         }
 
@@ -100,7 +102,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
             for (ClientRepresentation client : clients) {
                 log.debug("adding client " + client.getName() + " to realm " + bc.consumerRealmName());
 
-                consumerRealm.clients().create(client);
+                Response resp = consumerRealm.clients().create(client);
+                resp.close();
             }
         }
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java
index f2f8c6d..b678a23 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java
@@ -108,9 +108,9 @@ public abstract class AbstractClientRegistrationTest extends AbstractKeycloakTes
         return response;
     }
 
-    public ClientRepresentation getClient(String clientId) {
+    public ClientRepresentation getClient(String clientUuid) {
         try {
-            return adminClient.realm(REALM_NAME).clients().get(clientId).toRepresentation();
+            return adminClient.realm(REALM_NAME).clients().get(clientUuid).toRepresentation();
         } catch (NotFoundException e) {
             return null;
         }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java
index b2b2eb4..22d4731 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java
@@ -24,6 +24,7 @@ import org.keycloak.client.registration.HttpErrorException;
 import org.keycloak.common.enums.SslRequired;
 import org.keycloak.representations.adapters.config.AdapterConfig;
 import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
@@ -51,6 +52,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
         client.setRootUrl("http://root");
         client = createClient(client);
         client.setSecret("RegistrationAccessTokenTestClientSecret");
+        getCleanup().addClientUuid(client.getId());
 
         client2 = new ClientRepresentation();
         client2.setEnabled(true);
@@ -60,6 +62,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
         client2.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessToken");
         client2.setRootUrl("http://root");
         client2 = createClient(client2);
+        getCleanup().addClientUuid(client2.getId());
 
         clientPublic = new ClientRepresentation();
         clientPublic.setEnabled(true);
@@ -68,6 +71,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
         clientPublic.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessTokenPublic");
         clientPublic.setRootUrl("http://root");
         clientPublic = createClient(clientPublic);
+        getCleanup().addClientUuid(clientPublic.getId());
     }
 
     @Test
@@ -80,7 +84,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
 
     @Test
     public void getConfig() throws ClientRegistrationException {
-        reg.auth(Auth.client(client.getClientId(), client.getSecret()));
+        reg.auth(Auth.client(client.getClientId(), "RegistrationAccessTokenTestClientSecret"));
 
         AdapterConfig config = reg.getAdapterConfig(client.getClientId());
         assertNotNull(config);
@@ -89,7 +93,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
         assertEquals("test", config.getRealm());
 
         assertEquals(1, config.getCredentials().size());
-        assertEquals(client.getSecret(), config.getCredentials().get("secret"));
+        assertEquals("RegistrationAccessTokenTestClientSecret", config.getCredentials().get("secret"));
 
         assertEquals(client.getClientId(), config.getResource());
         assertEquals(SslRequired.EXTERNAL.name().toLowerCase(), config.getSslRequired());

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java
index 1c80d51..c47e6c8 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java
@@ -47,7 +47,7 @@ public class ClientRedirectTest extends AbstractTestRealmKeycloakTest {
      *
      * @throws Exception
      */
-    //@Test
+    @Test
     public void testClientRedirectEndpoint() throws Exception {
         oauth.doLogin("test-user@localhost", "password");
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java
index a48158c..b59d883 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java
@@ -23,6 +23,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
 
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.RealmResource;
@@ -80,12 +81,16 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         testRealms.get(0).setPublicKey(PUBLIC_KEY);
     }
 
-    @Before
-    public void before() throws Exception {
-        super.before();
-//
-//        ClientInitialAccessPresentation token = adminClient.realm(REALM_NAME).clientInitialAccess().create(new ClientInitialAccessCreatePresentation(0, 10));
-//        reg.auth(Auth.token(token));
+    @After
+    public void after() throws Exception {
+        super.after();
+
+        // Default setup of trustedHostPolicy
+        ComponentRepresentation trustedHostPolicy = findPolicyByProviderAndAuth(TrustedHostClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
+        trustedHostPolicy.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.HOST_SENDING_REGISTRATION_REQUEST_MUST_MATCH, "true");
+        trustedHostPolicy.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.CLIENT_URIS_MUST_MATCH, "true");
+        trustedHostPolicy.getConfig().put(TrustedHostClientRegistrationPolicyFactory.TRUSTED_HOSTS, Collections.emptyList());
+        realmResource().components().component(trustedHostPolicy.getId()).update(trustedHostPolicy);
     }
 
     private RealmResource realmResource() {
@@ -175,7 +180,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         assertOidcFail(ClientRegOp.CREATE, client, 403, "Host not trusted");
 
         // Should still fail (bad redirect_uri)
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
         assertOidcFail(ClientRegOp.CREATE, client, 403, "URL doesn't match");
 
         // Should still fail (bad base_uri)
@@ -194,7 +199,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testAnonUpdateWithTrustedHost() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
         OIDCClientRepresentation client = create();
 
         // Fail update client
@@ -235,7 +240,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testAnonConsentRequired() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
         OIDCClientRepresentation client = create();
 
         // Assert new client has consent required
@@ -255,7 +260,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testAnonFullScopeAllowed() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
         OIDCClientRepresentation client = create();
 
         // Assert new client has fullScopeAllowed disabled
@@ -275,7 +280,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testClientDisabledPolicy() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Assert new client is enabled
         OIDCClientRepresentation client = create();
@@ -290,7 +295,9 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         rep.setProviderId(ClientDisabledClientRegistrationPolicyFactory.PROVIDER_ID);
         rep.setProviderType(ClientRegistrationPolicy.class.getName());
         rep.setSubType(getPolicyAnon());
-        realmResource().components().add(rep).close();
+        Response response = realmResource().components().add(rep);
+        String policyId = ApiUtil.getCreatedId(response);
+        response.close();
 
         // Assert new client is disabled
         client = create();
@@ -305,12 +312,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         // Try update disabled client. Should pass
         clientRep.setEnabled(false);
         reg.update(clientRep);
+
+        // Revert
+        realmResource().components().component(policyId).remove();
     }
 
 
     @Test
     public void testMaxClientsPolicy() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         int clientsCount = realmResource().clients().findAll().size();
         int newClientsLimit = clientsCount + 1;
@@ -325,6 +335,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
         // I can't register more clients
         assertOidcFail(ClientRegOp.CREATE, createRepOidc(), 403, "It's allowed to have max " + newClientsLimit + " clients per realm");
+
+        // Revert
+        maxClientsPolicyRep.getConfig().putSingle(MaxClientsClientRegistrationPolicyFactory.MAX_CLIENTS, String.valueOf(10000));
+        realmResource().components().component(maxClientsPolicyRep.getId()).update(maxClientsPolicyRep);
     }
 
 
@@ -355,11 +369,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         // Add some clientTemplates
         ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation();
         clientTemplate.setName("foo");
-        realmResource().clientTemplates().create(clientTemplate);
+        Response response = realmResource().clientTemplates().create(clientTemplate);
+        String fooTemplateId = ApiUtil.getCreatedId(response);
+        response.close();
 
         clientTemplate = new ClientTemplateRepresentation();
         clientTemplate.setName("bar");
-        realmResource().clientTemplates().create(clientTemplate);
+        response = realmResource().clientTemplates().create(clientTemplate);
+        String barTemplateId = ApiUtil.getCreatedId(response);
+        response.close();
 
         // send request again and test that clientTemplate provider contains added client templates
         reps = realmResource().clientRegistrationPolicy().getProviders();
@@ -371,6 +389,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
         clientTemplates = getProviderConfigProperty(clientTemplateRep, ClientTemplatesClientRegistrationPolicyFactory.ALLOWED_CLIENT_TEMPLATES);
         Assert.assertNames(clientTemplates, "foo", "bar");
+
+        // Revert client templates
+        realmResource().clientTemplates().get(fooTemplateId).remove();
+        realmResource().clientTemplates().get(barTemplateId).remove();
     }
 
     private List<String> getProviderConfigProperty(ComponentTypeRepresentation provider, String expectedConfigPropName) {
@@ -394,12 +416,14 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testClientTemplatesPolicy() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Add some clientTemplate through Admin REST
         ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation();
         clientTemplate.setName("foo");
-        realmResource().clientTemplates().create(clientTemplate);
+        Response response = realmResource().clientTemplates().create(clientTemplate);
+        String clientTemplateId = ApiUtil.getCreatedId(response);
+        response.close();
 
         // I can't register new client with this template
         ClientRepresentation clientRep = createRep("test-app");
@@ -422,17 +446,23 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
         // Now the update via clientRegistration is permitted too as template was already set
         reg.update(registeredClient);
+
+        // Revert client template
+        realmResource().clients().get(client.getId()).remove();
+        realmResource().clientTemplates().get(clientTemplateId).remove();
     }
 
 
     @Test
     public void testClientTemplatesPolicyWithPermittedTemplate() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Add some clientTemplate through Admin REST
         ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation();
         clientTemplate.setName("foo");
-        realmResource().clientTemplates().create(clientTemplate);
+        Response response = realmResource().clientTemplates().create(clientTemplate);
+        String clientTemplateId = ApiUtil.getCreatedId(response);
+        response.close();
 
         // I can't register new client with this template
         ClientRepresentation clientRep = createRep("test-app");
@@ -447,6 +477,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         // Check that I can register client now
         ClientRepresentation registeredClient = reg.create(clientRep);
         Assert.assertNotNull(registeredClient.getRegistrationAccessToken());
+
+        // Revert client template
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
+        realmResource().clientTemplates().get(clientTemplateId).remove();
     }
 
 
@@ -454,7 +488,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testProtocolMappersCreate() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Try to add client with some "hardcoded role" mapper. Should fail
         ClientRepresentation clientRep = createRep("test-app");
@@ -480,6 +514,11 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         clientRep.setProtocolMappers(Collections.singletonList(createHardcodedMapperRep()));
         reg.auth(null);
         assertFail(ClientRegOp.CREATE, clientRep, 403, "ProtocolMapper type not allowed");
+
+        // Revert policy change
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
+        protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
+        realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
     }
 
 
@@ -497,7 +536,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testProtocolMappersUpdate() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Check I can add client with allowed protocolMappers
         ProtocolMapperRepresentation protocolMapper = new ProtocolMapperRepresentation();
@@ -526,12 +565,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
         // Check I can update client now
         reg.update(registeredClient);
+
+        // Revert client
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
     }
 
 
     @Test
     public void testProtocolMappersConsentRequired() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Register client and assert it has builtin protocol mappers
         ClientRepresentation clientRep = createRep("test-app");
@@ -555,12 +597,17 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
             return protocolMapper.getProtocolMapper().equals(UserPropertyMapper.PROVIDER_ID);
         }).count();
         Assert.assertEquals(0, usernamePropMappersCount);
+
+        // Revert
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
+        protocolMapperPolicyRep.getConfig().getList(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES).add(UserPropertyMapper.PROVIDER_ID);
+        realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
     }
 
 
     @Test
     public void testProtocolMappersRemoveBuiltins() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Change policy to allow hardcoded mapper
 
@@ -577,6 +624,11 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         ProtocolMapperRepresentation hardcodedMapper = registeredClient.getProtocolMappers().get(0);
         Assert.assertTrue(hardcodedMapper.isConsentRequired());
         Assert.assertEquals("Hardcoded foo role", hardcodedMapper.getConsentText());
+
+        // Revert
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
+        protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
+        realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
     }
 
     // HELPER METHODS
@@ -601,8 +653,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         return null;
     }
 
-    private void setTrustedHost(String hostname, String policyType) {
-        List<ComponentRepresentation> reps = realmResource().components().query(REALM_NAME, getPolicyAnon());
+    private void setTrustedHost(String hostname) {
         ComponentRepresentation trustedHostRep = findPolicyByProviderAndAuth(TrustedHostClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
         trustedHostRep.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.TRUSTED_HOSTS, hostname);
         realmResource().components().component(trustedHostRep.getId()).update(trustedHostRep);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
index 5d1f4ae..08cfb7e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
@@ -52,6 +52,9 @@ public class ClientRegistrationTest extends AbstractClientRegistrationTest {
         client = adminClient.realm(REALM_NAME).clients().get(createdClient.getId()).toRepresentation();
         assertEquals(CLIENT_ID, client.getClientId());
 
+        // Remove this client after test
+        getCleanup().addClientUuid(createdClient.getId());
+
         return client;
     }
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java
index 74432a8..8ce0632 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java
@@ -31,6 +31,7 @@ import javax.ws.rs.core.UriBuilder;
 import org.apache.http.HttpResponse;
 import org.apache.http.NameValuePair;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.DefaultHttpClient;
@@ -369,12 +370,12 @@ public class OIDCJwksClientRegistrationTest extends AbstractClientRegistrationTe
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
 
-    private HttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
+    private CloseableHttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
         CloseableHttpClient client = new DefaultHttpClient();
         try {
             HttpPost post = new HttpPost(requestUrl);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java
index 1e48290..3eb0d7e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java
@@ -48,6 +48,7 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest 
         c.setRootUrl("http://root");
 
         client = createClient(c);
+        getCleanup().addClientUuid(client.getId());
 
         c = new ClientRepresentation();
         c.setEnabled(true);
@@ -55,7 +56,8 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest 
         c.setSecret("RegistrationAccessTokenTestClientSecret");
         c.setRootUrl("http://root");
 
-        createClient(c);
+        c = createClient(c);
+        getCleanup().addClientUuid(c.getId());
 
         reg.auth(Auth.token(client.getRegistrationAccessToken()));
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
index 4cf3904..9c97d26 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
@@ -155,27 +155,17 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
     }
 
     @Before
-    public void addScopeMappings() {
+    public void before() {
+        if (testContext.isInitialized()) {
+            return;
+        }
+
+        // addScopeMappings
         addRealmLevelScopeMapping("REALM_COMPOSITE_1_APPLICATION", "REALM_COMPOSITE_1");
         addRealmLevelScopeMapping("REALM_ROLE_1_APPLICATION", "REALM_ROLE_1");
         addClientLevelScopeMapping("APP_COMPOSITE_APPLICATION", "APP_ROLE_APPLICATION", "APP_ROLE_2");
-    }
-
-    private void addRealmLevelScopeMapping(String clientId, String roleName) {
-        ClientResource client = ApiUtil.findClientByClientId(testRealm(), clientId);
-        RoleRepresentation role = testRealm().roles().get(roleName).toRepresentation();
-        client.getScopeMappings().realmLevel().add(Collections.singletonList(role));
-    }
-
-    private void addClientLevelScopeMapping(String targetClientId, String sourceClientId, String roleName) {
-        ClientResource targetClient = ApiUtil.findClientByClientId(testRealm(), targetClientId);
-        ClientResource sourceClient = ApiUtil.findClientByClientId(testRealm(), sourceClientId);
-        RoleRepresentation role = sourceClient.roles().get(roleName).toRepresentation();
-        targetClient.getScopeMappings().clientLevel(sourceClient.toRepresentation().getId()).add(Collections.singletonList(role));
-    }
 
-    @Before
-    public void createRealmAppCompositeRole() {
+        // createRealmAppCompositeRole
         ClientResource appRoleApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
         RoleResource appRole1 = appRoleApplication.roles().get("APP_ROLE_1");
 
@@ -185,37 +175,46 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
         testRealm().roles().create(realmAppCompositeRole.build());
         String id = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation().getId();
         testRealm().rolesById().addComposites(id, Collections.singletonList(appRole1.toRepresentation()));
-    }
 
-    @Before
-    public void addRealmAppCompositeToUsers() {
+        // addRealmAppCompositeToUsers
         UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "REALM_APP_COMPOSITE_USER");
-        RoleRepresentation realmAppCompositeRole = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
-        userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRole));
-    }
+        RoleRepresentation realmAppCompositeRolee = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
+        userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRolee));
 
-    @Before
-    public void addRealmAppCompositeToUser2() {
-        UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "APP_COMPOSITE_USER");
-        RoleRepresentation realmAppCompositeRole = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
-        userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRole));
-    }
+        // addRealmAppCompositeToUsers2
+        userRsc = ApiUtil.findUserByUsernameId(testRealm(), "APP_COMPOSITE_USER");
+        userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRolee));
 
-    @Before
-    public void addCompositeRolesToAppCompositeRoleInAppCompositeApplication() {
         ClientResource appCompositeApplication = ApiUtil.findClientByClientId(testRealm(), "APP_COMPOSITE_APPLICATION");
         RoleResource appCompositeRole = appCompositeApplication.roles().get("APP_COMPOSITE_ROLE");
 
+        // addCompositeRolesToAppCompositeRoleInAppCompositeApplication
         List<RoleRepresentation> toAdd = new LinkedList<>();
         toAdd.add(testRealm().roles().get("REALM_ROLE_1").toRepresentation());
         toAdd.add(testRealm().roles().get("REALM_ROLE_2").toRepresentation());
         toAdd.add(testRealm().roles().get("REALM_ROLE_3").toRepresentation());
 
         ClientResource appRolesApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
-        RoleRepresentation appRole1 = appRolesApplication.roles().get("APP_ROLE_1").toRepresentation();
-        toAdd.add(appRole1);
+        RoleRepresentation appRole1Rep = appRolesApplication.roles().get("APP_ROLE_1").toRepresentation();
+        toAdd.add(appRole1Rep);
 
         appCompositeRole.addComposites(toAdd);
+
+        // Track that we initialized model already
+        testContext.setInitialized(true);
+    }
+
+    private void addRealmLevelScopeMapping(String clientId, String roleName) {
+        ClientResource client = ApiUtil.findClientByClientId(testRealm(), clientId);
+        RoleRepresentation role = testRealm().roles().get(roleName).toRepresentation();
+        client.getScopeMappings().realmLevel().add(Collections.singletonList(role));
+    }
+
+    private void addClientLevelScopeMapping(String targetClientId, String sourceClientId, String roleName) {
+        ClientResource targetClient = ApiUtil.findClientByClientId(testRealm(), targetClientId);
+        ClientResource sourceClient = ApiUtil.findClientByClientId(testRealm(), sourceClientId);
+        RoleRepresentation role = sourceClient.roles().get(roleName).toRepresentation();
+        targetClient.getScopeMappings().clientLevel(sourceClient.toRepresentation().getId()).add(Collections.singletonList(role));
     }
 
     @Page
@@ -361,6 +360,8 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
         realmRoles = userResource.roles().realmLevel().listEffective();
         Assert.assertNames(realmRoles, "REALM_COMPOSITE_1", "REALM_ROLE_1");
 
+        // Revert
+        testRealm().roles().get("REALM_ROLE_1").deleteComposites(Collections.singletonList(realmComposite1));
     }
 
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java
index 2164ccd..42722da 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java
@@ -125,7 +125,9 @@ public abstract class AbstractKerberosTest extends AbstractAuthTest {
         oauth.clientId("kerberos-app");
 
         ComponentRepresentation rep = getUserStorageConfiguration();
-        testRealmResource().components().add(rep);
+        Response resp = testRealmResource().components().add(rep);
+        getCleanup().addComponentId(ApiUtil.getCreatedId(resp));
+        resp.close();
     }
 
     @After

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java
index a5f00a7..4bd6e15 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java
@@ -14,9 +14,12 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 import javax.ws.rs.NotFoundException;
+import javax.ws.rs.core.Response;
+
 import org.apache.commons.io.FileUtils;
 import org.jboss.arquillian.container.test.api.Deployment;
 import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.After;
 import org.junit.Assert;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
@@ -101,6 +104,22 @@ public class UserStorageTest extends AbstractAuthTest {
 
     }
 
+    @After
+    public void removeTestUser() throws URISyntaxException, IOException {
+        testingClient.server().run(session -> {
+            RealmModel realm = session.realms().getRealmByName("test");
+            if (realm == null) {
+                return;
+            }
+
+            UserModel user = session.users().getUserByUsername("thor", realm);
+            if (user != null) {
+                session.userLocalStorage().removeUser(realm, user);
+                session.userCache().clear();
+            }
+        });
+    }
+
     protected ComponentRepresentation newPropProviderRW() {
         ComponentRepresentation propProviderRW = new ComponentRepresentation();
         propProviderRW.setName("user-props");
@@ -114,7 +133,11 @@ public class UserStorageTest extends AbstractAuthTest {
     }
 
     protected String addComponent(ComponentRepresentation component) {
-        return ApiUtil.getCreatedId(testRealmResource().components().add(component));
+        Response resp = testRealmResource().components().add(component);
+        resp.close();
+        String id = ApiUtil.getCreatedId(resp);
+        getCleanup().addComponentId(id);
+        return id;
     }
 
     private void loginSuccessAndLogout(String username, String password) {
@@ -547,6 +570,9 @@ public class UserStorageTest extends AbstractAuthTest {
             UserMapStorage.realmRemovals.set(0);
         });
 
+        // Re-create realm
+        RealmRepresentation repOrig = testContext.getTestRealmReps().get(0);
+        adminClient.realms().create(repOrig);
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java
index 08d0d69..72af35a 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java
@@ -96,6 +96,11 @@ public class CustomFlowTest extends AbstractFlowTest {
     public void configureFlows() {
         userId = findUser("login-test").getId();
 
+        // Do this just once per class
+        if (testContext.isInitialized()) {
+            return;
+        }
+
         AuthenticationFlowRepresentation flow = FlowBuilder.create()
                                                            .alias("dummy")
                                                            .description("dummy pass through flow")
@@ -169,6 +174,8 @@ public class CustomFlowTest extends AbstractFlowTest {
                         .authenticatorFlow(false)
                         .build();
         testRealm().flows().addExecution(execution);
+
+        testContext.setInitialized(true);
     }
 
 
@@ -240,16 +247,16 @@ public class CustomFlowTest extends AbstractFlowTest {
         loginPage.login("test-user@localhost", "password");
         Assert.assertTrue(termsPage.isCurrent());
 
-
-
-
-
+        // Revert dummy flow
+        rep.setBrowserFlow("dummy");
+        testRealm().update(rep);
     }
 
     @Test
     public void loginSuccess() {
         AuthenticatorState state = new AuthenticatorState();
         state.setUsername("login-test");
+        state.setClientId("test-app");
         testingClient.testing().updateAuthenticator(state);
 
         oauth.openLoginForm();
@@ -264,6 +271,7 @@ public class CustomFlowTest extends AbstractFlowTest {
     public void grantTest() throws Exception {
         AuthenticatorState state = new AuthenticatorState();
         state.setUsername("login-test");
+        state.setClientId("test-app");
         testingClient.testing().updateAuthenticator(state);
 
         grantAccessToken("test-app", "login-test");
@@ -297,6 +305,9 @@ public class CustomFlowTest extends AbstractFlowTest {
                 .removeDetail(Details.CONSENT)
                 .error(Errors.INVALID_CLIENT_CREDENTIALS)
                 .assertEvent();
+
+        state.setClientId("test-app");
+        testingClient.testing().updateAuthenticator(state);
     }
 
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
index 27c2d91..63ed003 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
@@ -30,6 +30,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -275,16 +276,6 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
     @Test
     // KEYCLOAK-2557
     public void loginUserWithEmailAsUsername() {
-        UserRepresentation rep = UserBuilder.create()
-                                            .enabled(true)
-                                            .id("foo")
-                                            .email("foo")
-                                            .username("login@test.com")
-                                            .password("password")
-                                            .build();
-
-        adminClient.realm(userId).users().create(rep);
-
         loginPage.open();
         loginPage.login("login@test.com", "password");
 
@@ -363,9 +354,7 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
         } finally {
             setPasswordPolicy(null);
             UserResource userRsc = adminClient.realm("test").users().get("login-test");
-            UserBuilder userBuilder = UserBuilder.edit(userRsc.toRepresentation())
-                                                 .password("password");
-            userRsc.update(userBuilder.build());
+            ApiUtil.resetUserPassword(userRsc, "password", false);
         }
     }
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
index 9b83583..db66deb 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
@@ -79,6 +79,9 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
 
         String sessionId2 = events.expectLogin().assertEvent().getSessionId();
         assertNotEquals(sessionId, sessionId2);
+
+        driver.navigate().to(logoutUrl);
+        events.expectLogout(sessionId2).detail(Details.REDIRECT_URI, redirectUri).assertEvent();
     }
 
     @Test
@@ -133,6 +136,10 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
         // Check session 3 logged-in
         oauth.openLoginForm();
         events.expectLogin().session(sessionId3).removeDetail(Details.USERNAME).assertEvent();
+
+        //  Logout session 3 by redirect
+        driver.navigate().to(oauth.getLogoutUrl().redirectUri(AppPage.baseUrl).build());
+        events.expectLogout(sessionId3).detail(Details.REDIRECT_URI, AppPage.baseUrl).assertEvent();
     }
 
     //KEYCLOAK-2741
@@ -198,6 +205,9 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
 
         String sessionId2 = events.expectLogin().assertEvent().getSessionId();
         assertNotEquals(sessionId, sessionId2);
+
+        driver.navigate().to(logoutUrl);
+        events.expectLogout(sessionId2).removeDetail(Details.REDIRECT_URI).assertEvent();
     }
 
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
index 5192296..1a68d09 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
@@ -130,6 +130,9 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
         assertEquals("test-user@localhost", user.getEmail());
         assertEquals("firstName", user.getFirstName());
         assertEquals("lastName", user.getLastName());
+
+        testRealm().users().get(userId).remove();
+        setDuplicateEmailsAllowed(false);
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
index 8ecfa13..3a12a76 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
@@ -28,6 +28,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -52,41 +53,30 @@ import java.util.concurrent.atomic.AtomicInteger;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
-//import org.keycloak.testsuite.Constants;
-
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
  * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
  */
 public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
 
-    static int lifespan = 0;
+    private String userId;
 
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
-        UserRepresentation user = UserBuilder.create()
-                                             .username("login-test")
-                                             .email("login@test.com")
-                                             .enabled(true)
-                                             .password("password")
-                                             .build();
-        testRealm.getUsers().add(user);
     }
 
     @Before
-    public void setAccessCodeLifespanUserAction() {
-        // Must do this with adminClient because default is not set until after testRealm.json is loaded.
-        lifespan = testRealm().toRepresentation().getAccessCodeLifespanUserAction();
-    }
+    public void setup() {
+        UserRepresentation user = UserBuilder.create()
+                .username("login-test")
+                .email("login@test.com")
+                .enabled(true)
+                .build();
 
-    @Before
-    public void setUserId() {
-        userId = findUser("login-test").getId();
+        userId = ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
+        getCleanup().addUserId(userId);
     }
 
-
-    private static String userId;
-
     @Rule
     public GreenMailRule greenMail = new GreenMailRule();
 
@@ -466,6 +456,9 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
         assertEquals(0, greenMail.getReceivedMessages().length);
 
         events.expectRequiredAction(EventType.RESET_PASSWORD).session((String) null).user(userId).detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).error("user_disabled").assertEvent();
+
+        user.setEnabled(true);
+        updateUser(user);
     }
 
     @Test
@@ -501,6 +494,8 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
         host[0] =  smtpConfig.get("host");
         smtpConfig.put("host", "invalid_host");
         RealmRepresentation realmRep = testRealm().toRepresentation();
+        Map<String, String> oldSmtp = realmRep.getSmtpServer();
+
         realmRep.setSmtpServer(smtpConfig);
         testRealm().update(realmRep);
 
@@ -520,6 +515,10 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
         events.expectRequiredAction(EventType.SEND_RESET_PASSWORD_ERROR).user(userId)
                 .session((String)null)
                 .detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).error(Errors.EMAIL_SEND_FAILED).assertEvent();
+
+        // Revert SMTP back
+        realmRep.setSmtpServer(oldSmtp);
+        testRealm().update(realmRep);
     }
 
     private void setPasswordPolicy(String policy) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java
index 34113d8..215bf15 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java
@@ -48,10 +48,6 @@ import java.io.IOException;
  */
 public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
-    UserRepresentation failUser;
-
-    UserRepresentation okayUser;
-
     @Page
     protected LoginPage loginPage;
 
@@ -66,7 +62,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
 
-        failUser = UserBuilder.create()
+        UserRepresentation failUser = UserBuilder.create()
                 .id("fail")
                 .username("fail")
                 .email("fail@test.com")
@@ -74,7 +70,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
                 .password("password")
                 .build();
 
-        okayUser = UserBuilder.create()
+        UserRepresentation okayUser = UserBuilder.create()
                 .id("user")
                 .username("user")
                 .email("user@test.com")
@@ -89,6 +85,9 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
     @Before
     public void configureFlows() throws Exception {
+        if (testContext.isInitialized()) {
+            return;
+        }
 
         String scriptFlow = "scriptBrowser";
 
@@ -134,6 +133,8 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
         Response newExecutionConfigResponse = testRealm().flows().newExecutionConfig(scriptAuth, createScriptAuthConfig(scriptAuth, "authenticator-example.js", "/scripts/authenticator-example.js", "simple script based authenticator"));
         Assert.assertEquals(201, newExecutionConfigResponse.getStatus());
+
+        testContext.setInitialized(true);
     }
 
     /**
@@ -144,9 +145,9 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
         loginPage.open();
 
-        loginPage.login(okayUser.getUsername(), "password");
+        loginPage.login("user", "password");
 
-        events.expectLogin().user(okayUser.getId()).detail(Details.USERNAME, okayUser.getUsername()).assertEvent();
+        events.expectLogin().user("user").detail(Details.USERNAME, "user").assertEvent();
     }
 
     /**
@@ -157,7 +158,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
         loginPage.open();
 
-        loginPage.login(failUser.getUsername(), "password");
+        loginPage.login("fail", "password");
 
         events.expect(EventType.LOGIN_ERROR).user((String)null).error(Errors.USER_NOT_FOUND).assertEvent();
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java
index 5256233..6174842 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java
@@ -96,6 +96,9 @@ public class EmailTest extends AbstractI18NTest {
         MimeMessage message = greenMail.getReceivedMessages()[0];
 
         Assert.assertEquals("Passwort zurückzusetzen", message.getSubject());
+
+        // Revert
+        changeUserLocale("en");
     }
 
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java
index e5d2bc2..961026d 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java
@@ -80,6 +80,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(1, createdRep.getConfig().size());
@@ -114,6 +115,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(2, createdRep.getConfig().size());
@@ -147,6 +149,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation component = testingClient.server("test").fetch(RunHelpers.internalComponent(id));
         assertEquals(32, Base64Url.decode(component.getConfig().getFirst("secret")).length);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java
index 1f2bcc2..fba4add 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java
@@ -73,6 +73,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(1, createdRep.getConfig().size());
@@ -99,6 +101,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(2, createdRep.getConfig().size());
@@ -124,6 +128,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
+        response.close();
 
         KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata();
 
@@ -153,6 +159,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
+        response.close();
 
         KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata();
 
@@ -187,6 +195,7 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
         assertEquals(error, errorRepresentation.getErrorMessage());
+        response.close();
     }
 
     protected ComponentRepresentation createRep(String name, String providerId) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java
index cbec6c4..e8d11ec 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java
@@ -80,6 +80,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(ComponentRepresentation.SECRET_VALUE, createdRep.getConfig().getFirst(Attributes.PRIVATE_KEY_KEY));
@@ -116,6 +117,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(ComponentRepresentation.SECRET_VALUE, createdRep.getConfig().getFirst(Attributes.PRIVATE_KEY_KEY));
@@ -206,6 +208,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
         assertEquals(error, errorRepresentation.getErrorMessage());
+        response.close();
     }
 
     protected ComponentRepresentation createRep(String name, String providerId) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java
index b6fec3e..efb6f87 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java
@@ -153,6 +153,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
 
         ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
         assertTrue(errorRepresentation.getErrorMessage().startsWith(error));
+        response.close();
     }
 
     protected ComponentRepresentation createRep(String name, long priority) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java
index 6c54d2b..068c426 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java
@@ -37,6 +37,7 @@ import org.keycloak.representations.idm.KeysMetadataRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.AssertEvents;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.LoginPage;
@@ -49,6 +50,7 @@ import javax.ws.rs.core.Response;
 import java.io.IOException;
 import java.security.KeyPair;
 import java.security.PublicKey;
+import java.util.LinkedList;
 import java.util.List;
 
 import static org.junit.Assert.*;
@@ -182,6 +184,9 @@ public class KeyRotationTest extends AbstractKeycloakTest {
 
         KeysMetadataRepresentation keyMetadata = adminClient.realm("test").keys().getKeyMetadata();
         assertEquals(PemUtils.encodeKey(keys2), keyMetadata.getKeys().get(0).getPublicKey());
+
+        dropKeys1();
+        dropKeys2();
     }
 
     @Test
@@ -200,6 +205,8 @@ public class KeyRotationTest extends AbstractKeycloakTest {
             keys.getConfig().putSingle("priority", "1000" + i);
             Response response = adminClient.realm("test").components().add(keys);
             assertEquals(201, response.getStatus());
+            String newId = ApiUtil.getCreatedId(response);
+            getCleanup().addComponentId(newId);
             response.close();
 
             String updatedActiveKid = adminClient.realm("test").keys().getKeyMetadata().getActive().get("RSA");
@@ -244,7 +251,8 @@ public class KeyRotationTest extends AbstractKeycloakTest {
         config.addFirst(Attributes.PRIVATE_KEY_KEY, privateKeyPem);
         rep.setConfig(config);
 
-        adminClient.realm("test").components().add(rep);
+        Response response = adminClient.realm("test").components().add(rep);
+        response.close();
 
         rep = new ComponentRepresentation();
         rep.setName("mycomponent2");
@@ -256,7 +264,8 @@ public class KeyRotationTest extends AbstractKeycloakTest {
         config.addFirst("priority", priority);
         rep.setConfig(config);
 
-        adminClient.realm("test").components().add(rep);
+        response = adminClient.realm("test").components().add(rep);
+        response.close();
 
         return publicKey;
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
index c05bc7e..729f0c5 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
@@ -17,6 +17,7 @@
 package org.keycloak.testsuite.oauth;
 
 import org.jboss.arquillian.graphene.page.Page;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
@@ -51,11 +52,6 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
     public AssertEvents events = new AssertEvents(this);
 
     @Override
-    public void beforeAbstractKeycloakTest() throws Exception {
-        super.beforeAbstractKeycloakTest();
-    }
-
-    @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
         testRealms.add(realmRepresentation);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
index 998cc87..bcfae6f 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
@@ -23,6 +23,7 @@ import org.apache.http.HttpResponse;
 import org.apache.http.NameValuePair;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.entity.mime.MultipartEntityBuilder;
 import org.apache.http.entity.mime.content.FileBody;
@@ -30,6 +31,7 @@ import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.message.BasicNameValuePair;
+import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Rule;
 import org.junit.Test;
@@ -88,6 +90,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.ws.rs.core.Response;
+
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotEquals;
 
@@ -99,11 +103,11 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
 
     @Rule
     public AssertEvents events = new AssertEvents(this);
-    private String client1SAUserId;
+    private static String client1SAUserId;
 
-    private RealmRepresentation testRealm;
-    private ClientRepresentation app1, app2, app3;
-    private UserRepresentation defaultUser, serviceAccountUser;
+    private static RealmRepresentation testRealm;
+    private static ClientRepresentation app1, app2, app3;
+    private static UserRepresentation defaultUser, serviceAccountUser;
 
     @BeforeClass
     public static void beforeClientAuthSignedJWTTest() {
@@ -144,15 +148,6 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
 
         realmBuilder.client(app2);
 
-        app3 = ClientBuilder.create()
-                .id(KeycloakModelUtils.generateId())
-                .clientId("client3")
-                .directAccessGrants()
-                .authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
-                .build();
-
-        realmBuilder.client(app3);
-
         // This one is for keystore-client2.p12 , which doesn't work on Sun JDK
 //            app2.setAttribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFPPLGHHjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdjbGllbnQxMB4XDTE1MDgxNzE3MjMzMVoXDTI1MDgxNzE3MjUxMVowEjEQMA4GA1UEAwwHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIsatXj38fFD9fHslNrsWrubobudXYwwdZpGYqkHIhuDeSojGvhBSLmKIFmtbHMVcLEbS0dIEsSbNVrwjdFfuRuvd9Vu6Ng0JUC8fRhSeQniC3jcBuP8P4WlXK4+ir3Wlya+T6Hum9b68BiH0KyNZtFGJ6zLHuCcq9Bl0JifvibnUkDeTZPwgJNA9+GxS/x8fAkApcAbJrgBZvr57PwhbgHoZdB8aAY5f5ogbGzKDtSUMvFh+Jah39gWtn7p3VOuuMXA8SugogoH8C5m2itrPBL1UPhAcKUeWiqx4SmZe/lZo7x2WbSecNiFaiqBhIW+QbqCYW6I4u0YvuLuEe3+TC8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZzW5DZviCxUQdV5Ab07PZkUfvImHZ73oWWHZqzUQtZtbVdzfp3cnbb2wyXtlOvingO3hgpoTxV8vbKgLbIQfvkGGHBG1F5e0QVdtikfdcwWb7cy4/9F80OD7cgG0ZAzFbQ8ZY7iS3PToBp3+4tbIK2NK0ntt/MYgJnPbHeG4V4qfgUbFm1YgEK7WpbSVU8jGuJ5DWE+mlYgECZKZ5TSlaVGs2XOm6WXrJScucNekwcBWWiHyRsFHZEDzWmzt8TLTLnnb0vVjhx3qCYxah3RbyyMZm6WLZlLAaGEcwNDO8jaA3hAjrxoOA1xEaolQfGVsb/ElelHcR1Zfe0u4Ekd4tw==");
 
@@ -177,6 +172,20 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         testRealms.add(testRealm);
     }
 
+    @Before
+    public void recreateApp3() {
+        app3 = ClientBuilder.create()
+                .id(KeycloakModelUtils.generateId())
+                .clientId("client3")
+                .directAccessGrants()
+                .authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
+                .build();
+
+        Response resp = adminClient.realm("test").clients().create(app3);
+        getCleanup().addClientUuid(ApiUtil.getCreatedId(resp));
+        resp.close();
+    }
+
     // TEST SUCCESS
 
     @Test
@@ -452,7 +461,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         List<NameValuePair> parameters = new LinkedList<NameValuePair>();
         parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -464,7 +473,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, "invalid"));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -476,7 +485,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -491,7 +500,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -506,7 +515,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, "unknown-client", "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -524,12 +533,12 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, "client1", "invalid_client", Errors.CLIENT_DISABLED);
 
-        ClientManager.realm(adminClient.realm("test")).clientId("client1").enabled(false);
+        ClientManager.realm(adminClient.realm("test")).clientId("client1").enabled(true);
     }
 
     @Test
@@ -553,7 +562,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, "client1", "unauthorized_client", "client_credentials_setup_required");
@@ -571,7 +580,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, "client1", "unauthorized_client", AuthenticationFlowError.CLIENT_CREDENTIALS_SETUP_REQUIRED.toString().toLowerCase());
@@ -589,7 +598,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         setTimeOffset(0);
@@ -608,7 +617,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         setTimeOffset(0);
@@ -733,7 +742,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getAccessTokenUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getAccessTokenUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
@@ -744,7 +753,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getRefreshTokenUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getRefreshTokenUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
@@ -764,7 +773,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
@@ -776,11 +785,11 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getResourceOwnerPasswordCredentialGrantUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getResourceOwnerPasswordCredentialGrantUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
-    private HttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
+    private CloseableHttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
         CloseableHttpClient client = new DefaultHttpClient();
         try {
             HttpPost post = new HttpPost(requestUrl);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
index 6c829ec..f320066 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
@@ -17,6 +17,7 @@
 package org.keycloak.testsuite.oauth;
 
 import org.jboss.arquillian.graphene.page.Page;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Rule;
 import org.junit.Test;
@@ -71,11 +72,6 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
     protected AppPage appPage;
 
     @Override
-    public void beforeAbstractKeycloakTest() throws Exception {
-        super.beforeAbstractKeycloakTest();
-    }
-
-    @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
 
         RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
index 150ff6b..921e3db 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
@@ -59,6 +59,8 @@ import org.keycloak.util.TokenUtil;
 import java.util.Collections;
 import java.util.List;
 
+import javax.ws.rs.NotFoundException;
+
 import static org.junit.Assert.assertEquals;
 import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
 import static org.keycloak.testsuite.admin.ApiUtil.findRealmRoleByName;
@@ -253,8 +255,11 @@ public class OfflineTokenTest extends AbstractKeycloakTest {
 
         // Assert userSession expired
         testingClient.testing().removeExpired("test");
-
-        testingClient.testing().removeUserSession("test", sessionId);
+        try {
+            testingClient.testing().removeUserSession("test", sessionId);
+        } catch (NotFoundException nfe) {
+            // Ignore
+        }
 
         OAuthClient.AccessTokenResponse response = oauth.doRefreshTokenRequest(offlineTokenString, "secret1");
         AccessToken refreshedToken = oauth.verifyToken(response.getAccessToken());

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java
index 307ef96..01d4beb 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java
@@ -22,12 +22,14 @@ import java.util.List;
 import java.util.Map;
 
 
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.ClientResource;
 import org.keycloak.admin.client.resource.ProtocolMappersResource;
 import org.keycloak.admin.client.resource.UserResource;
+import org.keycloak.testsuite.util.ProtocolMapperUtil;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
 import org.keycloak.protocol.oidc.mappers.AddressMapper;
 import org.keycloak.representations.AccessToken;
@@ -83,6 +85,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         oauth.clientId("test-app");
     }
 
+
+    private void deleteMappers(ProtocolMappersResource protocolMappers) {
+        ProtocolMapperRepresentation mapper = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappers, OIDCLoginProtocol.LOGIN_PROTOCOL, "Realm roles mapper");
+        protocolMappers.delete(mapper.getId());
+
+        mapper = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappers, OIDCLoginProtocol.LOGIN_PROTOCOL, "Client roles mapper");
+        protocolMappers.delete(mapper.getId());
+    }
+
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation realm = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
@@ -239,12 +250,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         String realmRoleMappings = (String) roleMappings.get("realm");
         String testAppMappings = (String) roleMappings.get("test-app");
         assertRoles(realmRoleMappings,
-          "pref.user",                      // from direct assignment in user definition
-          "pref.offline_access"             // from direct assignment in user definition
+                "pref.user",                      // from direct assignment in user definition
+                "pref.offline_access"             // from direct assignment in user definition
         );
         assertRoles(testAppMappings,
           "customer-user"                   // from direct assignment in user definition
         );
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
 
@@ -268,11 +282,11 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         String realmRoleMappings = (String) roleMappings.get("realm");
         String testAppMappings = (String) roleMappings.get(clientId);
         assertRoles(realmRoleMappings,
-          "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
-          "pref.user",                      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
-          "pref.customer-user-premium",     // from client role customer-admin-composite-role - realm role for test-app
-          "pref.realm-composite-role",      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
-          "pref.sample-realm-role"          // from realm role realm-composite-role
+                "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
+                "pref.user",                      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.customer-user-premium",     // from client role customer-admin-composite-role - realm role for test-app
+                "pref.realm-composite-role",      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.sample-realm-role"          // from realm role realm-composite-role
         );
         assertRoles(testAppMappings,
           "ta.customer-user",                  // from direct assignment to /roleRichGroup/level2group
@@ -280,6 +294,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
           "ta.customer-admin",                 // from client role customer-admin-composite-role - client role for test-app
           "ta.sample-client-role"              // from realm role realm-composite-role - client role for test-app
         );
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
     @Test
@@ -303,13 +320,16 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         String realmRoleMappings = (String) roleMappings.get("realm");
         String testAppAuthzMappings = (String) roleMappings.get(clientId);
         assertRoles(realmRoleMappings,
-          "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
-          "pref.user",                      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
-          "pref.customer-user-premium",     // from client role customer-admin-composite-role - realm role for test-app
-          "pref.realm-composite-role",      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
-          "pref.sample-realm-role"          // from realm role realm-composite-role
+                "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
+                "pref.user",                      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.customer-user-premium",     // from client role customer-admin-composite-role - realm role for test-app
+                "pref.realm-composite-role",      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.sample-realm-role"          // from realm role realm-composite-role
         );
         assertRoles(testAppAuthzMappings);  // There is no client role defined for test-app-authz
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
     @Test
@@ -333,12 +353,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         String realmRoleMappings = (String) roleMappings.get("realm");
         String testAppScopeMappings = (String) roleMappings.get(clientId);
         assertRoles(realmRoleMappings,
-          "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
-          "pref.user"                       // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
+                "pref.user"                       // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
         );
         assertRoles(testAppScopeMappings,
           "test-app-allowed-by-scope"       // from direct assignment to roleRichUser, present as scope allows it
         );
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
     @Test
@@ -369,6 +392,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
           "test-app-allowed-by-scope",      // from direct assignment to roleRichUser, present as scope allows it
           "customer-admin-composite-role"   // from direct assignment to /roleRichGroup/level2group, present as scope allows it
         );
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
     private void assertRoles(String actualRoleString, String...expectedRoles) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java
index 4f94260..ffa5651 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java
@@ -143,6 +143,11 @@ public class AuthnRequestNameIdFormatTest extends AbstractSamlTest {
         clientRes.update(client);
 
         testLoginWithNameIdPolicy(Binding.REDIRECT, Binding.POST, null, is("bburke"));
+
+        // Revert
+        client = clientRes.toRepresentation();
+        client.getAttributes().put(SamlConfigAttributes.SAML_FORCE_POST_BINDING, "false");
+        clientRes.update(client);
     }
 
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java
index 5e61d00..db16f02 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java
@@ -25,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientResource;
 import org.keycloak.admin.client.resource.ClientTemplateResource;
 import org.keycloak.admin.client.resource.ClientTemplatesResource;
 import org.keycloak.admin.client.resource.ClientsResource;
+import org.keycloak.admin.client.resource.ComponentsResource;
 import org.keycloak.admin.client.resource.GroupResource;
 import org.keycloak.admin.client.resource.GroupsResource;
 import org.keycloak.admin.client.resource.IdentityProviderResource;
@@ -282,6 +283,20 @@ public class AdminEventPaths {
         return uri.toString();
     }
 
+    // COMPONENTS
+    public static String componentsPath() {
+        URI uri = UriBuilder.fromUri("").path(RealmResource.class, "components").build();
+        return uri.toString();
+    }
+
+    public static String componentPath(String componentId) {
+        URI uri = UriBuilder.fromUri(componentsPath()).path(ComponentsResource.class, "component").build(componentId);
+        return uri.toString();
+    }
+
+
+
+
     // CLIENT INITIAL ACCESS
 
     public static String clientInitialAccessPath(String clientInitialAccessId) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java
index 4736165..ec1156a 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java
@@ -64,7 +64,7 @@ public class AssertAdminEvents implements TestRule {
             @Override
             public void evaluate() throws Throwable {
                 // TODO: Ideally clear the queue just before testClass rather then before each method
-                context.getTestingClient().testing().clearAdminEventQueue();
+                clear();
                 base.evaluate();
                 // TODO Test should fail if there are leftover events
             }
@@ -85,12 +85,7 @@ public class AssertAdminEvents implements TestRule {
 
     // Clears both "classic" and admin events for now
     public void clear() {
-        Response res = context.getTestingClient().testing().clearAdminEventQueue();
-        try {
-            Assert.assertEquals("clear-admin-event-queue success", res.getStatus(), 200);
-        } finally {
-            res.close();
-        }
+        context.getTestingClient().testing().clearAdminEventQueue();
     }
 
     private AdminEventRepresentation fetchNextEvent() {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java
index 6bcea06..e8e9e62 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java
@@ -1,6 +1,8 @@
 package org.keycloak.testsuite.util;
 
+import org.keycloak.admin.client.resource.ProtocolMappersResource;
 import org.keycloak.models.utils.ModelToRepresentation;
+import org.keycloak.protocol.ProtocolMapper;
 import org.keycloak.protocol.oidc.mappers.AddressMapper;
 import org.keycloak.protocol.oidc.mappers.HardcodedClaim;
 import org.keycloak.protocol.oidc.mappers.HardcodedRole;
@@ -123,4 +125,13 @@ public class ProtocolMapperUtil {
 
         return ModelToRepresentation.toRepresentation(UserClientRoleMappingMapper.create(clientId, clientRolePrefix, name, tokenClaimName, accessToken, idToken));
     }
+
+    public static ProtocolMapperRepresentation getMapperByNameAndProtocol(ProtocolMappersResource protocolMappers, String protocol, String name) {
+        for (ProtocolMapperRepresentation mapper : protocolMappers.getMappersPerProtocol(protocol)) {
+            if (name.equals(mapper.getName())) {
+                return mapper;
+            }
+        }
+        return null;
+    }
 }