keycloak-aplcache

diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli
index ac7251e..def555e 100644
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli
@@ -132,4 +132,71 @@ if (result == NONE) of /profile=$clusteredProfile/subsystem=infinispan/cache-con
   echo
 end-if
 
+# Migrate from 2.5.0 to 2.5.1
+# NO CHANGES
+
+# Migrate 2.5.1 to 2.5.4
+if (result != REPEATABLE_READ) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
+  echo Changing ejb cache locking to REPEATABLE_READ
+  /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
+  echo
+end-if
+
+if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
+   echo Removing Hibernate immutable-entity cache
+   /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
+end-if
+
+
+# Migrate from 2.5.4 to 3.0.0 
+if (result == jpa) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
+   echo Removing default provider for eventsStore
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=realm/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=user/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for userFederatedStorage SPI
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for authorizationPersister SPI
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=authorizationPersister/:remove
+   echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/:read-resource
+   echo Adding userCache SPI
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/:add
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/:read-resource
+   echo Adding realmCache SPI
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/:add
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
+   echo Adding 'default' as default provider for connectionsInfinispan
+   /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
+   echo
+end-if
+
 echo *** End Migration of /profile=$clusteredProfile ***
\ No newline at end of file

diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli
index 486532d..4547b2a 100644
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli
@@ -120,4 +120,71 @@ if (result == NONE) of /profile=$standaloneProfile/subsystem=infinispan/cache-co
   echo
 end-if
 
+# Migrate from 2.5.0 to 2.5.1
+# NO CHANGES
+
+# Migrate 2.5.1 to 2.5.4
+if (result != REPEATABLE_READ) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
+  echo Changing ejb cache locking to REPEATABLE_READ
+  /profile=$standaloneProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
+  echo
+end-if
+
+if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
+   echo Removing Hibernate immutable-entity cache
+   /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
+end-if
+
+
+# Migrate from 2.5.4 to 3.0.0 
+if (result == jpa) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
+   echo Removing default provider for eventsStore
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=realm/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=user/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for userFederatedStorage SPI
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=userFederatedStorage/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for authorizationPersister SPI
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=authorizationPersister/:remove
+   echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=userCache/:read-resource
+   echo Adding userCache SPI
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=userCache/:add
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=realmCache/:read-resource
+   echo Adding realmCache SPI
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=realmCache/:add
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
+   echo Adding 'default' as default provider for connectionsInfinispan
+   /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
+   echo
+end-if
+
 echo *** End Migration of /profile=$standaloneProfile ***
\ No newline at end of file

diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli
index e6d859d..3e0515d 100644
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli
@@ -39,6 +39,7 @@ if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/local
   echo Updating authorization cache container..
   /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU)
   /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=100)
+  echo
 end-if
 
 # Migrate from 2.0.0 to 2.1.0
@@ -127,4 +128,71 @@ if (result == NONE) of /subsystem=infinispan/cache-container=keycloak/local-cach
   echo
 end-if
 
+# Migrate from 2.5.0 to 2.5.1
+# NO CHANGES
+
+# Migrate 2.5.1 to 2.5.4
+if (result != REPEATABLE_READ) of /subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
+  echo Changing ejb cache locking to REPEATABLE_READ
+  /subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
+  echo
+end-if
+
+if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
+   echo Removing Hibernate immutable-entity cache
+   /subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
+end-if
+
+
+# Migrate from 2.5.4 to 3.0.0 
+if (result == jpa) of /subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
+   echo Removing default provider for eventsStore
+   /subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /subsystem=keycloak-server/spi=realm/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /subsystem=keycloak-server/spi=user/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for userFederatedStorage SPI
+   /subsystem=keycloak-server/spi=userFederatedStorage/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for authorizationPersister SPI
+   /subsystem=keycloak-server/spi=authorizationPersister/:remove
+   echo
+end-if
+
+if (outcome == failed) of /subsystem=keycloak-server/spi=userCache/:read-resource
+   echo Adding userCache SPI
+   /subsystem=keycloak-server/spi=userCache/:add
+   /subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if (outcome == failed) of /subsystem=keycloak-server/spi=realmCache/:read-resource
+   echo Adding realmCache SPI
+   /subsystem=keycloak-server/spi=realmCache/:add
+   /subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
+   echo Adding 'default' as default provider for connectionsInfinispan
+   /subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
+   echo
+end-if
+
 echo *** End Migration ***
\ No newline at end of file

diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli
index 9bccbd0..65b6ef9 100644
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli
@@ -137,4 +137,70 @@ if (result == NONE) of /subsystem=infinispan/cache-container=keycloak/local-cach
   echo
 end-if
 
+# Migrate from 2.5.0 to 2.5.1
+# NO CHANGES
+
+# Migrate 2.5.1 to 2.5.4
+if (result != REPEATABLE_READ) of /subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
+  echo Changing ejb cache locking to REPEATABLE_READ
+  /subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
+  echo
+end-if
+
+if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
+   echo Removing Hibernate immutable-entity cache
+   /subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
+end-if
+
+
+# Migrate from 2.5.4 to 3.0.0 
+if (result == jpa) of /subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
+   echo Removing default provider for eventsStore
+   /subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /subsystem=keycloak-server/spi=realm/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for user SPI
+   /subsystem=keycloak-server/spi=user/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for userFederatedStorage SPI
+   /subsystem=keycloak-server/spi=userFederatedStorage/:remove
+   echo
+end-if
+
+if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
+   echo Removing declaration for authorizationPersister SPI
+   /subsystem=keycloak-server/spi=authorizationPersister/:remove
+   echo
+end-if
+
+if (outcome == failed) of /subsystem=keycloak-server/spi=userCache/:read-resource
+   echo Adding userCache SPI
+   /subsystem=keycloak-server/spi=userCache/:add
+   /subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if (outcome == failed) of /subsystem=keycloak-server/spi=realmCache/:read-resource
+   echo Adding realmCache SPI
+   /subsystem=keycloak-server/spi=realmCache/:add
+   /subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
+   echo
+end-if
+
+if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
+   echo Adding 'default' as default provider for connectionsInfinispan
+   /subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
+   echo
+end-if
 echo *** End Migration ***
\ No newline at end of file

diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java
index f4f7e3d..035c623 100644
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java
@@ -99,6 +99,10 @@ public class HardcodedLDAPAttributeMapper extends AbstractLDAPStorageMapper {
 
     @Override
     public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) {
+        // Don't update attribute in LDAP later. It's supposed to be written just at registration time
+        String ldapAttrName = mapperModel.get(LDAP_ATTRIBUTE_NAME);
+        ldapUser.addReadOnlyAttributeName(ldapAttrName);
+
         return delegate;
     }
 

diff --git a/pom.xml b/pom.xml
index 5e3d305..320b8da 100755
--- a/pom.xml
+++ b/pom.xml
@@ -117,7 +117,7 @@
         <jmeter.analysis.plugin.version>1.0.4</jmeter.analysis.plugin.version>
         <minify.plugin.version>1.7.2</minify.plugin.version>
         <osgi.bundle.plugin.version>2.3.7</osgi.bundle.plugin.version>
-        <wildfly.plugin.version>1.1.0.Beta1</wildfly.plugin.version>
+        <wildfly.plugin.version>1.1.0.Final</wildfly.plugin.version>
         <nexus.staging.plugin.version>1.6.5</nexus.staging.plugin.version>
 
         <!-- Surefire Settings -->

diff --git a/server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java b/server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java
index 045258c..cba5ed6 100644
--- a/server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java
+++ b/server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java
@@ -151,5 +151,10 @@ public enum ResourceType {
     /**
      *
      */
-    , CLUSTER_NODE;
+    , CLUSTER_NODE
+
+    /**
+     *
+     */
+    , COMPONENT;
 }

diff --git a/services/src/main/java/org/keycloak/authentication/authenticators/browser/ScriptBasedAuthenticator.java b/services/src/main/java/org/keycloak/authentication/authenticators/browser/ScriptBasedAuthenticator.java
index 6ab2907..0b400f0 100644
--- a/services/src/main/java/org/keycloak/authentication/authenticators/browser/ScriptBasedAuthenticator.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/browser/ScriptBasedAuthenticator.java
@@ -47,6 +47,7 @@ import java.util.Map;
  * <li>{@code realm} the {@link RealmModel}</li>
  * <li>{@code user} the current {@link UserModel}</li>
  * <li>{@code session} the active {@link KeycloakSession}</li>
+ * <li>{@code clientSession} the current {@link org.keycloak.models.ClientSessionModel}</li>
  * <li>{@code httpRequest} the current {@link org.jboss.resteasy.spi.HttpRequest}</li>
  * <li>{@code LOG} a {@link org.jboss.logging.Logger} scoped to {@link ScriptBasedAuthenticator}/li>
  * </ol>
@@ -159,6 +160,7 @@ public class ScriptBasedAuthenticator implements Authenticator {
             bindings.put("user", context.getUser());
             bindings.put("session", context.getSession());
             bindings.put("httpRequest", context.getHttpRequest());
+            bindings.put("clientSession", context.getClientSession());
             bindings.put("LOG", LOGGER);
         });
     }

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
index daffd90..2f7362b 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java
@@ -221,7 +221,7 @@ public class AuthenticationManagementResource {
 
         flow.setId(createdModel.getId());
         adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, createdModel.getId()).representation(flow).success();
-        return Response.status(201).build();
+        return Response.created(uriInfo.getAbsolutePathBuilder().path(flow.getId()).build()).build();
     }
 
     /**

diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
index c5e1edb..b39b773 100644
--- a/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java
@@ -25,6 +25,7 @@ import org.keycloak.component.ComponentModel;
 import org.keycloak.component.ComponentValidationException;
 import org.keycloak.component.SubComponentFactory;
 import org.keycloak.events.admin.OperationType;
+import org.keycloak.events.admin.ResourceType;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.utils.ModelToRepresentation;
@@ -93,7 +94,7 @@ public class ComponentResource {
     public ComponentResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) {
         this.auth = auth;
         this.realm = realm;
-        this.adminEvent = adminEvent;
+        this.adminEvent = adminEvent.resource(ResourceType.COMPONENT);
 
         auth.init(RealmAuth.Resource.REALM);
     }
@@ -175,7 +176,7 @@ public class ComponentResource {
                 throw new NotFoundException("Could not find component");
             }
             RepresentationToModel.updateComponent(session, rep, model, false);
-            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo, model.getId()).representation(StripSecretsUtils.strip(session, rep)).success();
+            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(StripSecretsUtils.strip(session, rep)).success();
             realm.updateComponent(model);
             return Response.noContent().build();
         } catch (ComponentValidationException e) {
@@ -192,7 +193,7 @@ public class ComponentResource {
         if (model == null) {
             throw new NotFoundException("Could not find component");
         }
-        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo, model.getId()).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
         realm.removeComponent(model);
 
     }

diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
index 1508042..bb8de2d 100755
--- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
@@ -259,8 +259,13 @@ public class RealmsResource {
 
         WellKnownProvider wellKnown = session.getProvider(WellKnownProvider.class, providerName);
 
-        ResponseBuilder responseBuilder = Response.ok(wellKnown.getConfig()).cacheControl(CacheControlUtil.getDefaultCacheControl());
-        return Cors.add(request, responseBuilder).allowedOrigins("*").auth().build();
+        if (wellKnown != null) {
+            ResponseBuilder responseBuilder = Response.ok(wellKnown.getConfig())
+                                                      .cacheControl(CacheControlUtil.getDefaultCacheControl());
+            return Cors.add(request, responseBuilder).allowedOrigins("*").auth().build();
+        }
+
+        throw new NotFoundException();
     }
 
     @Path("{realm}/authz")

diff --git a/services/src/main/resources/scripts/authenticator-template.js b/services/src/main/resources/scripts/authenticator-template.js
index 20de702..f18dfdf 100644
--- a/services/src/main/resources/scripts/authenticator-template.js
+++ b/services/src/main/resources/scripts/authenticator-template.js
@@ -15,6 +15,7 @@ AuthenticationFlowError = Java.type("org.keycloak.authentication.AuthenticationF
  * session - current KeycloakSession {@see org.keycloak.models.KeycloakSession}
  * httpRequest - current HttpRequest {@see org.jboss.resteasy.spi.HttpRequest}
  * script - current script {@see org.keycloak.models.ScriptModel}
+ * clientSession - current client session {@see org.keycloak.models.ClientSessionModel}
  * LOG - current logger {@see org.jboss.logging.Logger}
  *
  * You one can extract current http request headers via:

diff --git a/testsuite/integration-arquillian/HOW-TO-RUN.md b/testsuite/integration-arquillian/HOW-TO-RUN.md
index 0fb9b4b..f8306ba 100644
--- a/testsuite/integration-arquillian/HOW-TO-RUN.md
+++ b/testsuite/integration-arquillian/HOW-TO-RUN.md
@@ -21,8 +21,10 @@ Adding this system property when running any test:
     
     -Darquillian.debug=true
     
-will add lots of info to the log. Especially about all the triggered arquillian lifecycle events and executed observers listening to those events.
-Also the bootstrap of WebDriver will be unlimited (by default there is 1 minute timeout and test is cancelled when WebDriver is not bootstrapped within it.)
+will add lots of info to the log. Especially about:
+* The test method names, which will be executed for each test class, will be written at the proper running order to the log at the beginning of each test (done by KcArquillian class). 
+* All the triggered arquillian lifecycle events and executed observers listening to those events will be written to the log
+* The bootstrap of WebDriver will be unlimited. By default there is just 1 minute timeout and test is cancelled when WebDriver is not bootstrapped within it.
 
 ### WebDriver timeout
 
@@ -41,10 +43,21 @@ and adapter are all in the same JVM and you can debug them easily. If it is not 
     -Dmaven.surefire.debug=true
    
    
-and you will be able to attach remote debugger to the test. Unfortunately server and adapter are running in different JVMs, so you won't be able to debug them. 
+and you will be able to attach remote debugger to the test. Unfortunately server and adapter are running in different JVMs, so this won't help to debug those. 
 
 TODO: Improve and add more info about Wildfly debugging...
 
+## Testsuite logging
+
+It is configured in `testsuite/integration-arquillian/tests/base/src/test/resources/log4j.properties` . You can see that logging of testsuite itself (category `org.keycloak.testsuite`) is debug by default.
+
+When you run tests with undertow (which is by default), there is logging for Keycloak server and adapter (category `org.keycloak` ) in `info` when you run tests from IDE, but `off` when 
+you run tests with maven. The reason is that, we don't want huge logs when running mvn build. However using system property `keycloak.logging.level` will override it. This can be used for both IDE or maven.
+So for example using `-Dkeycloak.logging.level=debug` will enable debug logging for keycloak server and adapter. 
+
+For more fine-tuning of individual categories, you can look at log4j.properties file and temporarily enable/disable them here.
+
+TODO: Add info about Wildfly logging
 
 ## Run adapter tests
 

diff --git a/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java b/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java
index bdbd4d9..5f7520f 100644
--- a/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java
+++ b/testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java
@@ -146,6 +146,11 @@ public class KeycloakOnUndertow implements DeployableContainer<KeycloakOnUnderto
 
     @Override
     public void start() throws LifecycleException {
+        if (isRemoteMode()) {
+            log.info("Skip bootstrap undertow. We are in remote mode");
+            return;
+        }
+
         log.info("Starting auth server on embedded Undertow.");
         long start = System.currentTimeMillis();
 
@@ -169,11 +174,21 @@ public class KeycloakOnUndertow implements DeployableContainer<KeycloakOnUnderto
 
     @Override
     public void stop() throws LifecycleException {
+        if (isRemoteMode()) {
+            log.info("Skip stopping undertow. We are in remote mode");
+            return;
+        }
+
         log.info("Stopping auth server.");
         sessionFactory.close();
         undertow.stop();
     }
 
+    private boolean isRemoteMode() {
+        //return true;
+        return "true".equals(System.getProperty("remote.mode"));
+    }
+
     @Override
     public void undeploy(Archive<?> archive) throws DeploymentException {
         Field containerField = Reflections.findDeclaredField(UndertowJaxrsServer.class, "container");

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java
index ccc4f80..6ca5135 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java
@@ -28,9 +28,13 @@ import org.jboss.arquillian.core.api.annotation.Inject;
 import org.jboss.arquillian.core.api.annotation.Observes;
 import org.jboss.arquillian.test.spi.annotation.ClassScoped;
 import org.jboss.arquillian.test.spi.annotation.SuiteScoped;
+import org.jboss.arquillian.test.spi.event.suite.AfterClass;
 import org.jboss.arquillian.test.spi.event.suite.BeforeClass;
 import org.jboss.arquillian.test.spi.event.suite.BeforeSuite;
 import org.jboss.logging.Logger;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.client.KeycloakTestingClient;
 import org.keycloak.testsuite.util.LogChecker;
 import org.keycloak.testsuite.util.OAuthClient;
 
@@ -38,8 +42,11 @@ import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.LinkedHashSet;
+import java.util.List;
 import java.util.Set;
 
+import javax.ws.rs.NotFoundException;
+
 /**
  *
  * @author tkyjovsk
@@ -203,4 +210,33 @@ public class AuthServerTestEnricher {
         oAuthClientProducer.set(oAuthClient);
     }
 
+    public void afterClass(@Observes(precedence = 2) AfterClass event) {
+        TestContext testContext = testContextProducer.get();
+
+        List<RealmRepresentation> testRealmReps = testContext.getTestRealmReps();
+        Keycloak adminClient = testContext.getAdminClient();
+        KeycloakTestingClient testingClient = testContext.getTestingClient();
+
+        if (testRealmReps != null) {
+            log.info("removing test realms after test class");
+            for (RealmRepresentation testRealm : testRealmReps) {
+                String realmName = testRealm.getRealm();
+                log.info("removing realm: " + realmName);
+                try {
+                    adminClient.realms().realm(realmName).remove();
+                } catch (NotFoundException e) {
+                    // Ignore
+                }
+            }
+        }
+
+        if (adminClient != null) {
+            adminClient.close();
+        }
+
+        if (testingClient != null) {
+            testingClient.close();
+        }
+    }
+
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KcArquillian.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KcArquillian.java
new file mode 100644
index 0000000..c743ca8
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KcArquillian.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.arquillian;
+
+import java.util.List;
+
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.logging.Logger;
+import org.junit.runners.model.FrameworkMethod;
+import org.junit.runners.model.InitializationError;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class KcArquillian extends Arquillian {
+
+    protected final Logger log = Logger.getLogger(this.getClass());
+
+    public static final boolean ARQUILLIAN_DEBUG = "true".equals(System.getProperty("arquillian.debug"));
+
+    public KcArquillian(Class<?> testClass) throws InitializationError
+    {
+        super(testClass);
+    }
+
+    @Override
+    protected List<FrameworkMethod> getChildren() {
+        List<FrameworkMethod> children = super.getChildren();
+
+        if (ARQUILLIAN_DEBUG) {
+            for (FrameworkMethod method : children) {
+                log.info(method.getName());
+            }
+        }
+
+        return children;
+    }
+}

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java
index fc63b22..30b0405 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java
@@ -21,6 +21,13 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import javax.ws.rs.NotFoundException;
+
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.client.KeycloakTestingClient;
+import org.keycloak.testsuite.util.TestCleanup;
+
 /**
  *
  * @author tkyjovsk
@@ -38,6 +45,17 @@ public final class TestContext {
     
     private final Map customContext = new HashMap<>();
 
+    private Keycloak adminClient;
+    private KeycloakTestingClient testingClient;
+    private List<RealmRepresentation> testRealmReps;
+
+    // Track if particular test was initialized. What exactly means "initialized" is test dependent (Eg. some user in @Before method was created, so we can set initialized to true
+    // to avoid creating user when @Before method is executed for 2nd time)
+    private boolean initialized;
+
+    // Key is realmName, value are objects to clean after the test method
+    private Map<String, TestCleanup> cleanups = new HashMap<>();
+
     public TestContext(SuiteContext suiteContext, Class testClass) {
         this.suiteContext = suiteContext;
         this.testClass = testClass;
@@ -92,6 +110,52 @@ public final class TestContext {
                 + (isAdapterTest() ? "App server container: " + getAppServerInfo() + "\n" : "");
     }
 
+    public Keycloak getAdminClient() {
+        return adminClient;
+    }
+
+    public void setAdminClient(Keycloak adminClient) {
+        this.adminClient = adminClient;
+    }
+
+    public KeycloakTestingClient getTestingClient() {
+        return testingClient;
+    }
+
+    public void setTestingClient(KeycloakTestingClient testingClient) {
+        this.testingClient = testingClient;
+    }
+
+    public List<RealmRepresentation> getTestRealmReps() {
+        return testRealmReps;
+    }
+
+    public void setTestRealmReps(List<RealmRepresentation> testRealmReps) {
+        this.testRealmReps = testRealmReps;
+    }
+
+    public boolean isInitialized() {
+        return initialized;
+    }
+
+    public void setInitialized(boolean initialized) {
+        this.initialized = initialized;
+    }
+
+    public TestCleanup getOrCreateCleanup(String realmName) {
+        TestCleanup cleanup = cleanups.get(realmName);
+        if (cleanup == null) {
+            cleanup = new TestCleanup(adminClient, realmName);
+            cleanups.put(realmName, cleanup);
+        }
+        return cleanup;
+    }
+
+    public Map<String, TestCleanup> getCleanups() {
+        return cleanups;
+    }
+
+
     public Object getCustomValue(Object key) {
         return customContext.get(key);
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java
index a89d70c..afefde3 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java
@@ -53,7 +53,7 @@ public interface TestApplicationResource {
 
     @POST
     @Path("/clear-admin-actions")
-    Response clearAdminActions();
+    void clearAdminActions();
 
     @GET
     @Produces(MediaType.TEXT_HTML)

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java
index 0c2f106..a66fce5 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java
@@ -35,12 +35,12 @@ public interface TestingExportImportResource {
     @GET
     @Path("/run-import")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response runImport();
+    void runImport();
 
     @GET
     @Path("/run-export")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response runExport();
+    void runExport();
 
     @GET
     @Path("/get-users-per-file")

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java
index 02d889f..32b05e7 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java
@@ -72,27 +72,27 @@ public interface TestingResource {
     @POST
     @Path("/clear-event-queue")
     @Produces(MediaType.APPLICATION_JSON)
-    Response clearEventQueue();
+    void clearEventQueue();
 
     @POST
     @Path("/clear-admin-event-queue")
     @Produces(MediaType.APPLICATION_JSON)
-    Response clearAdminEventQueue();
+    void clearAdminEventQueue();
 
     @GET
     @Path("/clear-event-store")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearEventStore();
+    void clearEventStore();
 
     @GET
     @Path("/clear-event-store-for-realm")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearEventStore(@QueryParam("realmId") String realmId);
+    void clearEventStore(@QueryParam("realmId") String realmId);
 
     @GET
     @Path("/clear-event-store-older-than")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
+    void clearEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
 
     /**
      * Query events
@@ -127,17 +127,17 @@ public interface TestingResource {
     @GET
     @Path("/clear-admin-event-store")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearAdminEventStore();
+    void clearAdminEventStore();
 
     @GET
     @Path("/clear-admin-event-store-for-realm")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearAdminEventStore(@QueryParam("realmId") String realmId);
+    void clearAdminEventStore(@QueryParam("realmId") String realmId);
 
     @GET
     @Path("/clear-admin-event-store-older-than")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearAdminEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
+    void clearAdminEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
 
     /**
      * Get admin events
@@ -170,17 +170,17 @@ public interface TestingResource {
     @POST
     @Path("/on-admin-event")
     @Consumes(MediaType.APPLICATION_JSON)
-    public void onAdminEvent(final AdminEventRepresentation rep, @QueryParam("includeRepresentation") boolean includeRepresentation);
+    void onAdminEvent(final AdminEventRepresentation rep, @QueryParam("includeRepresentation") boolean includeRepresentation);
 
     @POST
     @Path("/remove-user-session")
     @Produces(MediaType.APPLICATION_JSON)
-    Response removeUserSession(@QueryParam("realm") final String realm, @QueryParam("session") final String sessionId);
+    void removeUserSession(@QueryParam("realm") final String realm, @QueryParam("session") final String sessionId);
 
     @POST
     @Path("/remove-user-sessions")
     @Produces(MediaType.APPLICATION_JSON)
-    Response removeUserSessions(@QueryParam("realm") final String realm);
+    void removeUserSessions(@QueryParam("realm") final String realm);
 
     @GET
     @Path("/get-user-session")
@@ -190,7 +190,7 @@ public interface TestingResource {
     @POST
     @Path("/remove-expired")
     @Produces(MediaType.APPLICATION_JSON)
-    Response removeExpired(@QueryParam("realm") final String realm);
+    void removeExpired(@QueryParam("realm") final String realm);
 
     @Path("/cache/{cache}")
     TestingCacheResource cache(@PathParam("cache") String cacheName);

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java
new file mode 100644
index 0000000..9543373
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.util;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.http.ssl.SSLContexts;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.models.Constants;
+import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
+
+import static org.keycloak.testsuite.auth.page.AuthRealm.ADMIN;
+import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
+import static org.keycloak.testsuite.util.IOUtil.PROJECT_BUILD_DIRECTORY;
+
+
+public class AdminClientUtil {
+
+    public static Keycloak createAdminClient() throws Exception {
+        SSLContext ssl = null;
+        if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
+            File trustore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore");
+            ssl = getSSLContextWithTrustore(trustore, "secret");
+
+            System.setProperty("javax.net.ssl.trustStore", trustore.getAbsolutePath());
+        }
+
+        return Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
+                MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID, null, ssl);
+    }
+
+
+    private static SSLContext getSSLContextWithTrustore(File file, String password) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
+        if (!file.isFile()) {
+            throw new RuntimeException("Truststore file not found: " + file.getAbsolutePath());
+        }
+        SSLContext theContext = SSLContexts.custom()
+                .useProtocol("TLS")
+                .loadTrustMaterial(file, password == null ? null : password.toCharArray())
+                .build();
+        return theContext;
+    }
+
+}

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
index d7509ed..d54924b 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java
@@ -54,6 +54,8 @@ import org.openqa.selenium.By;
 import org.openqa.selenium.WebDriver;
 
 import javax.ws.rs.core.UriBuilder;
+
+import java.io.Closeable;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
@@ -271,7 +273,9 @@ public class OAuthClient {
             try {
                 ByteArrayOutputStream out = new ByteArrayOutputStream();
 
-                client.execute(post).getEntity().writeTo(out);
+                CloseableHttpResponse response = client.execute(post);
+                response.getEntity().writeTo(out);
+                response.close();
 
                 return new String(out.toByteArray());
             } catch (Exception e) {
@@ -776,28 +780,32 @@ public class OAuthClient {
         private String error;
         private String errorDescription;
 
-        public AccessTokenResponse(HttpResponse response) throws Exception {
-            statusCode = response.getStatusLine().getStatusCode();
-            if (!"application/json".equals(response.getHeaders("Content-Type")[0].getValue())) {
-                Assert.fail("Invalid content type");
-            }
-
-            String s = IOUtils.toString(response.getEntity().getContent());
-            Map responseJson = JsonSerialization.readValue(s, Map.class);
-
-            if (statusCode == 200) {
-                idToken = (String)responseJson.get("id_token");
-                accessToken = (String)responseJson.get("access_token");
-                tokenType = (String)responseJson.get("token_type");
-                expiresIn = (Integer)responseJson.get("expires_in");
-                refreshExpiresIn = (Integer)responseJson.get("refresh_expires_in");
+        public AccessTokenResponse(CloseableHttpResponse response) throws Exception {
+            try {
+                statusCode = response.getStatusLine().getStatusCode();
+                if (!"application/json".equals(response.getHeaders("Content-Type")[0].getValue())) {
+                    Assert.fail("Invalid content type");
+                }
 
-                if (responseJson.containsKey(OAuth2Constants.REFRESH_TOKEN)) {
-                    refreshToken = (String)responseJson.get(OAuth2Constants.REFRESH_TOKEN);
+                String s = IOUtils.toString(response.getEntity().getContent());
+                Map responseJson = JsonSerialization.readValue(s, Map.class);
+
+                if (statusCode == 200) {
+                    idToken = (String) responseJson.get("id_token");
+                    accessToken = (String) responseJson.get("access_token");
+                    tokenType = (String) responseJson.get("token_type");
+                    expiresIn = (Integer) responseJson.get("expires_in");
+                    refreshExpiresIn = (Integer) responseJson.get("refresh_expires_in");
+
+                    if (responseJson.containsKey(OAuth2Constants.REFRESH_TOKEN)) {
+                        refreshToken = (String) responseJson.get(OAuth2Constants.REFRESH_TOKEN);
+                    }
+                } else {
+                    error = (String) responseJson.get(OAuth2Constants.ERROR);
+                    errorDescription = responseJson.containsKey(OAuth2Constants.ERROR_DESCRIPTION) ? (String) responseJson.get(OAuth2Constants.ERROR_DESCRIPTION) : null;
                 }
-            } else {
-                error = (String)responseJson.get(OAuth2Constants.ERROR);
-                errorDescription = responseJson.containsKey(OAuth2Constants.ERROR_DESCRIPTION) ? (String)responseJson.get(OAuth2Constants.ERROR_DESCRIPTION) : null;
+            } finally {
+                response.close();
             }
         }
 

diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TestCleanup.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TestCleanup.java
new file mode 100644
index 0000000..17ff44a
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TestCleanup.java
@@ -0,0 +1,202 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.util;
+
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.ws.rs.NotFoundException;
+
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.resource.RealmResource;
+
+/**
+ * Enlist resources to be cleaned after test method
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class TestCleanup {
+
+    private final Keycloak adminClient;
+    private final String realmName;
+
+
+    private List<String> identityProviderAliases;
+    private List<String> userIds;
+    private List<String> componentIds;
+    private List<String> clientUuids;
+    private List<String> roleIds;
+    private List<String> groupIds;
+    private List<String> authFlowIds;
+    private List<String> authConfigIds;
+
+    public TestCleanup(Keycloak adminClient, String realmName) {
+        this.adminClient = adminClient;
+        this.realmName = realmName;
+    }
+
+
+    public void addUserId(String userId) {
+        if (userIds == null) {
+            userIds = new LinkedList<>();
+        }
+        userIds.add(userId);
+    }
+
+
+    public void addIdentityProviderAlias(String identityProviderAlias) {
+        if (identityProviderAliases == null) {
+            identityProviderAliases = new LinkedList<>();
+        }
+        identityProviderAliases.add(identityProviderAlias);
+    }
+
+
+    public void addComponentId(String componentId) {
+        if (componentIds == null) {
+            componentIds = new LinkedList<>();
+        }
+        componentIds.add(componentId);
+    }
+
+
+    public void addClientUuid(String clientUuid) {
+        if (clientUuids == null) {
+            clientUuids = new LinkedList<>();
+        }
+        clientUuids.add(clientUuid);
+    }
+
+
+    public void addRoleId(String roleId) {
+        if (roleIds == null) {
+            roleIds = new LinkedList<>();
+        }
+        roleIds.add(roleId);
+    }
+
+
+    public void addGroupId(String groupId) {
+        if (groupIds == null) {
+            groupIds = new LinkedList<>();
+        }
+        groupIds.add(groupId);
+    }
+
+
+    public void addAuthenticationFlowId(String flowId) {
+        if (authFlowIds == null) {
+            authFlowIds = new LinkedList<>();
+        }
+        authFlowIds.add(flowId);
+    }
+
+
+    public void addAuthenticationConfigId(String executionConfigId) {
+        if (authConfigIds == null) {
+            authConfigIds = new LinkedList<>();
+        }
+        authConfigIds.add(executionConfigId);
+    }
+
+
+    public void executeCleanup() {
+        RealmResource realm = adminClient.realm(realmName);
+
+        if (userIds != null) {
+            for (String userId : userIds) {
+                try {
+                    realm.users().get(userId).remove();
+                } catch (NotFoundException nfe) {
+                    // User might be already deleted in the test
+                }
+            }
+        }
+
+        if (identityProviderAliases != null) {
+            for (String idpAlias : identityProviderAliases) {
+                try {
+                    realm.identityProviders().get(idpAlias).remove();
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (componentIds != null) {
+            for (String componentId : componentIds) {
+                try {
+                    realm.components().component(componentId).remove();
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (clientUuids != null) {
+            for (String clientUuId : clientUuids) {
+                try {
+                    realm.clients().get(clientUuId).remove();
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (roleIds != null) {
+            for (String roleId : roleIds) {
+                try {
+                    realm.rolesById().deleteRole(roleId);
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (groupIds != null) {
+            for (String groupId : groupIds) {
+                try {
+                    realm.groups().group(groupId).remove();
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (authFlowIds != null) {
+            for (String flowId : authFlowIds) {
+                try {
+                    realm.flows().deleteFlow(flowId);
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (authConfigIds != null) {
+            for (String configId : authConfigIds) {
+                try {
+                    realm.flows().removeAuthenticatorConfig(configId);
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+    }
+
+}

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java
index 7fbab6a..4e6d767 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java
@@ -21,6 +21,7 @@ import org.junit.Before;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.auth.page.AuthRealm;
 import org.keycloak.testsuite.auth.page.account.Account;
 import org.keycloak.testsuite.auth.page.login.OIDCLogin;
@@ -63,6 +64,7 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest {
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation testRealmRep = new RealmRepresentation();
+        testRealmRep.setId(TEST);
         testRealmRep.setRealm(TEST);
         testRealmRep.setEnabled(true);
         testRealms.add(testRealmRep);
@@ -89,6 +91,8 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest {
 
 
     public void createTestUserWithAdminClient() {
+        ApiUtil.removeUserByUsername(testRealmResource(), "test");
+
         log.debug("creating test user");
         String id = createUserAndResetPasswordWithAdminClient(testRealmResource(), testUser, PASSWORD);
         testUser.setId(id);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
index 2d61388..136a145 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
@@ -19,19 +19,15 @@ package org.keycloak.testsuite;
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.configuration.PropertiesConfiguration;
 import org.apache.http.ssl.SSLContexts;
-import org.h2.util.IOUtils;
 import org.keycloak.common.util.KeycloakUriBuilder;
 import org.keycloak.common.util.Time;
-import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
+import org.keycloak.testsuite.arquillian.KcArquillian;
 import org.keycloak.testsuite.arquillian.TestContext;
 
 import java.io.File;
-import java.io.FileOutputStream;
 import java.io.IOException;
-import java.io.InputStream;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.URL;
 import java.security.KeyManagementException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
@@ -46,7 +42,6 @@ import javax.ws.rs.NotFoundException;
 import org.jboss.arquillian.container.test.api.RunAsClient;
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.jboss.arquillian.graphene.page.Page;
-import org.jboss.arquillian.junit.Arquillian;
 import org.jboss.arquillian.test.api.ArquillianResource;
 import org.jboss.logging.Logger;
 import org.junit.After;
@@ -73,7 +68,9 @@ import org.keycloak.testsuite.auth.page.account.Account;
 import org.keycloak.testsuite.auth.page.login.OIDCLogin;
 import org.keycloak.testsuite.auth.page.login.UpdatePassword;
 import org.keycloak.testsuite.client.KeycloakTestingClient;
+import org.keycloak.testsuite.util.AdminClientUtil;
 import org.keycloak.testsuite.util.OAuthClient;
+import org.keycloak.testsuite.util.TestCleanup;
 import org.keycloak.testsuite.util.TestEventsLogger;
 import org.openqa.selenium.WebDriver;
 
@@ -86,7 +83,7 @@ import static org.keycloak.testsuite.util.IOUtil.PROJECT_BUILD_DIRECTORY;
  *
  * @author tkyjovsk
  */
-@RunWith(Arquillian.class)
+@RunWith(KcArquillian.class)
 @RunAsClient
 public abstract class AbstractKeycloakTest {
 
@@ -136,17 +133,12 @@ public abstract class AbstractKeycloakTest {
 
     @Before
     public void beforeAbstractKeycloakTest() throws Exception {
-        SSLContext ssl = null;
-        if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
-            File trustore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore");
-            ssl = getSSLContextWithTrustore(trustore, "secret");
-
-            System.setProperty("javax.net.ssl.trustStore", trustore.getAbsolutePath());
+        adminClient = testContext.getAdminClient();
+        if (adminClient == null) {
+            adminClient = AdminClientUtil.createAdminClient();
+            testContext.setAdminClient(adminClient);
         }
 
-        adminClient = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
-                MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID, null, ssl);
-
         getTestingClient();
 
         adminUser = createAdminUserRepresentation();
@@ -161,7 +153,13 @@ public abstract class AbstractKeycloakTest {
             suiteContext.setAdminPasswordUpdated(true);
         }
 
-        importTestRealms();
+        if (testContext.getTestRealmReps() == null) {
+            importTestRealms();
+
+            if (!isImportAfterEachMethod()) {
+                testContext.setTestRealmReps(testRealmReps);
+            }
+        }
 
         oauth.init(adminClient, driver);
     }
@@ -172,8 +170,36 @@ public abstract class AbstractKeycloakTest {
             resetTimeOffset();
         }
 
-        removeTestRealms(); // Remove realms after tests. Tests should cleanup after themselves!
-        adminClient.close(); // don't keep admin connection open
+        if (isImportAfterEachMethod()) {
+            log.info("removing test realms after test method");
+            for (RealmRepresentation testRealm : testRealmReps) {
+                removeRealm(testRealm.getRealm());
+            }
+        } else {
+            // Logout all users after the test
+            List<RealmRepresentation> realms = testContext.getTestRealmReps();
+            for (RealmRepresentation realm : realms) {
+                adminClient.realm(realm.getRealm()).logoutAll();
+            }
+
+            // Cleanup objects
+            for (TestCleanup cleanup : testContext.getCleanups().values()) {
+                cleanup.executeCleanup();
+            }
+            testContext.getCleanups().clear();
+        }
+    }
+
+    protected TestCleanup getCleanup(String realmName) {
+        return testContext.getOrCreateCleanup(realmName);
+    }
+
+    protected TestCleanup getCleanup() {
+        return getCleanup("test");
+    }
+
+    protected boolean isImportAfterEachMethod() {
+        return false;
     }
 
     private void updateMasterAdminPassword() {
@@ -194,6 +220,13 @@ public abstract class AbstractKeycloakTest {
         driver.manage().deleteAllCookies();
     }
 
+    protected void deleteAllCookiesForRealm(String realmName) {
+        // masterRealmPage.navigateTo();
+        driver.navigate().to(oauth.AUTH_SERVER_ROOT + "/realms/" + realmName + "/account"); // Because IE webdriver freezes when loading a JSON page (realm page), we need to use this alternative
+        log.info("deleting cookies in '" + realmName + "' realm");
+        driver.manage().deleteAllCookies();
+    }
+
     public void setDefaultPageUriParameters() {
         masterRealmPage.setAuthRealm(MASTER);
         loginPage.setAuthRealm(MASTER);
@@ -201,11 +234,19 @@ public abstract class AbstractKeycloakTest {
 
     public KeycloakTestingClient getTestingClient() {
         if (testingClient == null) {
-            testingClient = KeycloakTestingClient.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth");
+            testingClient = testContext.getTestingClient();
+            if (testingClient == null) {
+                testingClient = KeycloakTestingClient.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth");
+                testContext.setTestingClient(testingClient);
+            }
         }
         return testingClient;
     }
 
+    public TestContext getTestContext() {
+        return testContext;
+    }
+
     public Keycloak getAdminClient() {
         return adminClient;
     }
@@ -230,13 +271,6 @@ public abstract class AbstractKeycloakTest {
         }
     }
 
-    public void removeTestRealms() {
-        log.info("removing test realms");
-        for (RealmRepresentation testRealm : testRealmReps) {
-            removeRealm(testRealm);
-        }
-    }
-
     private UserRepresentation createAdminUserRepresentation() {
         UserRepresentation adminUserRep = new UserRepresentation();
         adminUserRep.setUsername(ADMIN);
@@ -264,10 +298,6 @@ public abstract class AbstractKeycloakTest {
         } catch (NotFoundException e) {
         }
     }
-
-    public void removeRealm(RealmRepresentation realm) {
-        removeRealm(realm.getRealm());
-    }
     
     public RealmsResource realmsResouce() {
         return adminClient.realms();
@@ -360,15 +390,4 @@ public abstract class AbstractKeycloakTest {
             throw new RuntimeException(e);
         }
     }
-
-    public static SSLContext getSSLContextWithTrustore(File file, String password) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
-        if (!file.isFile()) {
-            throw new RuntimeException("Truststore file not found: " + file.getAbsolutePath());
-        }
-        SSLContext theContext = SSLContexts.custom()
-                .useProtocol("TLS")
-                .loadTrustMaterial(file, password == null ? null : password.toCharArray())
-                .build();
-        return theContext;
-    }
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java
index a2d23f7..692f149 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java
@@ -17,6 +17,7 @@
 
 package org.keycloak.testsuite;
 
+import org.junit.After;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.common.util.reflections.Reflections;
 import org.keycloak.events.Details;
@@ -71,6 +72,13 @@ public abstract class AbstractTestRealmKeycloakTest extends AbstractKeycloakTest
         configureTestRealm(testRealm);
     }
 
+
+    // Logout user after test
+    @After
+    public void deleteCookies() {
+        deleteAllCookiesForRealm("test");
+    }
+
     /**
      * This allows a subclass to change the configuration of the testRealm before
      * it is imported.  This method will be called prior to any @Before methods

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
index cd3fdb8..75794eb 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java
@@ -18,6 +18,7 @@ package org.keycloak.testsuite.account;
 
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.jboss.arquillian.graphene.page.Page;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
@@ -159,6 +160,10 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
     public void before() {
         oauth.state("mystate"); // keycloak enforces that a state param has been sent by client
         userId = findUser("test-user@localhost").getId();
+
+        // Revert any password policy and user password changes
+        setPasswordPolicy("");
+        ApiUtil.resetUserPassword(testRealm().users().get(userId), "password", false);
     }
 
     @Test
@@ -399,18 +404,18 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
         events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent();
 
         assertChangePasswordFails   ("password",  "password");  // current: password
-        assertChangePasswordSucceeds("password",  "password1"); // current: password
+        assertChangePasswordSucceeds("password",  "password3"); // current: password
 
-        assertChangePasswordFails   ("password1", "password");  // current: password1, history: password
-        assertChangePasswordFails   ("password1", "password1"); // current: password1, history: password
-        assertChangePasswordSucceeds("password1", "password2"); // current: password1, history: password
+        assertChangePasswordFails   ("password3", "password");  // current: password1, history: password
+        assertChangePasswordFails   ("password3", "password3"); // current: password1, history: password
+        assertChangePasswordSucceeds("password3", "password4"); // current: password1, history: password
 
-        assertChangePasswordFails   ("password2", "password");  // current: password2, history: password, password1
-        assertChangePasswordFails   ("password2", "password1"); // current: password2, history: password, password1
-        assertChangePasswordFails   ("password2", "password2"); // current: password2, history: password, password1
-        assertChangePasswordSucceeds("password2", "password3"); // current: password2, history: password, password1
+        assertChangePasswordFails   ("password4", "password");  // current: password2, history: password, password1
+        assertChangePasswordFails   ("password4", "password3"); // current: password2, history: password, password1
+        assertChangePasswordFails   ("password4", "password4"); // current: password2, history: password, password1
+        assertChangePasswordSucceeds("password4", "password5"); // current: password2, history: password, password1
 
-        assertChangePasswordSucceeds("password3", "password");  // current: password3, history: password1, password2
+        assertChangePasswordSucceeds("password5", "password");  // current: password3, history: password1, password2
     }
 
     @Test
@@ -443,10 +448,10 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
         events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent();
 
         assertChangePasswordFails   ("password",  "password");  // current: password
-        assertChangePasswordSucceeds("password",  "password1"); // current: password
+        assertChangePasswordSucceeds("password",  "password6"); // current: password
 
-        assertChangePasswordFails   ("password1", "password1"); // current: password1
-        assertChangePasswordSucceeds("password1", "password");  // current: password1
+        assertChangePasswordFails   ("password6", "password6"); // current: password1
+        assertChangePasswordSucceeds("password6", "password");  // current: password1
     }
 
     @Test
@@ -611,6 +616,9 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
         Assert.assertEquals("New first", profilePage.getFirstName());
         Assert.assertEquals("New last", profilePage.getLastName());
         Assert.assertEquals("new@email.com", profilePage.getEmail());
+
+        // Revert
+        profilePage.updateProfile("test-user@localhost", "Tom", "Brady", "test-user@localhost");
     }
 
     private void addUser(String username, String email) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java
index aa86133..b1ffef6 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java
@@ -20,9 +20,12 @@ import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.models.AuthenticationExecutionModel.Requirement;
 import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 
 import java.util.Arrays;
 
+import javax.ws.rs.core.Response;
+
 import static org.junit.Assert.assertEquals;
 import static org.keycloak.testsuite.util.OAuthClient.APP_ROOT;
 
@@ -36,7 +39,7 @@ public class CustomAuthFlowCookieTest extends AbstractCustomAccountManagementTes
     @Override
     public void beforeTest() {
         super.beforeTest();
-        
+
         ClientRepresentation testApp = new ClientRepresentation();
         testApp.setClientId("test-app");
         testApp.setEnabled(true);
@@ -44,7 +47,10 @@ public class CustomAuthFlowCookieTest extends AbstractCustomAccountManagementTes
         testApp.setRedirectUris(Arrays.asList(new String[]{APP_ROOT + "/*"}));
         testApp.setAdminUrl(APP_ROOT + "/logout");
         testApp.setSecret("password");
-        assertEquals(201, testRealmResource().clients().create(testApp).getStatus());
+        Response response = testRealmResource().clients().create(testApp);
+        assertEquals(201, response.getStatus());
+        getCleanup().addClientUuid(ApiUtil.getCreatedId(response));
+        response.close();
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java
index e492672..4f192e6 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java
@@ -20,15 +20,18 @@ import org.jboss.arquillian.graphene.page.Page;
 import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.models.AuthenticationExecutionModel.Requirement;
+import org.keycloak.models.utils.DefaultAuthenticationFlows;
 import org.keycloak.models.utils.TimeBasedOTP;
 import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
 import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.admin.Users;
 import org.keycloak.testsuite.auth.page.login.OneTimeCode;
 import org.keycloak.testsuite.pages.LoginConfigTotpPage;
 
+import javax.ws.rs.NotFoundException;
 import javax.ws.rs.core.Response;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -101,6 +104,10 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
 
     @Test
     public void requireOTPTest() {
+        //update realm browser flow
+        RealmRepresentation realm = testRealmResource().toRepresentation();
+        realm.setBrowserFlow("browser");
+        testRealmResource().update(realm);
 
         updateRequirement("browser", "auth-otp-form", Requirement.REQUIRED);
         testRealmAccountManagementPage.navigateTo();
@@ -225,10 +232,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         setConditionalOTPForm(config);
 
         //create role
-        RoleRepresentation role = new RoleRepresentation("otp_role", "", false);
-        testRealmResource().roles().create(role);
-        //obtain id
-        role = testRealmResource().roles().get("otp_role").toRepresentation();
+        RoleRepresentation role = getOrCreateOTPRole();
+
         //add role to user
         List<RoleRepresentation> realmRoles = new ArrayList<>();
         realmRoles.add(role);
@@ -250,10 +255,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         setConditionalOTPForm(config);
 
         //create role
-        RoleRepresentation role = new RoleRepresentation("otp_role", "", false);
-        testRealmResource().roles().create(role);
-        //obtain id
-        role = testRealmResource().roles().get("otp_role").toRepresentation();
+        RoleRepresentation role = getOrCreateOTPRole();
+
         //add role to user
         List<RoleRepresentation> realmRoles = new ArrayList<>();
         realmRoles.add(role);
@@ -273,6 +276,17 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         assertCurrentUrlStartsWith(testLoginOneTimeCodePage);
     }
 
+    private RoleRepresentation getOrCreateOTPRole() {
+        try {
+            return testRealmResource().roles().get("otp_role").toRepresentation();
+        } catch (NotFoundException ex) {
+            RoleRepresentation role = new RoleRepresentation("otp_role", "", false);
+            testRealmResource().roles().create(role);
+            //obtain id
+            return testRealmResource().roles().get("otp_role").toRepresentation();
+        }
+    }
+
     @Test
     public void conditionalOTPRequestHeaderSkip() {
         //prepare config - request header skip, default to force
@@ -313,6 +327,19 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
     }
 
     private void setConditionalOTPForm(Map<String, String> config) {
+        List<AuthenticationFlowRepresentation> authFlows = getAuthMgmtResource().getFlows();
+        for (AuthenticationFlowRepresentation flow : authFlows) {
+            if ("ConditionalOTPFlow".equals(flow.getAlias())) {
+                //update realm browser flow
+                RealmRepresentation realm = testRealmResource().toRepresentation();
+                realm.setBrowserFlow(DefaultAuthenticationFlows.BROWSER_FLOW);
+                testRealmResource().update(realm);
+
+                getAuthMgmtResource().deleteFlow(flow.getId());
+                break;
+            }
+        }
+
         String flowAlias = "ConditionalOTPFlow";
         String provider = "auth-conditional-otp-form";
         
@@ -335,7 +362,7 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         
         //set username-password requirement to required
         updateRequirement(flowAlias, "auth-username-password-form", Requirement.REQUIRED);
-        
+
         //add execution - conditional OTP
         data.clear();
         data.put("provider", provider);
@@ -360,6 +387,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         //add auth config to the execution
         response = getAuthMgmtResource().newExecutionConfig(executionId, authConfig);
         assertEquals("new execution success", 201, response.getStatus());
+        getCleanup().addAuthenticationConfigId(ApiUtil.getCreatedId(response));
         response.close();
     }
+
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
index 63a2315..95274c6 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
@@ -191,6 +191,13 @@ public class ProfileTest extends AbstractTestRealmKeycloakTest {
         assertEquals("newemail@localhost", profile.getEmail());
         assertEquals("NewFirst", profile.getFirstName());
         assertEquals("NewLast", profile.getLastName());
+
+        // Revert
+        user.setFirstName("First");
+        user.setLastName("Last");
+        user.setEmail("test-user@localhost");
+        doUpdateProfile(token, null, JsonSerialization.writeValueAsString(user));
+        assertEquals(200, response.getStatusLine().getStatusCode());
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java
index 9b03ccc..59d277c 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java
@@ -22,6 +22,7 @@ import org.junit.Test;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.auth.page.AuthRealm;
 import org.keycloak.testsuite.auth.page.account.AccountManagement;
 import org.keycloak.testsuite.auth.page.login.OIDCLogin;
@@ -53,13 +54,10 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
     @Page
     private VerifyEmail testRealmVerifyEmailPage;
 
-    private UserRepresentation user;
-
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
         log.info("enable verify email and configure smtp server to run with ssl in test realm");
 
-        user = RealmRepUtil.findUser(testRealm, "test-user@localhost");
         testRealm.setSmtpServer(SslMailServer.getServerConfiguration());
         testRealm.setVerifyEmail(true);
     }
@@ -82,6 +80,8 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
 
     @Test
     public void verifyEmailWithSslEnabled() {
+        UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost");
+
         SslMailServer.startWithSsl(this.getClass().getClassLoader().getResource(SslMailServer.PRIVATE_KEY).getFile());
         accountManagement.navigateTo();
         testRealmLoginPage.form().login(user.getUsername(), "password");
@@ -98,15 +98,17 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
 
         assertCurrentUrlStartsWith(accountManagement);
         accountManagement.signOut();
-        testRealmLoginPage.form().login(user);
+        testRealmLoginPage.form().login(user.getUsername(), "password");
         assertCurrentUrlStartsWith(accountManagement);
     }
 
     @Test
     public void verifyEmailWithSslWrongCertificate() {
+        UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost");
+
         SslMailServer.startWithSsl(this.getClass().getClassLoader().getResource(SslMailServer.INVALID_KEY).getFile());
         accountManagement.navigateTo();
-        loginPage.form().login(user);
+        loginPage.form().login(user.getUsername(), "password");
 
         assertEquals("Failed to send email, please try again later.\n" +
                         "« Back to Application",

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
index 16223e7..539267f 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
@@ -27,8 +27,10 @@ import org.keycloak.events.Errors;
 import org.keycloak.events.EventType;
 import org.keycloak.representations.idm.EventRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -38,11 +40,13 @@ import org.keycloak.testsuite.pages.RegisterPage;
 import org.keycloak.testsuite.pages.VerifyEmailPage;
 import org.keycloak.testsuite.util.GreenMailRule;
 import org.keycloak.testsuite.util.MailUtils;
+import org.keycloak.testsuite.util.UserBuilder;
 
 import javax.mail.MessagingException;
 import javax.mail.Multipart;
 import javax.mail.internet.MimeMessage;
 import java.io.IOException;
+import java.util.Collections;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
@@ -85,6 +89,13 @@ public class RequiredActionEmailVerificationTest extends AbstractTestRealmKeyclo
     @Before
     public void before() {
         oauth.state("mystate"); // have to set this as keycloak validates that state is sent
+
+
+        ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost");
+        UserRepresentation user = UserBuilder.create().enabled(true)
+                .username("test-user@localhost")
+                .email("test-user@localhost").build();
+        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
index f3d0904..f613087 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
@@ -17,6 +17,7 @@
 package org.keycloak.testsuite.actions;
 
 import org.jboss.arquillian.graphene.page.Page;
+import org.jboss.arquillian.junit.InSequence;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
@@ -32,8 +33,10 @@ import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentatio
 import org.keycloak.representations.idm.EventRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AccountTotpPage;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
@@ -42,7 +45,9 @@ import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.pages.LoginTotpPage;
 import org.keycloak.testsuite.pages.RegisterPage;
 import org.keycloak.testsuite.util.RealmBuilder;
+import org.keycloak.testsuite.util.UserBuilder;
 
+import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -75,6 +80,15 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
                 adminClient.realm("test").flows().updateExecutions("browser", execution);
             }
         }
+
+        ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost");
+        UserRepresentation user = UserBuilder.create().enabled(true)
+                .username("test-user@localhost")
+                .email("test-user@localhost")
+                .firstName("Tom")
+                .lastName("Brady")
+                .requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build();
+        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
     }
 
 
@@ -266,6 +280,12 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
         Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
 
         events.expectLogin().assertEvent();
+
+        // Revert
+        realmRep = adminClient.realm("test").toRepresentation();
+        RealmBuilder.edit(realmRep)
+                .otpDigits(6);
+        adminClient.realm("test").update(realmRep);
     }
 
     @Test
@@ -334,6 +354,18 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
         Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
 
         events.expectLogin().assertEvent();
+
+        // Revert
+        realmRep = adminClient.realm("test").toRepresentation();
+        RealmBuilder.edit(realmRep)
+                .otpLookAheadWindow(1)
+                .otpDigits(6)
+                .otpPeriod(30)
+                .otpType(UserCredentialModel.TOTP)
+                .otpAlgorithm(HmacOTP.HMAC_SHA1)
+                .otpInitialCounter(0);
+        adminClient.realm("test").update(realmRep);
+
     }
 
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
index 7113ce3..80ee0fe 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
@@ -18,6 +18,7 @@ package org.keycloak.testsuite.actions;
 
 import org.jboss.arquillian.graphene.page.Page;
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.events.Details;
@@ -27,10 +28,12 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.pages.LoginUpdateProfileEditUsernameAllowedPage;
+import org.keycloak.testsuite.util.UserBuilder;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -55,6 +58,27 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe
         ActionUtil.addRequiredActionForUser(testRealm, "john-doh@localhost", UserModel.RequiredAction.UPDATE_PROFILE.name());
     }
 
+    @Before
+    public void beforeTest() {
+        ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost");
+        UserRepresentation user = UserBuilder.create().enabled(true)
+                .username("test-user@localhost")
+                .email("test-user@localhost")
+                .firstName("Tom")
+                .lastName("Brady")
+                .requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build();
+        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
+
+        ApiUtil.removeUserByUsername(testRealm(), "john-doh@localhost");
+        user = UserBuilder.create().enabled(true)
+                .username("john-doh@localhost")
+                .email("john-doh@localhost")
+                .firstName("John")
+                .lastName("Doh")
+                .requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build();
+        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
+    }
+
     @Test
     public void updateProfile() {
         loginPage.open();
@@ -112,6 +136,7 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe
         Assert.assertEquals("New last", user.getLastName());
         Assert.assertEquals("john-doh@localhost", user.getEmail());
         Assert.assertEquals("new", user.getUsername());
+        getCleanup().addUserId(user.getId());
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
index 8eebf8f..f1edf4a 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
@@ -79,6 +79,12 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
         }
     }
 
+    // TODO: Fix to not require re-import
+    @Override
+    protected boolean isImportAfterEachMethod() {
+        return true;
+    }
+
     private void modifyClientJWKSUrl(RealmRepresentation realm, String regex, String replacement) {
         if (realm.getClients() != null) {
             realm.getClients().stream().

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java
index 85c6a5e..275a078 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java
@@ -30,7 +30,6 @@ import org.keycloak.OAuth2Constants;
 import org.keycloak.admin.client.resource.ClientResource;
 import org.keycloak.common.Version;
 import org.keycloak.common.util.Time;
-import org.keycloak.common.util.UriUtils;
 import org.keycloak.constants.AdapterConstants;
 import org.keycloak.events.Details;
 import org.keycloak.events.EventType;
@@ -51,6 +50,7 @@ import org.keycloak.testsuite.auth.page.login.OAuthGrant;
 import org.keycloak.testsuite.console.page.events.Config;
 import org.keycloak.testsuite.console.page.events.LoginEvents;
 import org.keycloak.testsuite.util.*;
+import org.keycloak.testsuite.util.URLUtils;
 import org.keycloak.util.BasicAuthHelper;
 
 import org.openqa.selenium.By;
@@ -79,6 +79,7 @@ import javax.ws.rs.core.Response.Status;
 import static org.hamcrest.Matchers.*;
 import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO;
 import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlEquals;
+import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
 import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf;
 import static org.keycloak.testsuite.util.WaitUtils.*;
 
@@ -372,7 +373,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
         Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
 
         RealmRepresentation demoRealmRep = testRealmResource().toRepresentation();
-        int originalIdle = demoRealmRep.getSsoSessionMaxLifespan();
+        int originalMax = demoRealmRep.getSsoSessionMaxLifespan();
         demoRealmRep.setSsoSessionMaxLifespan(1);
         testRealmResource().update(demoRealmRep);
 
@@ -380,7 +381,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
         productPortal.navigateTo();
         assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
 
-        demoRealmRep.setSsoSessionIdleTimeout(originalIdle);
+        demoRealmRep.setSsoSessionMaxLifespan(originalMax);
         testRealmResource().update(demoRealmRep);
 
         String logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder())
@@ -660,6 +661,11 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
                 .assertEvent();
 
         assertEvents.assertEmpty();
+
+        // Revert consent
+        client = clientResource.toRepresentation();
+        client.setConsentRequired(false);
+        clientResource.update(client);
     }
 
     @Test
@@ -701,6 +707,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
 
 
         driver.navigate().to(testRealmPage.getOIDCLogoutUrl() + "?redirect_uri=" + customerPortal);
+        assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
 
         assertEvents.expectLogout(null)
                 .realm(realm.getId())

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java
index fc6bd67..c31b9c5 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java
@@ -19,7 +19,6 @@ package org.keycloak.testsuite.adapter.servlet;
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
 import javax.ws.rs.core.Response;
@@ -100,8 +99,6 @@ public abstract class AbstractOIDCPublicKeyRotationAdapterTest extends AbstractS
     }
 
 
-
-
     @Before
     public void beforeRotationAdapterTest() {
         // Delete all cookies from token-min-ttl page to be sure we are logged out

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java
index 25ba365..ca4c5c2 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java
@@ -27,9 +27,4 @@ import org.junit.Ignore;
  */
 @AppServerContainer("auth-server-undertow")
 public class UndertowDemoFilterServletAdapterTest extends AbstractDemoFilterServletAdapterTest {
-    @Ignore
-    @Override
-    public void testAuthenticatedWithCustomSessionConfig() {
-        // Undertow deployment ignores session cookie settings in web.xml, see org.keycloak.testsuite.arquillian.undertow.SimpleWebXmlParser class
-    }
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java
index 01456d4..7d466a6 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java
@@ -17,7 +17,6 @@
 
 package org.keycloak.testsuite.admin;
 
-import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
 import org.keycloak.admin.client.resource.RealmResource;
@@ -25,6 +24,7 @@ import org.keycloak.events.log.JBossLoggingEventListenerProviderFactory;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
 import org.keycloak.testsuite.events.EventsListenerProviderFactory;
+import org.keycloak.testsuite.util.TestCleanup;
 import org.keycloak.testsuite.util.AssertAdminEvents;
 import org.keycloak.util.JsonSerialization;
 
@@ -55,11 +55,14 @@ public abstract class AbstractAdminTest extends AbstractTestRealmKeycloakTest {
         findTestApp(testRealm).setDirectAccessGrantsEnabled(true);
     }
 
+
+
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         super.addTestRealms(testRealms);
 
         RealmRepresentation adminRealmRep = new RealmRepresentation();
+        adminRealmRep.setId(REALM_NAME);
         adminRealmRep.setRealm(REALM_NAME);
         adminRealmRep.setEnabled(true);
         Map<String, String> config = new HashMap<>();
@@ -82,14 +85,9 @@ public abstract class AbstractAdminTest extends AbstractTestRealmKeycloakTest {
         realmId = realm.toRepresentation().getId();
     }
 
-    // old testsuite expects this realm to be removed at the end of the test
-    @After
-    public void after() {
-        for (RealmRepresentation r : adminClient.realms().findAll()) {
-            if (r.getRealm().equals(REALM_NAME)) {
-                removeRealm(r);
-            }
-        }
+    @Override
+    protected TestCleanup getCleanup() {
+        return getCleanup(REALM_NAME);
     }
 
     // Taken from Keycloak class in old testsuite.

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java
index bf366cf..cc47020 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java
@@ -35,7 +35,6 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import javax.ws.rs.core.Response.StatusType;
 import java.net.URI;
-import java.security.PublicKey;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -174,6 +173,13 @@ public class ApiUtil {
         userResource.roles().realmLevel().add(roleRepresentations);
     }
 
+    public static void removeUserByUsername(RealmResource realmResource, String username) {
+        UserRepresentation user = findUserByUsername(realmResource, username);
+        if (user != null) {
+            realmResource.users().delete(user.getId());
+        }
+    }
+
     public static void assignClientRoles(RealmResource realm, String userId, String clientName, String... roles) {
         String realmName = realm.toRepresentation().getRealm();
         String clientId = "";

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java
index 540a5dc..383be49 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java
@@ -30,6 +30,7 @@ import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
 import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.util.AdminEventPaths;
 import org.keycloak.testsuite.util.AssertAdminEvents;
 import org.keycloak.testsuite.util.RealmBuilder;
@@ -196,6 +197,8 @@ public abstract class AbstractAuthenticationTest extends AbstractKeycloakTest {
         Response response = authMgmtResource.createFlow(flowRep);
         org.keycloak.testsuite.Assert.assertEquals(201, response.getStatus());
         response.close();
+        String flowId = ApiUtil.getCreatedId(response);
+        getCleanup().addAuthenticationFlowId(flowId);
         assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authFlowsPath()), flowRep, ResourceType.AUTH_FLOW);
     }
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java
index 990175d..a728c8e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java
@@ -24,7 +24,9 @@ import org.keycloak.events.admin.OperationType;
 import org.keycloak.events.admin.ResourceType;
 import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation;
 import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.util.AdminEventPaths;
+import org.keycloak.testsuite.util.AssertAdminEvents;
 
 import javax.ws.rs.BadRequestException;
 import javax.ws.rs.NotFoundException;
@@ -45,15 +47,16 @@ public class FlowTest extends AbstractAuthenticationTest {
     // KEYCLOAK-3681: Delete top flow doesn't delete all subflows
     @Test
     public void testRemoveSubflows() {
-        authMgmtResource.createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
+        createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
         addFlowToParent("Foo", "child");
         addFlowToParent("child", "grandchild");
         
         List<AuthenticationFlowRepresentation> flows = authMgmtResource.getFlows();
         AuthenticationFlowRepresentation found = findFlowByAlias("Foo", flows);
         authMgmtResource.deleteFlow(found.getId());
-        
-        authMgmtResource.createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
+        assertAdminEvents.clear();
+
+        createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
         addFlowToParent("Foo", "child");
         
         // Under the old code, this would throw an error because "grandchild"

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java
index c247009..244323b 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java
@@ -36,7 +36,6 @@ import org.keycloak.testsuite.util.RealmBuilder;
 
 import javax.ws.rs.core.Response;
 import java.util.List;
-import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
 
 /**
  *
@@ -50,11 +49,10 @@ public abstract class AbstractClientTest extends AbstractAuthTest {
     @Override
     public void setDefaultPageUriParameters() {
         super.setDefaultPageUriParameters();
-        testRealmPage.setAuthRealm(MASTER);
-        testRealmLoginPage.setAuthRealm(testRealmPage);
-        testRealmAccountPage.setAuthRealm(testRealmPage);
+        testRealmPage.setAuthRealm("test");
+        accountPage.setAuthRealm("test");
     }    
-    
+
     @Before
     public void setupAdminEvents() {
         RealmRepresentation realm = testRealmResource().toRepresentation();
@@ -75,7 +73,7 @@ public abstract class AbstractClientTest extends AbstractAuthTest {
     }
 
     protected String getRealmId() {
-        return MASTER;
+        return "test";
     }
 
     // returns UserRepresentation retrieved from server, with all fields, including id

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java
index 2922a3e..4b2168f 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java
@@ -17,20 +17,16 @@
 
 package org.keycloak.testsuite.admin.client.authorization;
 
-import static com.sun.corba.se.impl.oa.poa.Policies.defaultPolicies;
 import static org.junit.Assert.assertEquals;
 
-import java.util.List;
 
+import org.junit.After;
+import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.AuthorizationResource;
 import org.keycloak.admin.client.resource.ClientResource;
-import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
 import org.keycloak.representations.idm.ClientRepresentation;
-import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
-import org.keycloak.representations.idm.authorization.PolicyRepresentation;
-import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
 import org.keycloak.util.JsonSerialization;
 
@@ -40,6 +36,27 @@ import org.keycloak.util.JsonSerialization;
  */
 public class ImportAuthorizationSettingsTest extends AbstractAuthorizationTest {
 
+    @Before
+    public void createRole() {
+        ClientResource clientResource = getClientResource();
+
+        RoleRepresentation role = new RoleRepresentation();
+        role.setName("admin");
+        clientResource.roles().create(role);
+    }
+
+    @After
+    public void onAfterAuthzTests() {
+        ClientResource clientResource = getClientResource();
+
+        // Needed to disable authz first. TODO: Looks like a bug. Check later...
+        ClientRepresentation client = clientResource.toRepresentation();
+        client.setAuthorizationServicesEnabled(false);
+        clientResource.update(client);
+
+        getClientResource().remove();
+    }
+
     @Test
     public void testImportUnorderedSettings() throws Exception {
         ClientResource clientResource = getClientResource();

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java
index a33b2a1..eb3d2df 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java
@@ -75,7 +75,7 @@ public class InstallationTest extends AbstractClientTest {
     }
 
     private String samlUrl() {
-        return authServerUrl() + "/realms/master/protocol/saml";
+        return authServerUrl() + "/realms/test/protocol/saml";
     }
 
     @Test
@@ -111,7 +111,7 @@ public class InstallationTest extends AbstractClientTest {
     }
 
     private void assertOidcInstallationConfig(String config) {
-        assertThat(config, containsString("master"));
+        assertThat(config, containsString("test"));
         assertThat(config, not(containsString(ApiUtil.findActiveKey(testRealmResource()).getPublicKey())));
         assertThat(config, containsString(authServerUrl()));
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java
index e25533f..6d99297 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java
@@ -38,7 +38,7 @@ import static org.junit.Assert.assertNotNull;
  * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
  */
 public class SessionTest extends AbstractClientTest {
-    private static boolean testUserCreated = false;
+
 
     @Page
     protected AccountManagement testRealmAccountManagementPage;
@@ -46,13 +46,18 @@ public class SessionTest extends AbstractClientTest {
     @Before
     public void init() {
         // make user test user exists in test realm
-        if (!testUserCreated) {
-            createTestUserWithAdminClient();
+        createTestUserWithAdminClient();
+        getCleanup().addUserId(testUser.getId());
+
+        assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId()), ResourceType.USER);
+        assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId()), ResourceType.USER);
+    }
 
-            assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId()), ResourceType.USER);
-            assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId()), ResourceType.USER);
-        }
-        testUserCreated = true;
+    @Override
+    public void setDefaultPageUriParameters() {
+        super.setDefaultPageUriParameters();
+        testRealmAccountManagementPage.setAuthRealm(getRealmId());
+        loginPage.setAuthRealm(getRealmId());
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
index 1d15f39..1038491 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
@@ -81,6 +81,7 @@ public class ClientTest extends AbstractAdminTest {
         Response response = realm.clients().create(rep);
         response.close();
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(id);
 
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), rep, ResourceType.CLIENT);
 
@@ -212,6 +213,8 @@ public class ClientTest extends AbstractAdminTest {
     public void serviceAccount() {
         Response response = realm.clients().create(ClientBuilder.create().clientId("serviceClient").serviceAccount().build());
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(id);
+        response.close();
         UserRepresentation userRep = realm.clients().get(id).getServiceAccountUser();
         assertEquals("service-account-serviceclient", userRep.getUsername());
     }
@@ -237,7 +240,10 @@ public class ClientTest extends AbstractAdminTest {
                 .redirectUris("http://localhost/auth", "http://localhost/auth*")
                 .build();
         Response response = realm.clients().create(client);
-        ClientResource clientResource = realm.clients().get(ApiUtil.getCreatedId(response));
+        String clientUuid = ApiUtil.getCreatedId(response);
+        ClientResource clientResource = realm.clients().get(clientUuid);
+        getCleanup().addClientUuid(clientUuid);
+        response.close();
 
         client = clientResource.toRepresentation();
         client.setRootUrl("http://localhost/base#someFragment");
@@ -291,6 +297,7 @@ public class ClientTest extends AbstractAdminTest {
 
         Response response = realm.clients().create(client);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(id);
         response.close();
 
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), client, ResourceType.CLIENT);
@@ -378,6 +385,7 @@ public class ClientTest extends AbstractAdminTest {
     public void scopes() {
         Response response = realm.clients().create(ClientBuilder.create().clientId("client").fullScopeEnabled(false).build());
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(id);
         response.close();
 
         assertAdminEvents.poll();

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java
index 16a6ff3..4634bfb 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java
@@ -49,7 +49,7 @@ public class ComponentsTest extends AbstractAdminTest {
 
     @Test
     public void testNotDeadlocked() {
-        for (int i = 0; i < 100; i++) {
+        for (int i = 0; i < 50; i++) {
             ComponentRepresentation rep = createComponentRepresentation("test-" + i);
             rep.getConfig().putSingle("required", "required-value");
             createComponent(rep);
@@ -263,6 +263,7 @@ public class ComponentsTest extends AbstractAdminTest {
         ComponentsResource components = realm.components();
         Response response = components.add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
         response.close();
         return id;
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java
index 157a98d..583ec1b 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java
@@ -268,12 +268,13 @@ public class ConcurrencyTest extends AbstractAdminTest {
             Thread thread = new Thread() {
                 @Override
                 public void run() {
+                    Keycloak keycloak = null;
                     try {
                         if (lock != null) {
                             lock.lock();
                         }
 
-                        Keycloak keycloak = Keycloak.getInstance(getAuthServerRoot().toString(), "master", "admin", "admin", org.keycloak.models.Constants.ADMIN_CLI_CLIENT_ID);
+                        keycloak = Keycloak.getInstance(getAuthServerRoot().toString(), "master", "admin", "admin", org.keycloak.models.Constants.ADMIN_CLI_CLIENT_ID);
                         RealmResource realm = keycloak.realm(REALM_NAME);
                         for (int i = 0; i < numIterationsPerThread && latch.getCount() > 0; i++) {
                             log.infov("thread {0}, iteration {1}", threadNum, i);
@@ -286,6 +287,7 @@ public class ConcurrencyTest extends AbstractAdminTest {
                             latch.countDown();
                         }
                     } finally {
+                        keycloak.close();
                         if (lock != null) {
                             lock.unlock();
                         }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java
index 100e452..557177b 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java
@@ -17,36 +17,26 @@
 
 package org.keycloak.testsuite.admin;
 
-import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.admin.client.Keycloak;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.common.util.Time;
 import org.keycloak.models.AdminRoles;
 import org.keycloak.models.Constants;
-import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.services.resources.admin.RealmAuth.Resource;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
 import org.keycloak.testsuite.util.ClientBuilder;
-import org.keycloak.testsuite.util.CredentialBuilder;
-import org.keycloak.testsuite.util.GreenMailRule;
 import org.keycloak.testsuite.util.RealmBuilder;
 import org.keycloak.testsuite.util.UserBuilder;
 
 import javax.ws.rs.ClientErrorException;
 import javax.ws.rs.core.Response;
-import java.lang.reflect.Method;
-import java.util.Arrays;
-import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.atomic.AtomicReference;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
 import static org.junit.Assert.fail;
 
 /**
@@ -60,8 +50,6 @@ public class CrossRealmPermissionsTest extends AbstractKeycloakTest {
     private RealmResource realm1;
     private RealmResource realm2;
 
-    @Rule public GreenMailRule greenMailRule = new GreenMailRule();
-
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmBuilder builder = RealmBuilder.create().name(REALM_NAME).testMail();

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java
index 9cb3c32..414151c 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java
@@ -17,9 +17,11 @@
 package org.keycloak.testsuite.admin.event;
 
 import org.junit.Before;
+import org.junit.Rule;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
 import org.keycloak.testsuite.AbstractAuthTest;
+import org.keycloak.testsuite.util.TestCleanup;
 
 import java.util.Collections;
 import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
@@ -32,14 +34,6 @@ public abstract class AbstractEventTest extends AbstractAuthTest {
 
     protected RealmEventsConfigRepresentation configRep;
 
-    @Override
-    public void setDefaultPageUriParameters() {
-        super.setDefaultPageUriParameters();
-        testRealmPage.setAuthRealm(MASTER);
-        testRealmLoginPage.setAuthRealm(testRealmPage);
-        testRealmAccountPage.setAuthRealm(testRealmPage);
-    }
-
     @Before
     public void setConfigRep() {
         RealmResource testRsc = testRealmResource();
@@ -51,6 +45,12 @@ public abstract class AbstractEventTest extends AbstractAuthTest {
         saveConfig();
     }
 
+    @Override
+    public void setDefaultPageUriParameters() {
+        testRealmPage.setAuthRealm("test");
+        accountPage.setAuthRealm("test");
+    }
+
     protected void saveConfig() {
         RealmResource testRsc = testRealmResource();
         testRsc.updateRealmEventsConfig(configRep);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java
index 96e2920..ce23308 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java
@@ -59,7 +59,9 @@ public class AdminEventTest extends AbstractEventTest {
 
     private String createUser(String username) {
         UserRepresentation user = createUserRepresentation(username, username + "@foo.com", "foo", "bar", true);
-        return ApiUtil.createUserWithAdminClient(testRealmResource(), user);
+        String userId = ApiUtil.createUserWithAdminClient(testRealmResource(), user);
+        getCleanup().addUserId(userId);
+        return userId;
     }
 
     private void updateRealm() {
@@ -90,7 +92,7 @@ public class AdminEventTest extends AbstractEventTest {
         assertNull(event.getError());
 
         AuthDetailsRepresentation details = event.getAuthDetails();
-        assertEquals(realmName(), details.getRealmId());
+        assertEquals("master", details.getRealmId());
         assertNotNull(details.getClientId());
         assertNotNull(details.getUserId());
         assertNotNull(details.getIpAddress());
@@ -106,7 +108,7 @@ public class AdminEventTest extends AbstractEventTest {
         assertEquals("CREATE", event.getOperationType());
 
         assertEquals(realmName(), event.getRealmId());
-        assertEquals(realmName(), event.getAuthDetails().getRealmId());
+        assertEquals("master", event.getAuthDetails().getRealmId());
         assertNull(event.getRepresentation());
     }
 
@@ -130,7 +132,7 @@ public class AdminEventTest extends AbstractEventTest {
         updateRealm();
         assertEquals(3, events().size());
 
-        List<AdminEventRepresentation> events = testRealmResource().getAdminEvents(Arrays.asList("CREATE"), realmName(), null, null, null, null, null, null, null, null);
+        List<AdminEventRepresentation> events = testRealmResource().getAdminEvents(Arrays.asList("CREATE"), null, null, null, null, null, null, null, null, null);
         assertEquals(2, events.size());
     }
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java
index dc0d787..e356227 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java
@@ -60,7 +60,7 @@ public class LoginEventsTest extends AbstractEventTest {
     }
 
     private void badLogin() {
-        loginEventsPage.navigateTo();
+        accountPage.navigateTo();
         loginPage.form().login("bad", "user");
     }
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java
index 79908d8..b7274ec 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java
@@ -142,6 +142,7 @@ public class GroupTest extends AbstractGroupTest {
     private GroupRepresentation createGroup(RealmResource realm, GroupRepresentation group) {
         Response response = realm.groups().add(group);
         String groupId = ApiUtil.getCreatedId(response);
+        getCleanup().addGroupId(groupId);
         response.close();
 
         assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupPath(groupId), group, ResourceType.GROUP);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
index 2fbb5a3..5d93d39 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java
@@ -207,6 +207,8 @@ public class IdentityProviderTest extends AbstractAdminTest {
         Assert.assertNotNull(ApiUtil.getCreatedId(response));
         response.close();
 
+        getCleanup().addIdentityProviderAlias(idpRep.getAlias());
+
         String secret = idpRep.getConfig() != null ? idpRep.getConfig().get("clientSecret") : null;
         idpRep = StripSecretsUtils.strip(idpRep);
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java
index 26b1b16..72421cc 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java
@@ -18,6 +18,7 @@
 package org.keycloak.testsuite.admin;
 
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.Config;
@@ -63,11 +64,6 @@ public class ImpersonationTest extends AbstractKeycloakTest {
     private String impersonatedUserId;
 
     @Override
-    public void beforeAbstractKeycloakTest() throws Exception {
-        super.beforeAbstractKeycloakTest();
-    }
-
-    @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmBuilder realm = RealmBuilder.create().name("test").testEventListener();
 
@@ -85,10 +81,15 @@ public class ImpersonationTest extends AbstractKeycloakTest {
     
     @BeforeClass
     public static void enabled() {
-        Assume.assumeFalse("impersonation".equals(System.getProperty("feature.name")) 
+        Assume.assumeFalse("impersonation".equals(System.getProperty("feature.name"))
                 && "disabled".equals(System.getProperty("feature.value")));
     }
 
+    @Before
+    public void beforeTest() {
+        impersonatedUserId = ApiUtil.findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId();
+    }
+
     @Test
     public void testImpersonateByMasterAdmin() {
         // test that composite is set up right for impersonation role

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
index ce2863b..d821179 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java
@@ -18,6 +18,8 @@
 package org.keycloak.testsuite.admin;
 
 import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput;
+import org.junit.AfterClass;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.admin.client.Keycloak;
@@ -55,12 +57,14 @@ import org.keycloak.services.resources.admin.RealmAuth.Resource;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.Assert;
 import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
+import org.keycloak.testsuite.util.AdminClientUtil;
 import org.keycloak.testsuite.util.ClientBuilder;
 import org.keycloak.testsuite.util.CredentialBuilder;
 import org.keycloak.testsuite.util.FederatedIdentityBuilder;
 import org.keycloak.testsuite.util.GreenMailRule;
 import org.keycloak.testsuite.util.IdentityProviderBuilder;
 import org.keycloak.testsuite.util.RealmBuilder;
+import org.keycloak.testsuite.util.TestCleanup;
 import org.keycloak.testsuite.util.UserBuilder;
 
 import javax.ws.rs.ClientErrorException;
@@ -100,17 +104,11 @@ public class PermissionsTest extends AbstractKeycloakTest {
                 .username(AdminRoles.REALM_ADMIN)
                 .role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN)
                 .addPassword("password"));
-        clients.put(AdminRoles.REALM_ADMIN,
-                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, AdminRoles.REALM_ADMIN, "password", "test-client",
-                        "secret"));
 
         builder.user(UserBuilder.create().username("none").addPassword("password"));
-        clients.put("none",
-                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, "none", "password", "test-client", "secret"));
 
         for (String role : AdminRoles.ALL_REALM_ROLES) {
             builder.user(UserBuilder.create().username(role).role(Constants.REALM_MANAGEMENT_CLIENT_ID, role).addPassword("password"));
-            clients.put(role, Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, role, "password", "test-client"));
         }
         testRealms.add(builder.build());
 
@@ -118,40 +116,88 @@ public class PermissionsTest extends AbstractKeycloakTest {
         builder2.client(ClientBuilder.create().clientId("test-client").publicClient().directAccessGrants());
         builder2.user(UserBuilder.create().username("admin").role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN).addPassword("password"));
         testRealms.add(builder2.build());
-
-        clients.put("REALM2", Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "realm2", "admin", "password", "test-client"));
     }
 
-    @Override
-    public void beforeAbstractKeycloakTest() throws Exception {
-        super.beforeAbstractKeycloakTest();
 
-        clients.put("master-admin", adminClient);
+    @Before
+    public void beforeClazz() {
+        if (testContext.isInitialized()) {
+            return;
+        }
 
-        RealmResource master = adminClient.realm("master");
+        createTestUsers();
 
-        {
-            Response response = master.users().create(UserBuilder.create().username("permissions-test-master-none").build());
-            String userId = ApiUtil.getCreatedId(response);
-            response.close();
+        testContext.setInitialized(true);
+    }
 
-            master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
+    private void createTestUsers() {
+        RealmResource master = adminClient.realm("master");
 
-            clients.put("master-none",
-                    Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-none", "password",
-                            Constants.ADMIN_CLI_CLIENT_ID));
-        }
+        Response response = master.users().create(UserBuilder.create().username("permissions-test-master-none").build());
+        String userId = ApiUtil.getCreatedId(response);
+        response.close();
+        master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
 
         for (String role : AdminRoles.ALL_REALM_ROLES) {
-            Response response = master.users().create(UserBuilder.create().username("permissions-test-master-" + role).build());
-            String userId = ApiUtil.getCreatedId(response);
+            response = master.users().create(UserBuilder.create().username("permissions-test-master-" + role).build());
+            userId = ApiUtil.getCreatedId(response);
             response.close();
 
             master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
             String clientId = master.clients().findByClientId(REALM_NAME + "-realm").get(0).getId();
             RoleRepresentation roleRep = master.clients().get(clientId).roles().get(role).toRepresentation();
             master.users().get(userId).roles().clientLevel(clientId).add(Collections.singletonList(roleRep));
+        }
+    }
+
+    @AfterClass
+    public static void removeTestUsers() throws Exception {
+        Keycloak adminClient = AdminClientUtil.createAdminClient();
+        try {
+            for (UserRepresentation u : adminClient.realm("master").users().search("permissions-test-master-", 0, 100)) {
+                adminClient.realm("master").users().get(u.getId()).remove();
+            }
+        } finally {
+            adminClient.close();
+        }
+    }
+
+    private void recreatePermissionRealm() throws Exception {
+        RealmRepresentation permissionRealm = testContext.getTestRealmReps().stream().filter(realm -> {
+            return realm.getRealm().equals(REALM_NAME);
+        }).findFirst().get();
+        adminClient.realms().create(permissionRealm);
+
+        removeTestUsers();
+        createTestUsers();
+    }
+
 
+    @Override
+    public void beforeAbstractKeycloakTest() throws Exception {
+        super.beforeAbstractKeycloakTest();
+
+        clients.put(AdminRoles.REALM_ADMIN,
+                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, AdminRoles.REALM_ADMIN, "password", "test-client",
+                        "secret"));
+
+        clients.put("none",
+                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, "none", "password", "test-client", "secret"));
+
+        for (String role : AdminRoles.ALL_REALM_ROLES) {
+            clients.put(role, Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, role, "password", "test-client"));
+        }
+
+        clients.put("REALM2", Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "realm2", "admin", "password", "test-client"));
+
+        clients.put("master-admin", adminClient);
+
+        clients.put("master-none",
+                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-none", "password",
+                        Constants.ADMIN_CLI_CLIENT_ID));
+
+
+        for (String role : AdminRoles.ALL_REALM_ROLES) {
             clients.put("master-" + role,
                     Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-" + role, "password",
                             Constants.ADMIN_CLI_CLIENT_ID));
@@ -160,15 +206,22 @@ public class PermissionsTest extends AbstractKeycloakTest {
 
     @Override
     public void afterAbstractKeycloakTest() {
-        for (UserRepresentation u : adminClient.realm("master").users().search("permissions-test-master-", 0, 100)) {
-            adminClient.realm("master").users().get(u.getId()).remove();
-        }
+        // Don't close the "main" adminClient, but all others yes
+        clients.entrySet().stream().filter(entry -> {
 
-        super.afterAbstractKeycloakTest();
+            return !entry.getKey().equals("master-admin");
+
+        }).forEach(consumer -> {
+
+            consumer.getValue().close();
+
+        });
+
+        clients.clear();
     }
 
     @Test
-    public void realms() {
+    public void realms() throws Exception {
         // Check returned realms
         invoke(new Invocation() {
             public void invoke(RealmResource realm) {
@@ -312,6 +365,9 @@ public class PermissionsTest extends AbstractKeycloakTest {
                 clients.get(AdminRoles.REALM_ADMIN).realms().realm(REALM_NAME).remove();
             }
         }, adminClient, true);
+
+        // Revert realm removal
+        recreatePermissionRealm();
     }
 
     @Test
@@ -959,7 +1015,7 @@ public class PermissionsTest extends AbstractKeycloakTest {
     }
 
     @Test
-    public void flows() {
+    public void flows() throws Exception {
         invoke(new Invocation() {
             public void invoke(RealmResource realm) {
                 realm.flows().getFormProviders();
@@ -1113,6 +1169,11 @@ public class PermissionsTest extends AbstractKeycloakTest {
                 realm.flows().updateAuthenticatorConfig("nosuch", new AuthenticatorConfigRepresentation());
             }
         }, Resource.REALM, true);
+
+        // Re-create realm
+        adminClient.realm(REALM_NAME).remove();
+
+        recreatePermissionRealm();
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java
index bf9c794..4fa09df 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java
@@ -65,6 +65,8 @@ public class RealmRolesTest extends AbstractAdminTest {
         ClientRepresentation clientRep = ClientBuilder.create().clientId("client-a").build();
         Response response = adminClient.realm(REALM_NAME).clients().create(clientRep);
         clientUuid = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(clientUuid);
+        response.close();
 
         RoleRepresentation roleC = RoleBuilder.create().name("role-c").description("Role C").build();
         adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().create(roleC);
@@ -77,6 +79,10 @@ public class RealmRolesTest extends AbstractAdminTest {
             ids.put(r.getName(), r.getId());
         }
 
+        getCleanup().addRoleId(ids.get("role-a"));
+        getCleanup().addRoleId(ids.get("role-b"));
+        getCleanup().addRoleId(ids.get("role-c"));
+
         resource = adminClient.realm(REALM_NAME).roles();
 
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-a"), roleA, ResourceType.REALM_ROLE);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
index db10d02..e5c1287 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
@@ -202,6 +202,17 @@ public class RealmTest extends AbstractAdminTest {
         realm.remove();
 
         Assert.assertNames(adminClient.realms().findAll(), "master", AuthRealm.TEST);
+
+        // Re-create realm
+        reCreateRealm();
+    }
+
+    private void reCreateRealm() {
+        // Re-create realm
+        RealmRepresentation realmRep = testContext.getTestRealmReps().stream().filter((RealmRepresentation realm) -> {
+            return realm.getRealm().equals(REALM_NAME);
+        }).findFirst().get();
+        adminClient.realms().create(realmRep);
     }
 
     @Test
@@ -210,6 +221,8 @@ public class RealmTest extends AbstractAdminTest {
 
         ServerInfoResource serverInfoResource = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID).serverInfo();
         serverInfoResource.getInfo();
+
+        reCreateRealm();
     }
 
     /**
@@ -608,6 +621,7 @@ public class RealmTest extends AbstractAdminTest {
         client.setSecret("secret");
         Response resp = realm.clients().create(client);
         String clientDbId = ApiUtil.getCreatedId(resp);
+        getCleanup().addClientUuid(clientDbId);
         resp.close();
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientDbId), client, ResourceType.CLIENT);
 
@@ -618,6 +632,7 @@ public class RealmTest extends AbstractAdminTest {
         Response response = realm.users().create(userRep);
         String userId = ApiUtil.getCreatedId(response);
         response.close();
+        getCleanup().addUserId(userId);
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), userRep, ResourceType.USER);
 
         realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java
index 77c4ea7..ee4326a 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java
@@ -59,6 +59,8 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
 
         Response response = adminClient.realm(REALM_NAME).clients().create(ClientBuilder.create().clientId("client-a").build());
         clientUuid = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(clientUuid);
+        response.close();
         adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().create(RoleBuilder.create().name("role-c").description("Role C").build());
 
         for (RoleRepresentation r : adminClient.realm(REALM_NAME).roles().list()) {
@@ -69,6 +71,10 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
             ids.put(r.getName(), r.getId());
         }
 
+        getCleanup().addRoleId(ids.get("role-a"));
+        getCleanup().addRoleId(ids.get("role-b"));
+        getCleanup().addRoleId(ids.get("role-c"));
+
         resource = adminClient.realm(REALM_NAME).rolesById();
 
         assertAdminEvents.clear(); // Tested in RealmRolesTest already

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java
index e443191..6a75b33 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java
@@ -21,7 +21,9 @@ import org.hamcrest.Matchers;
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.jboss.arquillian.graphene.page.Page;
 import org.jboss.arquillian.test.api.ArquillianResource;
+import org.junit.After;
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.IdentityProviderResource;
@@ -60,6 +62,7 @@ import org.openqa.selenium.WebDriver;
 import javax.mail.MessagingException;
 import javax.mail.internet.MimeMessage;
 import javax.ws.rs.ClientErrorException;
+import javax.ws.rs.NotFoundException;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import java.io.IOException;
@@ -118,6 +121,9 @@ public class UserTest extends AbstractAdminTest {
         response.close();
 
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(createdId), userRep, ResourceType.USER);
+
+        getCleanup().addUserId(createdId);
+
         return createdId;
     }
 
@@ -280,7 +286,7 @@ public class UserTest extends AbstractAdminTest {
     @Test
     public void delete() {
         String userId = createUser();
-        Response response = realm.users().delete( userId );
+        Response response = realm.users().delete(userId);
         assertEquals(204, response.getStatus());
         response.close();
         assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userResourcePath(userId), ResourceType.USER);
@@ -288,7 +294,7 @@ public class UserTest extends AbstractAdminTest {
 
     @Test
     public void deleteNonExistent() {
-        Response response = realm.users().delete( "does-not-exist" );
+        Response response = realm.users().delete("does-not-exist");
         assertEquals(404, response.getStatus());
         response.close();
         assertAdminEvents.assertEmpty();
@@ -671,7 +677,7 @@ public class UserTest extends AbstractAdminTest {
 
     @Test
     public void updateUserWithNewUsername() {
-        switchEditUsernameAllowedOn();
+        switchEditUsernameAllowedOn(true);
         String id = createUser();
 
         UserResource user = realm.users().get(id);
@@ -681,13 +687,14 @@ public class UserTest extends AbstractAdminTest {
 
         userRep = realm.users().get(id).toRepresentation();
         assertEquals("user11", userRep.getUsername());
+
+        // Revert
+        switchEditUsernameAllowedOn(false);
     }
 
     @Test
     public void updateUserWithoutUsername() {
-
-
-        switchEditUsernameAllowedOn();
+        switchEditUsernameAllowedOn(true);
 
         String id = createUser();
 
@@ -711,6 +718,9 @@ public class UserTest extends AbstractAdminTest {
         assertEquals("user1@localhost", rep.getEmail());
         assertEquals("Firstname", rep.getFirstName());
         assertEquals("Lastname", rep.getLastName());
+
+        // Revert
+        switchEditUsernameAllowedOn(false);
     }
 
     @Test
@@ -728,7 +738,7 @@ public class UserTest extends AbstractAdminTest {
 
     @Test
     public void updateUserWithNewUsernameAccessingViaOldUsername() {
-        switchEditUsernameAllowedOn();
+        switchEditUsernameAllowedOn(true);
         createUser();
 
         try {
@@ -741,13 +751,15 @@ public class UserTest extends AbstractAdminTest {
             fail("Expected failure");
         } catch (ClientErrorException e) {
             assertEquals(404, e.getResponse().getStatus());
+        } finally {
+            switchEditUsernameAllowedOn(false);
         }
     }
 
     @Test
     public void updateUserWithExistingUsername() {
-        switchEditUsernameAllowedOn();
-        enableBruteForce();
+        switchEditUsernameAllowedOn(true);
+        enableBruteForce(true);
         createUser();
 
         UserRepresentation userRep = new UserRepresentation();
@@ -767,6 +779,9 @@ public class UserTest extends AbstractAdminTest {
             // TODO adminEvents: Event queue should be empty, but it's not because of bug in UsersResource.updateUser, which sends event earlier than transaction commit.
             // assertAdminEvents.assertEmpty();
             assertAdminEvents.poll();
+        } finally {
+            enableBruteForce(false);
+            switchEditUsernameAllowedOn(false);
         }
     }
 
@@ -927,16 +942,16 @@ public class UserTest extends AbstractAdminTest {
         assertEquals(111, users.search("test", 0, 1000).size());
     }
 
-    private void switchEditUsernameAllowedOn() {
+    private void switchEditUsernameAllowedOn(boolean enable) {
         RealmRepresentation rep = realm.toRepresentation();
-        rep.setEditUsernameAllowed(true);
+        rep.setEditUsernameAllowed(enable);
         realm.update(rep);
         assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
     }
 
-    private void enableBruteForce() {
+    private void enableBruteForce(boolean enable) {
         RealmRepresentation rep = realm.toRepresentation();
-        rep.setBruteForceProtected(true);
+        rep.setBruteForceProtected(enable);
         realm.update(rep);
         assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java
index d9a0291..4445de9 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java
@@ -64,7 +64,7 @@ public class AssertEvents implements TestRule {
             @Override
             public void evaluate() throws Throwable {
                 // TODO: Ideally clear the queue just before testClass rather then before each method
-                context.getTestingClient().testing().clearEventQueue();
+                clear();
                 base.evaluate();
                 // TODO Test should fail if there are leftover events
             }
@@ -84,12 +84,7 @@ public class AssertEvents implements TestRule {
     }
 
     public void clear() {
-        Response res = context.testingClient.testing().clearEventQueue();
-        try {
-            Assert.assertEquals("clear-event-queue success", res.getStatus(), 200);
-        } finally {
-            res.close();
-        }
+        context.getTestingClient().testing().clearEventQueue();
     }
 
     public ExpectedEvent expectRequiredAction(EventType event) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java
index f9e50e5..eabc7d1 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java
@@ -20,10 +20,14 @@ package org.keycloak.testsuite.broker;
 import java.util.List;
 
 import org.jboss.arquillian.graphene.page.Page;
+import org.junit.After;
+import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.Assert;
 import org.keycloak.testsuite.Retry;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AccountPasswordPage;
 import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -82,6 +86,22 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
     }
 
 
+    @After
+    public void cleanupUsers() {
+        RealmResource providerRealm = adminClient.realm(bc.providerRealmName());
+        UserRepresentation userRep = ApiUtil.findUserByUsername(providerRealm, bc.getUserLogin());
+        if (userRep != null) {
+            providerRealm.users().get(userRep.getId()).remove();
+        }
+
+        RealmResource childRealm = adminClient.realm(bc.consumerRealmName());
+        userRep = ApiUtil.findUserByUsername(childRealm, bc.getUserLogin());
+        if (userRep != null) {
+            childRealm.users().get(userRep.getId()).remove();
+        }
+    }
+
+
     protected void logInAsUserInIDP() {
         driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java
index f6e575f..8129243 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java
@@ -1,5 +1,6 @@
 package org.keycloak.testsuite.broker;
 
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -13,6 +14,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.Assert;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.ConsentPage;
 import org.keycloak.testsuite.util.*;
 
@@ -39,7 +41,7 @@ import static org.keycloak.testsuite.broker.BrokerTestTools.*;
 public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
 
     @Before
-    public void createUser() {
+    public void beforeBrokerTest() {
         log.debug("creating user for realm " + bc.providerRealmName());
 
         UserRepresentation user = new UserRepresentation();
@@ -52,18 +54,16 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
         userId = createUserWithAdminClient(realmResource, user);
 
         resetUserPassword(realmResource.users().get(userId), bc.getUserPassword(), false);
-    }
 
-    @Before
-    public void addIdentityProviderToProviderRealm() {
-        log.debug("adding identity provider to realm " + bc.consumerRealmName());
+        if (testContext.isInitialized()) {
+            return;
+        }
 
+        log.debug("adding identity provider to realm " + bc.consumerRealmName());
         RealmResource realm = adminClient.realm(bc.consumerRealmName());
         realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
-    }
 
-    @Before
-    public void addClients() {
+        // addClients
         List<ClientRepresentation> clients = bc.createProviderClients(suiteContext);
         if (clients != null) {
             RealmResource providerRealm = adminClient.realm(bc.providerRealmName());
@@ -83,6 +83,8 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
                 consumerRealm.clients().create(client);
             }
         }
+
+        testContext.setInitialized(true);
     }
 
 
@@ -302,6 +304,13 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
         consentPage.cancel();
 
         waitForPage(driver, "log in to");
+
+        // Revert consentRequired
+        adminClient.realm(bc.providerRealmName())
+                .clients()
+                .get(client.getId())
+                .update(ClientBuilder.edit(client).consentRequired(false).build());
+
     }
 
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java
index 2e15ad1..045aeb9 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java
@@ -49,12 +49,13 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker
 
         RealmResource realm = adminClient.realm(bc.consumerRealmName());
         final IdentityProviderRepresentation idp = bc.setUpIdentityProvider(suiteContext);
-        realm.identityProviders().create(idp);
+        Response resp = realm.identityProviders().create(idp);
+        resp.close();
 
         IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
         for (IdentityProviderMapperRepresentation mapper : createIdentityProviderMappers()) {
             mapper.setIdentityProviderAlias(bc.getIDPAlias());
-            Response resp = idpResource.addMapper(mapper);
+            resp = idpResource.addMapper(mapper);
             resp.close();
         }
     }
@@ -67,7 +68,8 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker
             for (ClientRepresentation client : clients) {
                 log.debug("adding client " + client.getName() + " to realm " + bc.providerRealmName());
 
-                providerRealm.clients().create(client);
+                Response resp = providerRealm.clients().create(client);
+                resp.close();
             }
         }
 
@@ -77,7 +79,8 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker
             for (ClientRepresentation client : clients) {
                 log.debug("adding client " + client.getName() + " to realm " + bc.consumerRealmName());
 
-                consumerRealm.clients().create(client);
+                Response resp = consumerRealm.clients().create(client);
+                resp.close();
             }
         }
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java
index 7e796cd..f08b4bf 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java
@@ -75,46 +75,40 @@ public class AccountLinkTest extends AbstractKeycloakTest {
     }
 
     @Before
-    public void addIdpUser() {
-        RealmResource realm = adminClient.realms().realm(PARENT_IDP);
+    public void beforeBrokerTest() {
+        if (testContext.isInitialized()) {
+            return;
+        }
+
+        // addIdpUser
+        RealmResource realmParent = adminClient.realms().realm(PARENT_IDP);
         UserRepresentation user = new UserRepresentation();
         user.setUsername(PARENT_USERNAME);
         user.setEnabled(true);
-        String userId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
-
-    }
+        String userId = createUserAndResetPasswordWithAdminClient(realmParent, user, "password");
 
-    @Before
-    public void addChildUser() {
-        RealmResource realm = adminClient.realms().realm(CHILD_IDP);
-        UserRepresentation user = new UserRepresentation();
+        // addChildUser
+        RealmResource realmChild = adminClient.realms().realm(CHILD_IDP);
+        user = new UserRepresentation();
         user.setUsername("child");
         user.setEnabled(true);
-        String userId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
-
-    }
+        userId = createUserAndResetPasswordWithAdminClient(realmChild, user, "password");
 
-    @Before
-    public void setupUserStorageProvider() {
+        // setupUserStorageProvider
         ComponentRepresentation provider = new ComponentRepresentation();
         provider.setName("passthrough");
         provider.setProviderId(PassThroughFederatedUserStorageProviderFactory.PROVIDER_ID);
         provider.setProviderType(UserStorageProvider.class.getName());
         provider.setConfig(new MultivaluedHashMap<>());
         provider.getConfig().putSingle("priority", Integer.toString(1));
+        realmChild.components().add(provider);
 
-        RealmResource realm = adminClient.realms().realm(CHILD_IDP);
-        realm.components().add(provider);
-
-
-
+        // createBroker
+        createParentChild();
 
+        testContext.setInitialized(true);
     }
 
-    @Before
-    public void createBroker() {
-        createParentChild();
-    }
 
     public void createParentChild() {
         BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java
index e7d8d44..566d288 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java
@@ -78,7 +78,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
         log.debug("adding identity provider to realm " + bc.consumerRealmName());
 
         RealmResource realm = adminClient.realm(bc.consumerRealmName());
-        realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
+        Response resp = realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
+        resp.close();
     }
 
 
@@ -90,7 +91,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
             for (ClientRepresentation client : clients) {
                 log.debug("adding client " + client.getName() + " to realm " + bc.providerRealmName());
 
-                providerRealm.clients().create(client);
+                Response resp = providerRealm.clients().create(client);
+                resp.close();
             }
         }
 
@@ -100,7 +102,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
             for (ClientRepresentation client : clients) {
                 log.debug("adding client " + client.getName() + " to realm " + bc.consumerRealmName());
 
-                consumerRealm.clients().create(client);
+                Response resp = consumerRealm.clients().create(client);
+                resp.close();
             }
         }
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java
index f2f8c6d..b678a23 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java
@@ -108,9 +108,9 @@ public abstract class AbstractClientRegistrationTest extends AbstractKeycloakTes
         return response;
     }
 
-    public ClientRepresentation getClient(String clientId) {
+    public ClientRepresentation getClient(String clientUuid) {
         try {
-            return adminClient.realm(REALM_NAME).clients().get(clientId).toRepresentation();
+            return adminClient.realm(REALM_NAME).clients().get(clientUuid).toRepresentation();
         } catch (NotFoundException e) {
             return null;
         }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java
index b2b2eb4..22d4731 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java
@@ -24,6 +24,7 @@ import org.keycloak.client.registration.HttpErrorException;
 import org.keycloak.common.enums.SslRequired;
 import org.keycloak.representations.adapters.config.AdapterConfig;
 import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
@@ -51,6 +52,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
         client.setRootUrl("http://root");
         client = createClient(client);
         client.setSecret("RegistrationAccessTokenTestClientSecret");
+        getCleanup().addClientUuid(client.getId());
 
         client2 = new ClientRepresentation();
         client2.setEnabled(true);
@@ -60,6 +62,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
         client2.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessToken");
         client2.setRootUrl("http://root");
         client2 = createClient(client2);
+        getCleanup().addClientUuid(client2.getId());
 
         clientPublic = new ClientRepresentation();
         clientPublic.setEnabled(true);
@@ -68,6 +71,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
         clientPublic.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessTokenPublic");
         clientPublic.setRootUrl("http://root");
         clientPublic = createClient(clientPublic);
+        getCleanup().addClientUuid(clientPublic.getId());
     }
 
     @Test
@@ -80,7 +84,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
 
     @Test
     public void getConfig() throws ClientRegistrationException {
-        reg.auth(Auth.client(client.getClientId(), client.getSecret()));
+        reg.auth(Auth.client(client.getClientId(), "RegistrationAccessTokenTestClientSecret"));
 
         AdapterConfig config = reg.getAdapterConfig(client.getClientId());
         assertNotNull(config);
@@ -89,7 +93,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
         assertEquals("test", config.getRealm());
 
         assertEquals(1, config.getCredentials().size());
-        assertEquals(client.getSecret(), config.getCredentials().get("secret"));
+        assertEquals("RegistrationAccessTokenTestClientSecret", config.getCredentials().get("secret"));
 
         assertEquals(client.getClientId(), config.getResource());
         assertEquals(SslRequired.EXTERNAL.name().toLowerCase(), config.getSslRequired());

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java
index 1c80d51..c47e6c8 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java
@@ -47,7 +47,7 @@ public class ClientRedirectTest extends AbstractTestRealmKeycloakTest {
      *
      * @throws Exception
      */
-    //@Test
+    @Test
     public void testClientRedirectEndpoint() throws Exception {
         oauth.doLogin("test-user@localhost", "password");
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java
index a48158c..b59d883 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java
@@ -23,6 +23,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
 
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.RealmResource;
@@ -80,12 +81,16 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         testRealms.get(0).setPublicKey(PUBLIC_KEY);
     }
 
-    @Before
-    public void before() throws Exception {
-        super.before();
-//
-//        ClientInitialAccessPresentation token = adminClient.realm(REALM_NAME).clientInitialAccess().create(new ClientInitialAccessCreatePresentation(0, 10));
-//        reg.auth(Auth.token(token));
+    @After
+    public void after() throws Exception {
+        super.after();
+
+        // Default setup of trustedHostPolicy
+        ComponentRepresentation trustedHostPolicy = findPolicyByProviderAndAuth(TrustedHostClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
+        trustedHostPolicy.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.HOST_SENDING_REGISTRATION_REQUEST_MUST_MATCH, "true");
+        trustedHostPolicy.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.CLIENT_URIS_MUST_MATCH, "true");
+        trustedHostPolicy.getConfig().put(TrustedHostClientRegistrationPolicyFactory.TRUSTED_HOSTS, Collections.emptyList());
+        realmResource().components().component(trustedHostPolicy.getId()).update(trustedHostPolicy);
     }
 
     private RealmResource realmResource() {
@@ -175,7 +180,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         assertOidcFail(ClientRegOp.CREATE, client, 403, "Host not trusted");
 
         // Should still fail (bad redirect_uri)
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
         assertOidcFail(ClientRegOp.CREATE, client, 403, "URL doesn't match");
 
         // Should still fail (bad base_uri)
@@ -194,7 +199,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testAnonUpdateWithTrustedHost() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
         OIDCClientRepresentation client = create();
 
         // Fail update client
@@ -235,7 +240,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testAnonConsentRequired() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
         OIDCClientRepresentation client = create();
 
         // Assert new client has consent required
@@ -255,7 +260,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testAnonFullScopeAllowed() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
         OIDCClientRepresentation client = create();
 
         // Assert new client has fullScopeAllowed disabled
@@ -275,7 +280,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testClientDisabledPolicy() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Assert new client is enabled
         OIDCClientRepresentation client = create();
@@ -290,7 +295,9 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         rep.setProviderId(ClientDisabledClientRegistrationPolicyFactory.PROVIDER_ID);
         rep.setProviderType(ClientRegistrationPolicy.class.getName());
         rep.setSubType(getPolicyAnon());
-        realmResource().components().add(rep).close();
+        Response response = realmResource().components().add(rep);
+        String policyId = ApiUtil.getCreatedId(response);
+        response.close();
 
         // Assert new client is disabled
         client = create();
@@ -305,12 +312,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         // Try update disabled client. Should pass
         clientRep.setEnabled(false);
         reg.update(clientRep);
+
+        // Revert
+        realmResource().components().component(policyId).remove();
     }
 
 
     @Test
     public void testMaxClientsPolicy() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         int clientsCount = realmResource().clients().findAll().size();
         int newClientsLimit = clientsCount + 1;
@@ -325,6 +335,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
         // I can't register more clients
         assertOidcFail(ClientRegOp.CREATE, createRepOidc(), 403, "It's allowed to have max " + newClientsLimit + " clients per realm");
+
+        // Revert
+        maxClientsPolicyRep.getConfig().putSingle(MaxClientsClientRegistrationPolicyFactory.MAX_CLIENTS, String.valueOf(10000));
+        realmResource().components().component(maxClientsPolicyRep.getId()).update(maxClientsPolicyRep);
     }
 
 
@@ -355,11 +369,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         // Add some clientTemplates
         ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation();
         clientTemplate.setName("foo");
-        realmResource().clientTemplates().create(clientTemplate);
+        Response response = realmResource().clientTemplates().create(clientTemplate);
+        String fooTemplateId = ApiUtil.getCreatedId(response);
+        response.close();
 
         clientTemplate = new ClientTemplateRepresentation();
         clientTemplate.setName("bar");
-        realmResource().clientTemplates().create(clientTemplate);
+        response = realmResource().clientTemplates().create(clientTemplate);
+        String barTemplateId = ApiUtil.getCreatedId(response);
+        response.close();
 
         // send request again and test that clientTemplate provider contains added client templates
         reps = realmResource().clientRegistrationPolicy().getProviders();
@@ -371,6 +389,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
         clientTemplates = getProviderConfigProperty(clientTemplateRep, ClientTemplatesClientRegistrationPolicyFactory.ALLOWED_CLIENT_TEMPLATES);
         Assert.assertNames(clientTemplates, "foo", "bar");
+
+        // Revert client templates
+        realmResource().clientTemplates().get(fooTemplateId).remove();
+        realmResource().clientTemplates().get(barTemplateId).remove();
     }
 
     private List<String> getProviderConfigProperty(ComponentTypeRepresentation provider, String expectedConfigPropName) {
@@ -394,12 +416,14 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testClientTemplatesPolicy() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Add some clientTemplate through Admin REST
         ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation();
         clientTemplate.setName("foo");
-        realmResource().clientTemplates().create(clientTemplate);
+        Response response = realmResource().clientTemplates().create(clientTemplate);
+        String clientTemplateId = ApiUtil.getCreatedId(response);
+        response.close();
 
         // I can't register new client with this template
         ClientRepresentation clientRep = createRep("test-app");
@@ -422,17 +446,23 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
         // Now the update via clientRegistration is permitted too as template was already set
         reg.update(registeredClient);
+
+        // Revert client template
+        realmResource().clients().get(client.getId()).remove();
+        realmResource().clientTemplates().get(clientTemplateId).remove();
     }
 
 
     @Test
     public void testClientTemplatesPolicyWithPermittedTemplate() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Add some clientTemplate through Admin REST
         ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation();
         clientTemplate.setName("foo");
-        realmResource().clientTemplates().create(clientTemplate);
+        Response response = realmResource().clientTemplates().create(clientTemplate);
+        String clientTemplateId = ApiUtil.getCreatedId(response);
+        response.close();
 
         // I can't register new client with this template
         ClientRepresentation clientRep = createRep("test-app");
@@ -447,6 +477,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         // Check that I can register client now
         ClientRepresentation registeredClient = reg.create(clientRep);
         Assert.assertNotNull(registeredClient.getRegistrationAccessToken());
+
+        // Revert client template
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
+        realmResource().clientTemplates().get(clientTemplateId).remove();
     }
 
 
@@ -454,7 +488,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testProtocolMappersCreate() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Try to add client with some "hardcoded role" mapper. Should fail
         ClientRepresentation clientRep = createRep("test-app");
@@ -480,6 +514,11 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         clientRep.setProtocolMappers(Collections.singletonList(createHardcodedMapperRep()));
         reg.auth(null);
         assertFail(ClientRegOp.CREATE, clientRep, 403, "ProtocolMapper type not allowed");
+
+        // Revert policy change
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
+        protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
+        realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
     }
 
 
@@ -497,7 +536,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testProtocolMappersUpdate() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Check I can add client with allowed protocolMappers
         ProtocolMapperRepresentation protocolMapper = new ProtocolMapperRepresentation();
@@ -526,12 +565,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
         // Check I can update client now
         reg.update(registeredClient);
+
+        // Revert client
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
     }
 
 
     @Test
     public void testProtocolMappersConsentRequired() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Register client and assert it has builtin protocol mappers
         ClientRepresentation clientRep = createRep("test-app");
@@ -555,12 +597,17 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
             return protocolMapper.getProtocolMapper().equals(UserPropertyMapper.PROVIDER_ID);
         }).count();
         Assert.assertEquals(0, usernamePropMappersCount);
+
+        // Revert
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
+        protocolMapperPolicyRep.getConfig().getList(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES).add(UserPropertyMapper.PROVIDER_ID);
+        realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
     }
 
 
     @Test
     public void testProtocolMappersRemoveBuiltins() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Change policy to allow hardcoded mapper
 
@@ -577,6 +624,11 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         ProtocolMapperRepresentation hardcodedMapper = registeredClient.getProtocolMappers().get(0);
         Assert.assertTrue(hardcodedMapper.isConsentRequired());
         Assert.assertEquals("Hardcoded foo role", hardcodedMapper.getConsentText());
+
+        // Revert
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
+        protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
+        realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
     }
 
     // HELPER METHODS
@@ -601,8 +653,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         return null;
     }
 
-    private void setTrustedHost(String hostname, String policyType) {
-        List<ComponentRepresentation> reps = realmResource().components().query(REALM_NAME, getPolicyAnon());
+    private void setTrustedHost(String hostname) {
         ComponentRepresentation trustedHostRep = findPolicyByProviderAndAuth(TrustedHostClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
         trustedHostRep.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.TRUSTED_HOSTS, hostname);
         realmResource().components().component(trustedHostRep.getId()).update(trustedHostRep);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
index 5d1f4ae..08cfb7e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
@@ -52,6 +52,9 @@ public class ClientRegistrationTest extends AbstractClientRegistrationTest {
         client = adminClient.realm(REALM_NAME).clients().get(createdClient.getId()).toRepresentation();
         assertEquals(CLIENT_ID, client.getClientId());
 
+        // Remove this client after test
+        getCleanup().addClientUuid(createdClient.getId());
+
         return client;
     }
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java
index 74432a8..8ce0632 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java
@@ -31,6 +31,7 @@ import javax.ws.rs.core.UriBuilder;
 import org.apache.http.HttpResponse;
 import org.apache.http.NameValuePair;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.DefaultHttpClient;
@@ -369,12 +370,12 @@ public class OIDCJwksClientRegistrationTest extends AbstractClientRegistrationTe
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
 
-    private HttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
+    private CloseableHttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
         CloseableHttpClient client = new DefaultHttpClient();
         try {
             HttpPost post = new HttpPost(requestUrl);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java
index 1e48290..3eb0d7e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java
@@ -48,6 +48,7 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest 
         c.setRootUrl("http://root");
 
         client = createClient(c);
+        getCleanup().addClientUuid(client.getId());
 
         c = new ClientRepresentation();
         c.setEnabled(true);
@@ -55,7 +56,8 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest 
         c.setSecret("RegistrationAccessTokenTestClientSecret");
         c.setRootUrl("http://root");
 
-        createClient(c);
+        c = createClient(c);
+        getCleanup().addClientUuid(c.getId());
 
         reg.auth(Auth.token(client.getRegistrationAccessToken()));
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
index 4cf3904..9c97d26 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
@@ -155,27 +155,17 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
     }
 
     @Before
-    public void addScopeMappings() {
+    public void before() {
+        if (testContext.isInitialized()) {
+            return;
+        }
+
+        // addScopeMappings
         addRealmLevelScopeMapping("REALM_COMPOSITE_1_APPLICATION", "REALM_COMPOSITE_1");
         addRealmLevelScopeMapping("REALM_ROLE_1_APPLICATION", "REALM_ROLE_1");
         addClientLevelScopeMapping("APP_COMPOSITE_APPLICATION", "APP_ROLE_APPLICATION", "APP_ROLE_2");
-    }
-
-    private void addRealmLevelScopeMapping(String clientId, String roleName) {
-        ClientResource client = ApiUtil.findClientByClientId(testRealm(), clientId);
-        RoleRepresentation role = testRealm().roles().get(roleName).toRepresentation();
-        client.getScopeMappings().realmLevel().add(Collections.singletonList(role));
-    }
-
-    private void addClientLevelScopeMapping(String targetClientId, String sourceClientId, String roleName) {
-        ClientResource targetClient = ApiUtil.findClientByClientId(testRealm(), targetClientId);
-        ClientResource sourceClient = ApiUtil.findClientByClientId(testRealm(), sourceClientId);
-        RoleRepresentation role = sourceClient.roles().get(roleName).toRepresentation();
-        targetClient.getScopeMappings().clientLevel(sourceClient.toRepresentation().getId()).add(Collections.singletonList(role));
-    }
 
-    @Before
-    public void createRealmAppCompositeRole() {
+        // createRealmAppCompositeRole
         ClientResource appRoleApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
         RoleResource appRole1 = appRoleApplication.roles().get("APP_ROLE_1");
 
@@ -185,37 +175,46 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
         testRealm().roles().create(realmAppCompositeRole.build());
         String id = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation().getId();
         testRealm().rolesById().addComposites(id, Collections.singletonList(appRole1.toRepresentation()));
-    }
 
-    @Before
-    public void addRealmAppCompositeToUsers() {
+        // addRealmAppCompositeToUsers
         UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "REALM_APP_COMPOSITE_USER");
-        RoleRepresentation realmAppCompositeRole = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
-        userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRole));
-    }
+        RoleRepresentation realmAppCompositeRolee = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
+        userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRolee));
 
-    @Before
-    public void addRealmAppCompositeToUser2() {
-        UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "APP_COMPOSITE_USER");
-        RoleRepresentation realmAppCompositeRole = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
-        userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRole));
-    }
+        // addRealmAppCompositeToUsers2
+        userRsc = ApiUtil.findUserByUsernameId(testRealm(), "APP_COMPOSITE_USER");
+        userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRolee));
 
-    @Before
-    public void addCompositeRolesToAppCompositeRoleInAppCompositeApplication() {
         ClientResource appCompositeApplication = ApiUtil.findClientByClientId(testRealm(), "APP_COMPOSITE_APPLICATION");
         RoleResource appCompositeRole = appCompositeApplication.roles().get("APP_COMPOSITE_ROLE");
 
+        // addCompositeRolesToAppCompositeRoleInAppCompositeApplication
         List<RoleRepresentation> toAdd = new LinkedList<>();
         toAdd.add(testRealm().roles().get("REALM_ROLE_1").toRepresentation());
         toAdd.add(testRealm().roles().get("REALM_ROLE_2").toRepresentation());
         toAdd.add(testRealm().roles().get("REALM_ROLE_3").toRepresentation());
 
         ClientResource appRolesApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
-        RoleRepresentation appRole1 = appRolesApplication.roles().get("APP_ROLE_1").toRepresentation();
-        toAdd.add(appRole1);
+        RoleRepresentation appRole1Rep = appRolesApplication.roles().get("APP_ROLE_1").toRepresentation();
+        toAdd.add(appRole1Rep);
 
         appCompositeRole.addComposites(toAdd);
+
+        // Track that we initialized model already
+        testContext.setInitialized(true);
+    }
+
+    private void addRealmLevelScopeMapping(String clientId, String roleName) {
+        ClientResource client = ApiUtil.findClientByClientId(testRealm(), clientId);
+        RoleRepresentation role = testRealm().roles().get(roleName).toRepresentation();
+        client.getScopeMappings().realmLevel().add(Collections.singletonList(role));
+    }
+
+    private void addClientLevelScopeMapping(String targetClientId, String sourceClientId, String roleName) {
+        ClientResource targetClient = ApiUtil.findClientByClientId(testRealm(), targetClientId);
+        ClientResource sourceClient = ApiUtil.findClientByClientId(testRealm(), sourceClientId);
+        RoleRepresentation role = sourceClient.roles().get(roleName).toRepresentation();
+        targetClient.getScopeMappings().clientLevel(sourceClient.toRepresentation().getId()).add(Collections.singletonList(role));
     }
 
     @Page
@@ -361,6 +360,8 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
         realmRoles = userResource.roles().realmLevel().listEffective();
         Assert.assertNames(realmRoles, "REALM_COMPOSITE_1", "REALM_ROLE_1");
 
+        // Revert
+        testRealm().roles().get("REALM_ROLE_1").deleteComposites(Collections.singletonList(realmComposite1));
     }
 
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java
index 2164ccd..42722da 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java
@@ -125,7 +125,9 @@ public abstract class AbstractKerberosTest extends AbstractAuthTest {
         oauth.clientId("kerberos-app");
 
         ComponentRepresentation rep = getUserStorageConfiguration();
-        testRealmResource().components().add(rep);
+        Response resp = testRealmResource().components().add(rep);
+        getCleanup().addComponentId(ApiUtil.getCreatedId(resp));
+        resp.close();
     }
 
     @After

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java
index a5f00a7..4bd6e15 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java
@@ -14,9 +14,12 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 import javax.ws.rs.NotFoundException;
+import javax.ws.rs.core.Response;
+
 import org.apache.commons.io.FileUtils;
 import org.jboss.arquillian.container.test.api.Deployment;
 import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.After;
 import org.junit.Assert;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
@@ -101,6 +104,22 @@ public class UserStorageTest extends AbstractAuthTest {
 
     }
 
+    @After
+    public void removeTestUser() throws URISyntaxException, IOException {
+        testingClient.server().run(session -> {
+            RealmModel realm = session.realms().getRealmByName("test");
+            if (realm == null) {
+                return;
+            }
+
+            UserModel user = session.users().getUserByUsername("thor", realm);
+            if (user != null) {
+                session.userLocalStorage().removeUser(realm, user);
+                session.userCache().clear();
+            }
+        });
+    }
+
     protected ComponentRepresentation newPropProviderRW() {
         ComponentRepresentation propProviderRW = new ComponentRepresentation();
         propProviderRW.setName("user-props");
@@ -114,7 +133,11 @@ public class UserStorageTest extends AbstractAuthTest {
     }
 
     protected String addComponent(ComponentRepresentation component) {
-        return ApiUtil.getCreatedId(testRealmResource().components().add(component));
+        Response resp = testRealmResource().components().add(component);
+        resp.close();
+        String id = ApiUtil.getCreatedId(resp);
+        getCleanup().addComponentId(id);
+        return id;
     }
 
     private void loginSuccessAndLogout(String username, String password) {
@@ -547,6 +570,9 @@ public class UserStorageTest extends AbstractAuthTest {
             UserMapStorage.realmRemovals.set(0);
         });
 
+        // Re-create realm
+        RealmRepresentation repOrig = testContext.getTestRealmReps().get(0);
+        adminClient.realms().create(repOrig);
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java
index 08d0d69..72af35a 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java
@@ -96,6 +96,11 @@ public class CustomFlowTest extends AbstractFlowTest {
     public void configureFlows() {
         userId = findUser("login-test").getId();
 
+        // Do this just once per class
+        if (testContext.isInitialized()) {
+            return;
+        }
+
         AuthenticationFlowRepresentation flow = FlowBuilder.create()
                                                            .alias("dummy")
                                                            .description("dummy pass through flow")
@@ -169,6 +174,8 @@ public class CustomFlowTest extends AbstractFlowTest {
                         .authenticatorFlow(false)
                         .build();
         testRealm().flows().addExecution(execution);
+
+        testContext.setInitialized(true);
     }
 
 
@@ -240,16 +247,16 @@ public class CustomFlowTest extends AbstractFlowTest {
         loginPage.login("test-user@localhost", "password");
         Assert.assertTrue(termsPage.isCurrent());
 
-
-
-
-
+        // Revert dummy flow
+        rep.setBrowserFlow("dummy");
+        testRealm().update(rep);
     }
 
     @Test
     public void loginSuccess() {
         AuthenticatorState state = new AuthenticatorState();
         state.setUsername("login-test");
+        state.setClientId("test-app");
         testingClient.testing().updateAuthenticator(state);
 
         oauth.openLoginForm();
@@ -264,6 +271,7 @@ public class CustomFlowTest extends AbstractFlowTest {
     public void grantTest() throws Exception {
         AuthenticatorState state = new AuthenticatorState();
         state.setUsername("login-test");
+        state.setClientId("test-app");
         testingClient.testing().updateAuthenticator(state);
 
         grantAccessToken("test-app", "login-test");
@@ -297,6 +305,9 @@ public class CustomFlowTest extends AbstractFlowTest {
                 .removeDetail(Details.CONSENT)
                 .error(Errors.INVALID_CLIENT_CREDENTIALS)
                 .assertEvent();
+
+        state.setClientId("test-app");
+        testingClient.testing().updateAuthenticator(state);
     }
 
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
index 27c2d91..63ed003 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
@@ -30,6 +30,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -275,16 +276,6 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
     @Test
     // KEYCLOAK-2557
     public void loginUserWithEmailAsUsername() {
-        UserRepresentation rep = UserBuilder.create()
-                                            .enabled(true)
-                                            .id("foo")
-                                            .email("foo")
-                                            .username("login@test.com")
-                                            .password("password")
-                                            .build();
-
-        adminClient.realm(userId).users().create(rep);
-
         loginPage.open();
         loginPage.login("login@test.com", "password");
 
@@ -363,9 +354,7 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
         } finally {
             setPasswordPolicy(null);
             UserResource userRsc = adminClient.realm("test").users().get("login-test");
-            UserBuilder userBuilder = UserBuilder.edit(userRsc.toRepresentation())
-                                                 .password("password");
-            userRsc.update(userBuilder.build());
+            ApiUtil.resetUserPassword(userRsc, "password", false);
         }
     }
 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
index 9b83583..db66deb 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java
@@ -79,6 +79,9 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
 
         String sessionId2 = events.expectLogin().assertEvent().getSessionId();
         assertNotEquals(sessionId, sessionId2);
+
+        driver.navigate().to(logoutUrl);
+        events.expectLogout(sessionId2).detail(Details.REDIRECT_URI, redirectUri).assertEvent();
     }
 
     @Test
@@ -133,6 +136,10 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
         // Check session 3 logged-in
         oauth.openLoginForm();
         events.expectLogin().session(sessionId3).removeDetail(Details.USERNAME).assertEvent();
+
+        //  Logout session 3 by redirect
+        driver.navigate().to(oauth.getLogoutUrl().redirectUri(AppPage.baseUrl).build());
+        events.expectLogout(sessionId3).detail(Details.REDIRECT_URI, AppPage.baseUrl).assertEvent();
     }
 
     //KEYCLOAK-2741
@@ -198,6 +205,9 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
 
         String sessionId2 = events.expectLogin().assertEvent().getSessionId();
         assertNotEquals(sessionId, sessionId2);
+
+        driver.navigate().to(logoutUrl);
+        events.expectLogout(sessionId2).removeDetail(Details.REDIRECT_URI).assertEvent();
     }
 
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
index 5192296..1a68d09 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
@@ -130,6 +130,9 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
         assertEquals("test-user@localhost", user.getEmail());
         assertEquals("firstName", user.getFirstName());
         assertEquals("lastName", user.getLastName());
+
+        testRealm().users().get(userId).remove();
+        setDuplicateEmailsAllowed(false);
     }
 
     @Test

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
index 8ecfa13..3a12a76 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
@@ -28,6 +28,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -52,41 +53,30 @@ import java.util.concurrent.atomic.AtomicInteger;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
-//import org.keycloak.testsuite.Constants;
-
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
  * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
  */
 public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
 
-    static int lifespan = 0;
+    private String userId;
 
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
-        UserRepresentation user = UserBuilder.create()
-                                             .username("login-test")
-                                             .email("login@test.com")
-                                             .enabled(true)
-                                             .password("password")
-                                             .build();
-        testRealm.getUsers().add(user);
     }
 
     @Before
-    public void setAccessCodeLifespanUserAction() {
-        // Must do this with adminClient because default is not set until after testRealm.json is loaded.
-        lifespan = testRealm().toRepresentation().getAccessCodeLifespanUserAction();
-    }
+    public void setup() {
+        UserRepresentation user = UserBuilder.create()
+                .username("login-test")
+                .email("login@test.com")
+                .enabled(true)
+                .build();
 
-    @Before
-    public void setUserId() {
-        userId = findUser("login-test").getId();
+        userId = ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
+        getCleanup().addUserId(userId);
     }
 
-
-    private static String userId;
-
     @Rule
     public GreenMailRule greenMail = new GreenMailRule();
 
@@ -466,6 +456,9 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
         assertEquals(0, greenMail.getReceivedMessages().length);
 
         events.expectRequiredAction(EventType.RESET_PASSWORD).session((String) null).user(userId).detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).error("user_disabled").assertEvent();
+
+        user.setEnabled(true);
+        updateUser(user);
     }
 
     @Test
@@ -501,6 +494,8 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
         host[0] =  smtpConfig.get("host");
         smtpConfig.put("host", "invalid_host");
         RealmRepresentation realmRep = testRealm().toRepresentation();
+        Map<String, String> oldSmtp = realmRep.getSmtpServer();
+
         realmRep.setSmtpServer(smtpConfig);
         testRealm().update(realmRep);
 
@@ -520,6 +515,10 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
         events.expectRequiredAction(EventType.SEND_RESET_PASSWORD_ERROR).user(userId)
                 .session((String)null)
                 .detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).error(Errors.EMAIL_SEND_FAILED).assertEvent();
+
+        // Revert SMTP back
+        realmRep.setSmtpServer(oldSmtp);
+        testRealm().update(realmRep);
     }
 
     private void setPasswordPolicy(String policy) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java
index 34113d8..215bf15 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java
@@ -48,10 +48,6 @@ import java.io.IOException;
  */
 public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
-    UserRepresentation failUser;
-
-    UserRepresentation okayUser;
-
     @Page
     protected LoginPage loginPage;
 
@@ -66,7 +62,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
 
-        failUser = UserBuilder.create()
+        UserRepresentation failUser = UserBuilder.create()
                 .id("fail")
                 .username("fail")
                 .email("fail@test.com")
@@ -74,7 +70,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
                 .password("password")
                 .build();
 
-        okayUser = UserBuilder.create()
+        UserRepresentation okayUser = UserBuilder.create()
                 .id("user")
                 .username("user")
                 .email("user@test.com")
@@ -89,6 +85,9 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
     @Before
     public void configureFlows() throws Exception {
+        if (testContext.isInitialized()) {
+            return;
+        }
 
         String scriptFlow = "scriptBrowser";
 
@@ -134,6 +133,8 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
         Response newExecutionConfigResponse = testRealm().flows().newExecutionConfig(scriptAuth, createScriptAuthConfig(scriptAuth, "authenticator-example.js", "/scripts/authenticator-example.js", "simple script based authenticator"));
         Assert.assertEquals(201, newExecutionConfigResponse.getStatus());
+
+        testContext.setInitialized(true);
     }
 
     /**
@@ -144,9 +145,9 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
         loginPage.open();
 
-        loginPage.login(okayUser.getUsername(), "password");
+        loginPage.login("user", "password");
 
-        events.expectLogin().user(okayUser.getId()).detail(Details.USERNAME, okayUser.getUsername()).assertEvent();
+        events.expectLogin().user("user").detail(Details.USERNAME, "user").assertEvent();
     }
 
     /**
@@ -157,7 +158,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
         loginPage.open();
 
-        loginPage.login(failUser.getUsername(), "password");
+        loginPage.login("fail", "password");
 
         events.expect(EventType.LOGIN_ERROR).user((String)null).error(Errors.USER_NOT_FOUND).assertEvent();
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java
index 5256233..6174842 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java
@@ -96,6 +96,9 @@ public class EmailTest extends AbstractI18NTest {
         MimeMessage message = greenMail.getReceivedMessages()[0];
 
         Assert.assertEquals("Passwort zurückzusetzen", message.getSubject());
+
+        // Revert
+        changeUserLocale("en");
     }
 
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java
index e5d2bc2..961026d 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java
@@ -80,6 +80,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(1, createdRep.getConfig().size());
@@ -114,6 +115,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(2, createdRep.getConfig().size());
@@ -147,6 +149,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation component = testingClient.server("test").fetch(RunHelpers.internalComponent(id));
         assertEquals(32, Base64Url.decode(component.getConfig().getFirst("secret")).length);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java
index 1f2bcc2..fba4add 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java
@@ -73,6 +73,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(1, createdRep.getConfig().size());
@@ -99,6 +101,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(2, createdRep.getConfig().size());
@@ -124,6 +128,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
+        response.close();
 
         KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata();
 
@@ -153,6 +159,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
+        response.close();
 
         KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata();
 
@@ -187,6 +195,7 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
         assertEquals(error, errorRepresentation.getErrorMessage());
+        response.close();
     }
 
     protected ComponentRepresentation createRep(String name, String providerId) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java
index cbec6c4..e8d11ec 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java
@@ -80,6 +80,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(ComponentRepresentation.SECRET_VALUE, createdRep.getConfig().getFirst(Attributes.PRIVATE_KEY_KEY));
@@ -116,6 +117,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(ComponentRepresentation.SECRET_VALUE, createdRep.getConfig().getFirst(Attributes.PRIVATE_KEY_KEY));
@@ -206,6 +208,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
         assertEquals(error, errorRepresentation.getErrorMessage());
+        response.close();
     }
 
     protected ComponentRepresentation createRep(String name, String providerId) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java
index b6fec3e..efb6f87 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java
@@ -153,6 +153,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
 
         ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
         assertTrue(errorRepresentation.getErrorMessage().startsWith(error));
+        response.close();
     }
 
     protected ComponentRepresentation createRep(String name, long priority) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java
index 6c54d2b..068c426 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java
@@ -37,6 +37,7 @@ import org.keycloak.representations.idm.KeysMetadataRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.AssertEvents;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.LoginPage;
@@ -49,6 +50,7 @@ import javax.ws.rs.core.Response;
 import java.io.IOException;
 import java.security.KeyPair;
 import java.security.PublicKey;
+import java.util.LinkedList;
 import java.util.List;
 
 import static org.junit.Assert.*;
@@ -182,6 +184,9 @@ public class KeyRotationTest extends AbstractKeycloakTest {
 
         KeysMetadataRepresentation keyMetadata = adminClient.realm("test").keys().getKeyMetadata();
         assertEquals(PemUtils.encodeKey(keys2), keyMetadata.getKeys().get(0).getPublicKey());
+
+        dropKeys1();
+        dropKeys2();
     }
 
     @Test
@@ -200,6 +205,8 @@ public class KeyRotationTest extends AbstractKeycloakTest {
             keys.getConfig().putSingle("priority", "1000" + i);
             Response response = adminClient.realm("test").components().add(keys);
             assertEquals(201, response.getStatus());
+            String newId = ApiUtil.getCreatedId(response);
+            getCleanup().addComponentId(newId);
             response.close();
 
             String updatedActiveKid = adminClient.realm("test").keys().getKeyMetadata().getActive().get("RSA");
@@ -244,7 +251,8 @@ public class KeyRotationTest extends AbstractKeycloakTest {
         config.addFirst(Attributes.PRIVATE_KEY_KEY, privateKeyPem);
         rep.setConfig(config);
 
-        adminClient.realm("test").components().add(rep);
+        Response response = adminClient.realm("test").components().add(rep);
+        response.close();
 
         rep = new ComponentRepresentation();
         rep.setName("mycomponent2");
@@ -256,7 +264,8 @@ public class KeyRotationTest extends AbstractKeycloakTest {
         config.addFirst("priority", priority);
         rep.setConfig(config);
 
-        adminClient.realm("test").components().add(rep);
+        response = adminClient.realm("test").components().add(rep);
+        response.close();
 
         return publicKey;
     }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
index c05bc7e..729f0c5 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
@@ -17,6 +17,7 @@
 package org.keycloak.testsuite.oauth;
 
 import org.jboss.arquillian.graphene.page.Page;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
@@ -51,11 +52,6 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
     public AssertEvents events = new AssertEvents(this);
 
     @Override
-    public void beforeAbstractKeycloakTest() throws Exception {
-        super.beforeAbstractKeycloakTest();
-    }
-
-    @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
         testRealms.add(realmRepresentation);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
index 998cc87..bcfae6f 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
@@ -23,6 +23,7 @@ import org.apache.http.HttpResponse;
 import org.apache.http.NameValuePair;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.entity.mime.MultipartEntityBuilder;
 import org.apache.http.entity.mime.content.FileBody;
@@ -30,6 +31,7 @@ import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.message.BasicNameValuePair;
+import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Rule;
 import org.junit.Test;
@@ -88,6 +90,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.ws.rs.core.Response;
+
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotEquals;
 
@@ -99,11 +103,11 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
 
     @Rule
     public AssertEvents events = new AssertEvents(this);
-    private String client1SAUserId;
+    private static String client1SAUserId;
 
-    private RealmRepresentation testRealm;
-    private ClientRepresentation app1, app2, app3;
-    private UserRepresentation defaultUser, serviceAccountUser;
+    private static RealmRepresentation testRealm;
+    private static ClientRepresentation app1, app2, app3;
+    private static UserRepresentation defaultUser, serviceAccountUser;
 
     @BeforeClass
     public static void beforeClientAuthSignedJWTTest() {
@@ -144,15 +148,6 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
 
         realmBuilder.client(app2);
 
-        app3 = ClientBuilder.create()
-                .id(KeycloakModelUtils.generateId())
-                .clientId("client3")
-                .directAccessGrants()
-                .authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
-                .build();
-
-        realmBuilder.client(app3);
-
         // This one is for keystore-client2.p12 , which doesn't work on Sun JDK
 //            app2.setAttribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFPPLGHHjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdjbGllbnQxMB4XDTE1MDgxNzE3MjMzMVoXDTI1MDgxNzE3MjUxMVowEjEQMA4GA1UEAwwHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIsatXj38fFD9fHslNrsWrubobudXYwwdZpGYqkHIhuDeSojGvhBSLmKIFmtbHMVcLEbS0dIEsSbNVrwjdFfuRuvd9Vu6Ng0JUC8fRhSeQniC3jcBuP8P4WlXK4+ir3Wlya+T6Hum9b68BiH0KyNZtFGJ6zLHuCcq9Bl0JifvibnUkDeTZPwgJNA9+GxS/x8fAkApcAbJrgBZvr57PwhbgHoZdB8aAY5f5ogbGzKDtSUMvFh+Jah39gWtn7p3VOuuMXA8SugogoH8C5m2itrPBL1UPhAcKUeWiqx4SmZe/lZo7x2WbSecNiFaiqBhIW+QbqCYW6I4u0YvuLuEe3+TC8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZzW5DZviCxUQdV5Ab07PZkUfvImHZ73oWWHZqzUQtZtbVdzfp3cnbb2wyXtlOvingO3hgpoTxV8vbKgLbIQfvkGGHBG1F5e0QVdtikfdcwWb7cy4/9F80OD7cgG0ZAzFbQ8ZY7iS3PToBp3+4tbIK2NK0ntt/MYgJnPbHeG4V4qfgUbFm1YgEK7WpbSVU8jGuJ5DWE+mlYgECZKZ5TSlaVGs2XOm6WXrJScucNekwcBWWiHyRsFHZEDzWmzt8TLTLnnb0vVjhx3qCYxah3RbyyMZm6WLZlLAaGEcwNDO8jaA3hAjrxoOA1xEaolQfGVsb/ElelHcR1Zfe0u4Ekd4tw==");
 
@@ -177,6 +172,20 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         testRealms.add(testRealm);
     }
 
+    @Before
+    public void recreateApp3() {
+        app3 = ClientBuilder.create()
+                .id(KeycloakModelUtils.generateId())
+                .clientId("client3")
+                .directAccessGrants()
+                .authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
+                .build();
+
+        Response resp = adminClient.realm("test").clients().create(app3);
+        getCleanup().addClientUuid(ApiUtil.getCreatedId(resp));
+        resp.close();
+    }
+
     // TEST SUCCESS
 
     @Test
@@ -452,7 +461,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         List<NameValuePair> parameters = new LinkedList<NameValuePair>();
         parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -464,7 +473,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, "invalid"));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -476,7 +485,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -491,7 +500,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -506,7 +515,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, "unknown-client", "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -524,12 +533,12 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, "client1", "invalid_client", Errors.CLIENT_DISABLED);
 
-        ClientManager.realm(adminClient.realm("test")).clientId("client1").enabled(false);
+        ClientManager.realm(adminClient.realm("test")).clientId("client1").enabled(true);
     }
 
     @Test
@@ -553,7 +562,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, "client1", "unauthorized_client", "client_credentials_setup_required");
@@ -571,7 +580,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, "client1", "unauthorized_client", AuthenticationFlowError.CLIENT_CREDENTIALS_SETUP_REQUIRED.toString().toLowerCase());
@@ -589,7 +598,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         setTimeOffset(0);
@@ -608,7 +617,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         setTimeOffset(0);
@@ -733,7 +742,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getAccessTokenUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getAccessTokenUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
@@ -744,7 +753,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getRefreshTokenUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getRefreshTokenUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
@@ -764,7 +773,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
@@ -776,11 +785,11 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getResourceOwnerPasswordCredentialGrantUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getResourceOwnerPasswordCredentialGrantUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
-    private HttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
+    private CloseableHttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
         CloseableHttpClient client = new DefaultHttpClient();
         try {
             HttpPost post = new HttpPost(requestUrl);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
index 6c829ec..f320066 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
@@ -17,6 +17,7 @@
 package org.keycloak.testsuite.oauth;
 
 import org.jboss.arquillian.graphene.page.Page;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Rule;
 import org.junit.Test;
@@ -71,11 +72,6 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
     protected AppPage appPage;
 
     @Override
-    public void beforeAbstractKeycloakTest() throws Exception {
-        super.beforeAbstractKeycloakTest();
-    }
-
-    @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
 
         RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
index 150ff6b..921e3db 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
@@ -59,6 +59,8 @@ import org.keycloak.util.TokenUtil;
 import java.util.Collections;
 import java.util.List;
 
+import javax.ws.rs.NotFoundException;
+
 import static org.junit.Assert.assertEquals;
 import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
 import static org.keycloak.testsuite.admin.ApiUtil.findRealmRoleByName;
@@ -253,8 +255,11 @@ public class OfflineTokenTest extends AbstractKeycloakTest {
 
         // Assert userSession expired
         testingClient.testing().removeExpired("test");
-
-        testingClient.testing().removeUserSession("test", sessionId);
+        try {
+            testingClient.testing().removeUserSession("test", sessionId);
+        } catch (NotFoundException nfe) {
+            // Ignore
+        }
 
         OAuthClient.AccessTokenResponse response = oauth.doRefreshTokenRequest(offlineTokenString, "secret1");
         AccessToken refreshedToken = oauth.verifyToken(response.getAccessToken());

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java
index 307ef96..01d4beb 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java
@@ -22,12 +22,14 @@ import java.util.List;
 import java.util.Map;
 
 
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.ClientResource;
 import org.keycloak.admin.client.resource.ProtocolMappersResource;
 import org.keycloak.admin.client.resource.UserResource;
+import org.keycloak.testsuite.util.ProtocolMapperUtil;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
 import org.keycloak.protocol.oidc.mappers.AddressMapper;
 import org.keycloak.representations.AccessToken;
@@ -83,6 +85,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         oauth.clientId("test-app");
     }
 
+
+    private void deleteMappers(ProtocolMappersResource protocolMappers) {
+        ProtocolMapperRepresentation mapper = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappers, OIDCLoginProtocol.LOGIN_PROTOCOL, "Realm roles mapper");
+        protocolMappers.delete(mapper.getId());
+
+        mapper = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappers, OIDCLoginProtocol.LOGIN_PROTOCOL, "Client roles mapper");
+        protocolMappers.delete(mapper.getId());
+    }
+
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation realm = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
@@ -239,12 +250,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         String realmRoleMappings = (String) roleMappings.get("realm");
         String testAppMappings = (String) roleMappings.get("test-app");
         assertRoles(realmRoleMappings,
-          "pref.user",                      // from direct assignment in user definition
-          "pref.offline_access"             // from direct assignment in user definition
+                "pref.user",                      // from direct assignment in user definition
+                "pref.offline_access"             // from direct assignment in user definition
         );
         assertRoles(testAppMappings,
           "customer-user"                   // from direct assignment in user definition
         );
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
 
@@ -268,11 +282,11 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         String realmRoleMappings = (String) roleMappings.get("realm");
         String testAppMappings = (String) roleMappings.get(clientId);
         assertRoles(realmRoleMappings,
-          "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
-          "pref.user",                      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
-          "pref.customer-user-premium",     // from client role customer-admin-composite-role - realm role for test-app
-          "pref.realm-composite-role",      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
-          "pref.sample-realm-role"          // from realm role realm-composite-role
+                "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
+                "pref.user",                      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.customer-user-premium",     // from client role customer-admin-composite-role - realm role for test-app
+                "pref.realm-composite-role",      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.sample-realm-role"          // from realm role realm-composite-role
         );
         assertRoles(testAppMappings,
           "ta.customer-user",                  // from direct assignment to /roleRichGroup/level2group
@@ -280,6 +294,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
           "ta.customer-admin",                 // from client role customer-admin-composite-role - client role for test-app
           "ta.sample-client-role"              // from realm role realm-composite-role - client role for test-app
         );
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
     @Test
@@ -303,13 +320,16 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         String realmRoleMappings = (String) roleMappings.get("realm");
         String testAppAuthzMappings = (String) roleMappings.get(clientId);
         assertRoles(realmRoleMappings,
-          "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
-          "pref.user",                      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
-          "pref.customer-user-premium",     // from client role customer-admin-composite-role - realm role for test-app
-          "pref.realm-composite-role",      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
-          "pref.sample-realm-role"          // from realm role realm-composite-role
+                "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
+                "pref.user",                      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.customer-user-premium",     // from client role customer-admin-composite-role - realm role for test-app
+                "pref.realm-composite-role",      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.sample-realm-role"          // from realm role realm-composite-role
         );
         assertRoles(testAppAuthzMappings);  // There is no client role defined for test-app-authz
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
     @Test
@@ -333,12 +353,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         String realmRoleMappings = (String) roleMappings.get("realm");
         String testAppScopeMappings = (String) roleMappings.get(clientId);
         assertRoles(realmRoleMappings,
-          "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
-          "pref.user"                       // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
+                "pref.user"                       // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
         );
         assertRoles(testAppScopeMappings,
           "test-app-allowed-by-scope"       // from direct assignment to roleRichUser, present as scope allows it
         );
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
     @Test
@@ -369,6 +392,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
           "test-app-allowed-by-scope",      // from direct assignment to roleRichUser, present as scope allows it
           "customer-admin-composite-role"   // from direct assignment to /roleRichGroup/level2group, present as scope allows it
         );
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
     private void assertRoles(String actualRoleString, String...expectedRoles) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java
index 4f94260..ffa5651 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java
@@ -143,6 +143,11 @@ public class AuthnRequestNameIdFormatTest extends AbstractSamlTest {
         clientRes.update(client);
 
         testLoginWithNameIdPolicy(Binding.REDIRECT, Binding.POST, null, is("bburke"));
+
+        // Revert
+        client = clientRes.toRepresentation();
+        client.getAttributes().put(SamlConfigAttributes.SAML_FORCE_POST_BINDING, "false");
+        clientRes.update(client);
     }
 
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java
index 5e61d00..db16f02 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java
@@ -25,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientResource;
 import org.keycloak.admin.client.resource.ClientTemplateResource;
 import org.keycloak.admin.client.resource.ClientTemplatesResource;
 import org.keycloak.admin.client.resource.ClientsResource;
+import org.keycloak.admin.client.resource.ComponentsResource;
 import org.keycloak.admin.client.resource.GroupResource;
 import org.keycloak.admin.client.resource.GroupsResource;
 import org.keycloak.admin.client.resource.IdentityProviderResource;
@@ -282,6 +283,20 @@ public class AdminEventPaths {
         return uri.toString();
     }
 
+    // COMPONENTS
+    public static String componentsPath() {
+        URI uri = UriBuilder.fromUri("").path(RealmResource.class, "components").build();
+        return uri.toString();
+    }
+
+    public static String componentPath(String componentId) {
+        URI uri = UriBuilder.fromUri(componentsPath()).path(ComponentsResource.class, "component").build(componentId);
+        return uri.toString();
+    }
+
+
+
+
     // CLIENT INITIAL ACCESS
 
     public static String clientInitialAccessPath(String clientInitialAccessId) {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java
index 4736165..ec1156a 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java
@@ -64,7 +64,7 @@ public class AssertAdminEvents implements TestRule {
             @Override
             public void evaluate() throws Throwable {
                 // TODO: Ideally clear the queue just before testClass rather then before each method
-                context.getTestingClient().testing().clearAdminEventQueue();
+                clear();
                 base.evaluate();
                 // TODO Test should fail if there are leftover events
             }
@@ -85,12 +85,7 @@ public class AssertAdminEvents implements TestRule {
 
     // Clears both "classic" and admin events for now
     public void clear() {
-        Response res = context.getTestingClient().testing().clearAdminEventQueue();
-        try {
-            Assert.assertEquals("clear-admin-event-queue success", res.getStatus(), 200);
-        } finally {
-            res.close();
-        }
+        context.getTestingClient().testing().clearAdminEventQueue();
     }
 
     private AdminEventRepresentation fetchNextEvent() {

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java
index 6bcea06..e8e9e62 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java
@@ -1,6 +1,8 @@
 package org.keycloak.testsuite.util;
 
+import org.keycloak.admin.client.resource.ProtocolMappersResource;
 import org.keycloak.models.utils.ModelToRepresentation;
+import org.keycloak.protocol.ProtocolMapper;
 import org.keycloak.protocol.oidc.mappers.AddressMapper;
 import org.keycloak.protocol.oidc.mappers.HardcodedClaim;
 import org.keycloak.protocol.oidc.mappers.HardcodedRole;
@@ -123,4 +125,13 @@ public class ProtocolMapperUtil {
 
         return ModelToRepresentation.toRepresentation(UserClientRoleMappingMapper.create(clientId, clientRolePrefix, name, tokenClaimName, accessToken, idToken));
     }
+
+    public static ProtocolMapperRepresentation getMapperByNameAndProtocol(ProtocolMappersResource protocolMappers, String protocol, String name) {
+        for (ProtocolMapperRepresentation mapper : protocolMappers.getMappersPerProtocol(protocol)) {
+            if (name.equals(mapper.getName())) {
+                return mapper;
+            }
+        }
+        return null;
+    }
 }

diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/log4j.properties b/testsuite/integration-arquillian/tests/base/src/test/resources/log4j.properties
index b9541e9..58fde2c 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/log4j.properties
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/log4j.properties
@@ -25,7 +25,9 @@ log4j.appender.testsuite=org.apache.log4j.ConsoleAppender
 log4j.appender.testsuite.layout=org.apache.log4j.PatternLayout
 log4j.appender.testsuite.layout.ConversionPattern=%d{HH:mm:ss,SSS} %-5p [%C{1}] %m%n
 
-log4j.logger.org.keycloak=off, keycloak
+# Logging with "info" when running test from IDE, but disabled when running test with "mvn" . Both cases can be overriden by use system property "keycloak.logging.level" (eg. -Dkeycloak.logging.level=debug )
+keycloak.logging.level=info
+log4j.logger.org.keycloak=${keycloak.logging.level}, keycloak
 
 log4j.logger.org.jboss.resteasy.resteasy_jaxrs.i18n=off
 

diff --git a/testsuite/integration-arquillian/tests/other/pom.xml b/testsuite/integration-arquillian/tests/other/pom.xml
index 4bca016..5278814 100644
--- a/testsuite/integration-arquillian/tests/other/pom.xml
+++ b/testsuite/integration-arquillian/tests/other/pom.xml
@@ -154,14 +154,12 @@
                 <module>nodejs_adapter</module>
             </modules>
         </profile>
-<!--
         <profile>
-            <id>auth-server-wildfly</id>
+            <id>server-config-migration</id>
             <modules>
                 <module>server-config-migration</module>
             </modules>
         </profile>
- -->
     </profiles>
 
 </project>

diff --git a/testsuite/integration-arquillian/tests/other/server-config-migration/pom.xml b/testsuite/integration-arquillian/tests/other/server-config-migration/pom.xml
index 559c60f..5d15596 100644
--- a/testsuite/integration-arquillian/tests/other/server-config-migration/pom.xml
+++ b/testsuite/integration-arquillian/tests/other/server-config-migration/pom.xml
@@ -48,6 +48,12 @@
             <artifactId>jboss-dmr</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-server-dist</artifactId>
+            <type>zip</type>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     
     <build>

diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index f12e4db..799053e 100755
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -78,6 +78,8 @@
         <frontend.console.output>true</frontend.console.output>
         <backends.console.output>true</backends.console.output>
 
+        <keycloak.logging.level>off</keycloak.logging.level>
+
         <testsuite.constants>${project.build.directory}/dependency/test-constants.properties</testsuite.constants>
 
         <skip.add.user.json>false</skip.add.user.json>
@@ -187,6 +189,8 @@
                             <firefox_binary>${firefox_binary}</firefox_binary>
                             <phantomjs.cli.args>${phantomjs.cli.args}</phantomjs.cli.args>
 
+                            <keycloak.logging.level>${keycloak.logging.level}</keycloak.logging.level>
+
                             <project.version>${project.version}</project.version>
                             <migration.project.version>${migration.project.version}</migration.project.version>
                             <migration.product.version>${migration.product.version}</migration.product.version>

diff --git a/themes/src/main/resources/theme/base/account/messages/messages_de.properties b/themes/src/main/resources/theme/base/account/messages/messages_de.properties
index f91c8d9..e0706ba 100644
--- a/themes/src/main/resources/theme/base/account/messages/messages_de.properties
+++ b/themes/src/main/resources/theme/base/account/messages/messages_de.properties
@@ -1,23 +1,23 @@
-doLogOutAllSessions=Alle Sessionen abmelden
+doLogOutAllSessions=Alle Sitzungen abmelden
 doSave=Speichern
 doCancel=Abbrechen
 doRemove=Entfernen
 doAdd=Hinzuf\u00FCgen
 doSignOut=Abmelden
 
-editAccountHtmlTitle=Benutzerkonto Bearbeiten
+editAccountHtmlTitle=Benutzerkonto bearbeiten
 federatedIdentitiesHtmlTitle=Federated Identities
 accountLogHtmlTitle=Benutzerkonto Log
 changePasswordHtmlTitle=Passwort \u00C4ndern
-sessionsHtmlTitle=Sessions
+sessionsHtmlTitle=Sitzungen
 accountManagementTitle=Keycloak Benutzerkontoverwaltung
 authenticatorTitle=Authenticator
 
-authenticatorCode=One-time code
+authenticatorCode=One-time Code
 email=E-Mail
 firstName=Vorname
 givenName=Vorname
-fullName=voller Name
+fullName=Voller Name
 lastName=Nachname
 familyName=Nachname
 password=Passwort
@@ -25,7 +25,7 @@ passwordConfirm=Passwortbest\u00E4tigung
 passwordNew=Neues Passwort
 username=Benutzernamen
 address=Adresse
-street=Strasse
+street=Stra\u00DFe
 region=Staat, Provinz, Region
 postal_code=PLZ
 locality=Stadt oder Ortschaft
@@ -38,10 +38,10 @@ role_realm-admin=Realm Admin
 role_create-realm=Realm erstellen
 role_view-realm=Realm ansehen
 role_view-users=Benutzer ansehen
-role_view-applications=Applicationen ansehen
+role_view-applications=Applikationen ansehen
 role_view-clients=Clients ansehen
 role_view-events=Events ansehen
-role_view-identity-providers=Identity Providers ansehen
+role_view-identity-providers=Identity Provider ansehen
 role_manage-realm=Realm verwalten
 role_manage-users=Benutzer verwalten
 role_manage-applications=Applikationen verwalten
@@ -53,7 +53,7 @@ role_manage-account=Profile verwalten
 client_account=Konto
 
 requiredFields=Erforderliche Felder
-allFieldsRequired=Alle Felder sind Erforderlich
+allFieldsRequired=Alle Felder sind erforderlich
 
 backToApplication=« Zur\u00FCck zur Applikation
 backTo=Zur\u00FCck zu {0}
@@ -67,19 +67,19 @@ details=Details
 started=Startdatum
 lastAccess=Letzter Zugriff
 expires=Ablaufdatum
-applications=Applicationen
+applications=Applikationen
 
 account=Benutzerkonto
 federatedIdentity=Federated Identity
 authenticator=Authenticator
-sessions=Sessionen
+sessions=Sitzungen
 log=Log
 
-configureAuthenticators=Authenticators konfigurieren
+configureAuthenticators=Authenticatoren konfigurieren
 mobile=Mobile
 totpStep1=Installieren Sie <a href="https://fedorahosted.org/freeotp/" target="_blank">FreeOTP</a> oder <a href="http://code.google.com/p/google-authenticator/" target="_blank">Google Authenticator</a> auf Ihrem Smartphone.
-totpStep2=\u00D6ffnen Sie die Applikation und scannen Sie den Barcode oder geben sie den Code ein.
-totpStep3=Geben Sie den One-time Code welcher die Applikation generiert hat ein und klicken Sie auf Speichern.
+totpStep2=\u00D6ffnen Sie die Applikation und scannen Sie den Barcode oder geben Sie den Code ein.
+totpStep3=Geben Sie den von der Applikation generierten One-time Code ein und klicken Sie auf Speichern.
 
 missingUsernameMessage=Bitte geben Sie einen Benutzernamen ein.
 missingFirstNameMessage=Bitte geben Sie einen Vornamen ein.
@@ -107,18 +107,18 @@ missingIdentityProviderMessage=Identity Provider nicht angegeben.
 invalidFederatedIdentityActionMessage=Ung\u00FCltige oder fehlende Aktion.
 identityProviderNotFoundMessage=Angegebener Identity Provider nicht gefunden.
 federatedIdentityLinkNotActiveMessage=Diese Identit\u00E4t ist nicht mehr aktiv.
-federatedIdentityRemovingLastProviderMessage=Sie k\u00F6nnen den letzen Eintrag nicht entfernen, da Sie kein Passwort haben.
+federatedIdentityRemovingLastProviderMessage=Sie k\u00F6nnen den letzten Eintrag nicht entfernen, da Sie kein Passwort haben.
 identityProviderRedirectErrorMessage=Fehler bei der Weiterleitung zum Identity Provider.
 identityProviderRemovedMessage=Identity Provider erfolgreich entfernt.
 
 accountDisabledMessage=Benutzerkonto ist gesperrt, bitte kontaktieren Sie den Admin.
 
 accountTemporarilyDisabledMessage=Benutzerkonto ist tempor\u00E4r gesperrt, bitte kontaktieren Sie den Admin oder versuchen Sie es sp\u00E4ter noch einmal.
-invalidPasswordMinLengthMessage=Ung\u00FCltiges Passwort\: minimum l\u00E4nge {0}.
+invalidPasswordMinLengthMessage=Ung\u00FCltiges Passwort\: Minimall\u00E4nge {0}.
 invalidPasswordMinDigitsMessage=Ung\u00FCltiges Passwort\: muss mindestens {0} Zahl(en) beinhalten.
 invalidPasswordMinLowerCaseCharsMessage=Ung\u00FCltiges Passwort\: muss mindestens {0} Kleinbuchstaben beinhalten.
 invalidPasswordMinUpperCaseCharsMessage=Ung\u00FCltiges Passwort\: muss mindestens {0} Grossbuchstaben beinhalten.
 invalidPasswordMinSpecialCharsMessage=Ung\u00FCltiges Passwort\: muss mindestens {0} Spezialzeichen beinhalten.
 invalidPasswordNotUsernameMessage=Ung\u00FCltiges Passwort\: darf nicht gleich sein wie Benutzername.
 invalidPasswordRegexPatternMessage=Ung\u00FCltiges Passwort\: nicht Regex-Muster (n) entsprechen.
-invalidPasswordHistoryMessage=Ung\u00FCltiges Passwort: darf nicht gleich einem der letzten {0} Passwortgeschichte.
\ No newline at end of file
+invalidPasswordHistoryMessage=Ung\u00FCltiges Passwort: darf nicht einem der letzten {0} Passw\u00F6rter entsprechen.
\ No newline at end of file

diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_fr.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_fr.properties
index b923234..976ba69 100644
--- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_fr.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_fr.properties
@@ -1,17 +1,39 @@
+consoleTitle=Keycloak Admin Console
+
 # Common messages
 enabled=Actif
 name=Nom
+displayName=Display name
+displayNameHtml=HTML Display name
 save=Sauver
 cancel=Annuler
 onText=Oui
 offText=Non
 client=Client
+clients=Clients
 clear=Effacer
+selectOne=Select One...
+
+manage=Gérer
+authentication=Authentification
+user-federation=Regroupement Utilisateur
+user-storage=Stockage Utilisateur
+events=Ev\u00e8nements
+realm-settings=Configurations du domaine
+configure=Configurer
+select-realm=Choisir un domaine
+add=Ajouter
+
+true=Vrai
+false=Faux
+
+endpoints=Endpoints
 
 # Realm settings
 realm-detail.enabled.tooltip=Les utilisateurs et les clients peuvent acc\u00e9der au domaine si celui-ci est actif
+realm-detail.oidc-endpoints.tooltip=Affiche les configurations du endpoint OpenID Connect
 registrationAllowed=Enregistrement d''utilisateur
-registrationAllowed.tooltip=Activ\u00e9/d\u00e9sactiv\u00e9 la page d''enregistrement. Un lien pour l''enregistrement sera visible sur la page de connexion.
+registrationAllowed.tooltip=Activer/d\u00e9sactiver la page d''enregistrement. Un lien pour l''enregistrement sera visible sur la page de connexion.
 registrationEmailAsUsername=Courriel comme nom d''utilisateur
 registrationEmailAsUsername.tooltip=Si actif le champ du nom de l''utilisateur est cach\u00e9 pendant l''enregistrement, le courriel est utilis\u00e9 comme nom d''utilisateur.
 editUsernameAllowed=Editez le nom de l''utilisateur
@@ -22,19 +44,23 @@ rememberMe=Se souvenir de moi
 rememberMe.tooltip=Afficher la case \u00e0 cocher sur la page de connexion pour permettre aux utilisateurs de rester connecter entre deux red\u00e9marrages de leur navigateur jusqu''\u00e0 expiration de la session.
 verifyEmail=Verifier le courriel
 verifyEmail.tooltip=Force l''utilisateur \u00e0 v\u00e9rifier son courriel lors de la premi\u00e8re connexion.
+loginWithEmailAllowed=Authentification avec courriel
+loginWithEmailAllowed.tooltip=Autoriser l''utilisateur \u00e0 s''authentifier avec son adresse de courriel.
+duplicateEmailsAllowed=Doublon courriel
+duplicateEmailsAllowed.tooltip=Autoriser plusieurs utilisateurs \u00e0 avoir la m\u00eame adresse de courriel. Changer cette configuration va vider le cache. Il est recommand\u00e9 de mettre \u00e0 jour manuellement les contraintes sur le courriel dans la base de donn\u00e0e apr\u00e8s la d\u00e9sactivation du support des doublons.
 sslRequired=SSL requis
 sslRequired.option.all=toutes les requ\u00eates
 sslRequired.option.external=les requ\u00eates externes
 sslRequired.option.none=aucun
 sslRequired.tooltip=Si le HTTPS est requis ?  ''aucun'' signifie que le HTTPS n''est requis pour aucune adresse IP cliente. ''les requ\u00eates externes'' signifie que localhost et les adresses IP priv\u00e9es peuvent acc\u00e9der sans HTTPS.  ''toutes les requ\u00eates'' signifie que le protocole HTTPS est obligatoire pour toutes les adresses IP.
 publicKey=Clef publique
-gen-new-keys=Cr\u00e9ation de nouvelle clef 
+gen-new-keys=Cr\u00e9ation de nouvelle clef
 certificate=Certificat
 host=H\u00f4te
 smtp-host=SMTP h\u00f4te
 port=Port
 smtp-port=SMTP Port (par defaut 25)
-from=De 
+from=De
 sender-email-addr=Courriel de l''exp\u00e9diteur
 enable-ssl=Activer SSL/TLS
 enable-start-tls=Activer StartTLS
@@ -86,7 +112,7 @@ max-login-failures.tooltip=Combien d''erreur avant le temps d''attente.
 wait-increment=Temps d''attente
 wait-increment.tooltip=Quand le seuil des erreurs est atteint,combien de temps l''utilisateur est-il bloqu\u00e9 ?
 quick-login-check-millis=Nombre de milli-secondes entre deux connexions
-quick-login-check-millis.tooltip=Si une erreur apparait trop rapidement, bloquer le compte utilisateur. 
+quick-login-check-millis.tooltip=Si une erreur apparait trop rapidement, bloquer le compte utilisateur.
 min-quick-login-wait=Dur\u00e9e minimale d''attente entre deux connexions
 min-quick-login-wait.tooltip=Dur\u00e9e d''attente demand\u00e9e apr\u00e8s une erreur entre deux connexion.
 max-wait=Dur\u00e9e maximale d''attente

diff --git a/themes/src/main/resources/theme/base/email/messages/messages_de.properties b/themes/src/main/resources/theme/base/email/messages/messages_de.properties
index c997261..93307a6 100755
--- a/themes/src/main/resources/theme/base/email/messages/messages_de.properties
+++ b/themes/src/main/resources/theme/base/email/messages/messages_de.properties
@@ -1,10 +1,10 @@
 emailVerificationSubject=E-Mail verifizieren
 passwordResetSubject=Passwort zur\u00FCckzusetzen
-emailVerificationBody=Jemand hat ein {2} Konto mit dieser E-Mail Adresse erstellt. Fall das Sie waren, dann klicken Sie auf den Link um die E-Mail Adresse zu verifizieren.\n\n{0}\n\nDieser Link wird in {1} Minuten ablaufen.\n\nFalls Sie dieses Konto nicht erstellt haben, dann k\u00F6nnen sie diese Nachricht ignorieren.
-emailVerificationBodyHtml=<p>Jemand hat ein {2} Konto mit dieser E-Mail Adresse erstellt. Fall das Sie waren, dann klicken Sie auf den Link um die E-Mail Adresse zu verifizieren.</p><p><a href="{0}">{0}</a></p><p>Dieser Link wird in {1} Minuten ablaufen.</p><p>Falls Sie dieses Konto nicht erstellt haben, dann k\u00F6nnen sie diese Nachricht ignorieren.</p>
+emailVerificationBody=Jemand hat ein {2} Konto mit dieser E-Mail Adresse erstellt. Fall Sie das waren, dann klicken Sie auf den Link, um die E-Mail Adresse zu verifizieren.\n\n{0}\n\nDieser Link wird in {1} Minuten ablaufen.\n\nFalls Sie dieses Konto nicht erstellt haben, dann k\u00F6nnen sie diese Nachricht ignorieren.
+emailVerificationBodyHtml=<p>Jemand hat ein {2} Konto mit dieser E-Mail Adresse erstellt. Fall das Sie waren, klicken Sie auf den Link, um die E-Mail Adresse zu verifizieren.</p><p><a href="{0}">{0}</a></p><p>Dieser Link wird in {1} Minuten ablaufen.</p><p>Falls Sie dieses Konto nicht erstellt haben, dann k\u00F6nnen sie diese Nachricht ignorieren.</p>
 eventLoginErrorSubject=Fehlgeschlagene Anmeldung
-eventLoginErrorBody=Jemand hat um {0} von {1} versucht sich mit ihrem Konto anzumelden. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.
-eventLoginErrorBodyHtml=<p>Jemand hat um {0} von {1} versucht sich mit ihrem Konto anzumelden. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.</p>
+eventLoginErrorBody=Jemand hat um {0} von {1} versucht, sich mit ihrem Konto anzumelden. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.
+eventLoginErrorBodyHtml=<p>Jemand hat um {0} von {1} versucht, sich mit ihrem Konto anzumelden. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.</p>
 eventRemoveTotpSubject=TOTP Entfernt
 eventRemoveTotpBody=TOTP wurde von ihrem Konto am {0} von {1} entfernt. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.
 eventRemoveTotpBodyHtml=<p>TOTP wurde von ihrem Konto am {0} von {1} entfernt. Falls das nicht Sie waren, dann kontaktieren Sie bitte Ihren Admin.</p>

diff --git a/themes/src/main/resources/theme/base/email/messages/messages_en.properties b/themes/src/main/resources/theme/base/email/messages/messages_en.properties
index f4a945c..0f54719 100755
--- a/themes/src/main/resources/theme/base/email/messages/messages_en.properties
+++ b/themes/src/main/resources/theme/base/email/messages/messages_en.properties
@@ -8,8 +8,8 @@ passwordResetSubject=Reset password
 passwordResetBody=Someone just requested to change your {2} account''s credentials. If this was you, click on the link below to reset them.\n\n{0}\n\nThis link and code will expire within {1} minutes.\n\nIf you don''t want to reset your credentials, just ignore this message and nothing will be changed.
 passwordResetBodyHtml=<p>Someone just requested to change your {2} account''s credentials. If this was you, click on the link below to reset them.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you don''t want to reset your credentials, just ignore this message and nothing will be changed.</p>
 executeActionsSubject=Update Your Account
-executeActionsBody=Your adminstrator has just requested that you update your {2} account. Click on the link below to start this process.\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you are unaware that your admin has requested this, just ignore this message and nothing will be changed.
-executeActionsBodyHtml=<p>Your adminstrator has just requested that you update your {2} account.  Click on the link below to start this process.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you are unaware that your admin has requested this, just ignore this message and nothing will be changed.</p>
+executeActionsBody=Your administrator has just requested that you update your {2} account. Click on the link below to start this process.\n\n{0}\n\nThis link will expire within {1} minutes.\n\nIf you are unaware that your admin has requested this, just ignore this message and nothing will be changed.
+executeActionsBodyHtml=<p>Your administrator has just requested that you update your {2} account.  Click on the link below to start this process.</p><p><a href="{0}">{0}</a></p><p>This link will expire within {1} minutes.</p><p>If you are unaware that your admin has requested this, just ignore this message and nothing will be changed.</p>
 eventLoginErrorSubject=Login error
 eventLoginErrorBody=A failed login attempt was detected to your account on {0} from {1}. If this was not you, please contact an admin.
 eventLoginErrorBodyHtml=<p>A failed login attempt was detected to your account on {0} from {1}. If this was not you, please contact an admin.</p>

diff --git a/themes/src/main/resources/theme/base/login/messages/messages_de.properties b/themes/src/main/resources/theme/base/login/messages/messages_de.properties
index ee5f3b9..29fb1f7 100755
--- a/themes/src/main/resources/theme/base/login/messages/messages_de.properties
+++ b/themes/src/main/resources/theme/base/login/messages/messages_de.properties
@@ -5,17 +5,17 @@ doSubmit=Absenden
 doYes=Ja
 doNo=Nein
 doAccept=Annehmen
-doDecline=Ablehen
+doDecline=Ablehnen
 doContinue=Weiter
 doForgotPassword=Passwort vergessen?
-doClickHere=hier klicken
+doClickHere=Hier klicken
 doImpersonate=Identit\u00E4tswechsel
 kerberosNotConfigured=Kerberos ist nicht konfiguriert.
 kerberosNotConfiguredTitle=Kerberos nicht konfiguriert
-bypassKerberos=Ihr Browser is nicht f\u00FCr Kerberos login konfiguriert. Bitte klicken sie auf weiter um mit einem anderen Anmeldeverfahren fortzufahren
+bypassKerberos=Ihr Browser is nicht f\u00FCr Kerberos Login konfiguriert. Bitte klicken Sie auf Weiter, um mit einem anderen Anmeldeverfahren fortzufahren
 kerberosNotSetUp=Kerberos ist nicht konfiguriert. Sie k\u00F6nnen sich damit nicht anmelden.
 recaptchaFailed=Ung\u00FCltiges Recaptcha
-recaptchaNotConfigured=Recaptcha Eingabe ist erforderlich, jedoch noch nicht konfiguriert
+recaptchaNotConfigured=Recaptcha Eingabe ist erforderlich, jedoch noch nicht konfiguriert.
 consentDenied=Zustimmung verweigert.
 
 registerWithTitle=Registrierung bei {0}
@@ -26,7 +26,7 @@ loginOauthTitle=
 loginOauthTitleHtml=Tempor\u00E4rer Zugriff auf <strong>{0}</strong> angefordert von <strong>{1}</strong>.
 loginTotpTitle=Mobile Authentifizierung einrichten
 loginProfileTitle=Benutzerkonto Informationen aktualisieren
-loginTimeout=Sie haben zu lange gebraucht um sich anzumelden. Bitte versuchen Sie es erneut.
+loginTimeout=Sie haben zu lange gebraucht, um sich anzumelden. Bitte versuchen Sie es erneut.
 impersonateTitle={0} Identit\u00E4tswechsel
 impersonateTitleHtml=<strong>{0}</strong> Identit\u00E4tswechsel</strong>
 unknownUser=Unbekannter Benutzer
@@ -38,15 +38,15 @@ errorTitleHtml=Es ist ein Fehler aufgetreten.
 emailVerifyTitle=E-Mail verifizieren
 emailForgotTitle=Passwort vergessen?
 updatePasswordTitle=Passwort aktualisieren
-codeSuccessTitle=Erfolgreicher code
-codeErrorTitle=Fehler code\: {0}
+codeSuccessTitle=Erfolgreicher Code
+codeErrorTitle=Fehlercode\: {0}
 
 noAccount=Neuer Benutzer?
 username=Benutzername
 usernameOrEmail=Benutzername oder E-Mail
 firstName=Vorname
 givenName=Vorname
-fullName=voller Name
+fullName=Voller Name
 lastName=Nachname
 familyName=Nachname
 email=E-Mail
@@ -57,7 +57,7 @@ passwordNewConfirm=Neues Passwort best\u00E4tigen
 rememberMe=Angemeldet bleiben
 authenticatorCode=One-time Code
 address=Adresse
-street=Strasse
+street=Stra\u00DFe
 region=Staat, Provinz, Region
 postal_code=PLZ
 locality=Stadt oder Ortschaft
@@ -66,8 +66,8 @@ emailVerified=E-Mail verifiziert
 gssDelegationCredential=GSS delegierte Berechtigung
 
 loginTotpStep1=Installieren Sie <a href="https://freeotp.github.io/" target="_blank">FreeOTP</a> oder <a href="http://code.google.com/p/google-authenticator/" target="_blank">Google Authenticator</a> auf Ihrem Smartphone.
-loginTotpStep2=\u00D6ffnen Sie die Applikation und scannen Sie den Barcode oder geben sie den Code ein.
-loginTotpStep3=Geben Sie den One-time Code welcher die Applikation generiert hat ein und klicken Sie auf Absenden.
+loginTotpStep2=\u00D6ffnen Sie die Applikation und scannen Sie den Barcode oder geben Sie den Code ein.
+loginTotpStep3=Geben Sie den von der Applikation generierten One-time Code ein und klicken Sie auf Absenden.
 loginTotpOneTime=One-time Code
 
 oauthGrantRequest=Wollen Sie diese Zugriffsrechte gew\u00E4hren?
@@ -81,10 +81,10 @@ backToLogin=&laquo; Zur\u00FCck zur Anmeldung
 backToApplication=&laquo; Zur\u00FCck zur Applikation
 
 temporaryEmailCode=Tempor\u00E4rer Email Code
-emailInstruction=Geben Sie ihren Benutzernamen oder E-Mail Adresse ein und klicken Sie auf Absenden. Danach werden wir ihnen eine E-Mail mit weiteren Instruktionen zusenden.
-validateResetEmailInstruction=Eine E-Mail wurde an sie versendet. Klicken sie auf die URL in der E-Mail um ihr Passwort zur\u00FCckzusetzen und sich neu anzumelden. Alternativ k\u00F6nnen sie den Tempor\u00E4ren Code aus der E-Mail in das Eingabefeld unten links eingeben und auf Absenden klicken.
+emailInstruction=Geben Sie ihren Benutzernamen oder E-Mail Adresse ein und klicken Sie auf Absenden. Danach werden wir Ihnen eine E-Mail mit weiteren Instruktionen zusenden.
+validateResetEmailInstruction=Eine E-Mail wurde an Sie versendet. Klicken Sie auf die URL in der E-Mail, um ihr Passwort zur\u00FCckzusetzen und sich neu anzumelden. Alternativ k\u00F6nnen Sie den Tempor\u00E4ren Code aus der E-Mail in das Eingabefeld unten links eingeben und auf Absenden klicken.
 
-copyCodeInstruction=Bitte kopieren sie den folgenden Code und f\u00FCgen ihn in die Anwendung ein\:
+copyCodeInstruction=Bitte kopieren Sie den folgenden Code und f\u00FCgen ihn in die Applikation ein\:
 
 personalInfo=Pers\u00F6nliche Informationen:
 
@@ -93,7 +93,7 @@ role_realm-admin=Realm Admin
 role_create-realm=Realm erstellen
 role_view-realm=Realm ansehen
 role_view-users=Benutzer ansehen
-role_view-applications=Anwendungen ansehen
+role_view-applications=Applikationen ansehen
 role_view-clients=Clients ansehen
 role_view-events=Events ansehen
 role_view-identity-providers=Identity Provider ansehen
@@ -109,8 +109,8 @@ role_manage-account=Profile verwalten
 invalidUserMessage=Ung\u00FCltiger Benutzername oder Passwort.
 invalidEmailMessage=Ung\u00FCltige E-Mail Adresse.
 accountDisabledMessage=Benutzerkonto ist gesperrt, bitte kontaktieren Sie den Admin.
-accountTemporarilyDisabledMessage=Benutzerkonto ist tempor\u00E4r gesperrt, bitte kontaktieren Sie den Admin oder versuchen Sie es sp\u00E4ter noch einmal.
-expiredCodeMessage=Zeit\u00FCberschreitung bei der Anmeldung. Bitter melden Sie sich erneut an.
+accountTemporarilyDisabledMessage=Benutzerkonto ist tempor\u00E4r gesperrt. Bitte kontaktieren Sie den Admin oder versuchen Sie es sp\u00E4ter noch einmal.
+expiredCodeMessage=Zeit\u00FCberschreitung bei der Anmeldung. Bitte melden Sie sich erneut an.
 
 missingFirstNameMessage=Bitte geben Sie einen Vornamen ein.
 missingLastNameMessage=Bitte geben Sie einen Nachnamen ein.
@@ -120,23 +120,23 @@ missingPasswordMessage=Bitte geben Sie ein Passwort ein.
 missingTotpMessage=Bitte geben Sie den One-time Code ein.
 notMatchPasswordMessage=Passw\u00F6rter sind nicht identisch.
 
-invalidPasswordExistingMessage=Das aktuelle Passwort is ung\u00FCltig.
+invalidPasswordExistingMessage=Das aktuelle Passwort ist ung\u00FCltig.
 invalidPasswordConfirmMessage=Die Passwortbest\u00E4tigung ist nicht identisch.
 invalidTotpMessage=Ung\u00FCltiger One-time Code.
 
 usernameExistsMessage=Benutzername existiert bereits.
 emailExistsMessage=E-Mail existiert bereits.
 
-federatedIdentityEmailExistsMessage=Es existiert bereits ein Benutzer mit dieser E-Mail Adresse. Bitte melden Sie sich bei der Benutzerverwaltung an um das Benutzerkonto zu verkn\u00FCpfen.
-federatedIdentityUsernameExistsMessage=Es existiert bereits ein Benutzer mit diesem Benutzernamen. Bitte melden Sie sich bei der Benutzerverwaltung an um das Benutzerkonto zu verkn\u00FCpfen.
+federatedIdentityEmailExistsMessage=Es existiert bereits ein Benutzer mit dieser E-Mail Adresse. Bitte melden Sie sich bei der Benutzerverwaltung an, um das Benutzerkonto zu verkn\u00FCpfen.
+federatedIdentityUsernameExistsMessage=Es existiert bereits ein Benutzer mit diesem Benutzernamen. Bitte melden Sie sich bei der Benutzerverwaltung an, um das Benutzerkonto zu verkn\u00FCpfen.
 
-configureTotpMessage=Sie m\u00FCssen eine Mobile Authentifizierung einrichten um das Benutzerkonto zu aktivieren.
-updateProfileMessage=Sie m\u00FCssen ihr Benutzerkonto aktualisieren um das Benutzerkonto zu aktivieren.
-updatePasswordMessage=Sie m\u00FCssen ihr Passwort \u00E4ndern um das Benutzerkonto zu aktivieren.
-verifyEmailMessage=Sie m\u00FCssen ihre E-Mail Adresse verifizieren um das Benutzerkonto zu aktivieren.
+configureTotpMessage=Sie m\u00FCssen eine Mobile Authentifizierung einrichten, um das Benutzerkonto zu aktivieren.
+updateProfileMessage=Sie m\u00FCssen ihr Benutzerkonto aktualisieren, um das Benutzerkonto zu aktivieren.
+updatePasswordMessage=Sie m\u00FCssen ihr Passwort \u00E4ndern, um das Benutzerkonto zu aktivieren.
+verifyEmailMessage=Sie m\u00FCssen ihre E-Mail Adresse verifizieren, um das Benutzerkonto zu aktivieren.
 
 emailSentMessage=Sie sollten in k\u00FCrze ein E-Mail mit weiteren Instruktionen erhalten.
-emailSendErrorMessage=Das E-Mail konnte nicht versendet werden, bitte versuchen Sie es sp\u00E4ter nochmals.
+emailSendErrorMessage=Die E-Mail konnte nicht versendet werden. Bitte versuchen Sie es sp\u00E4ter nochmal einmal.
 
 accountUpdatedMessage=Ihr Benutzerkonto wurde aktualisiert.
 accountPasswordUpdatedMessage=Ihr Passwort wurde aktualisiert.
@@ -146,31 +146,31 @@ noAccessMessage=Kein Zugriff
 invalidPasswordMinLengthMessage=Ung\u00FCltiges Passwort\: Mindestl\u00E4nge {0}.
 invalidPasswordMinDigitsMessage=Ung\u00FCltiges Passwort\: muss mindestens {0} Ziffer(n) enthalten.
 invalidPasswordMinLowerCaseCharsMessage=Ung\u00FCltiges Passwort\: muss mindestens {0} Kleinbuchstaben enthalten.
-invalidPasswordMinUpperCaseCharsMessage=Ung\u00FCltiges Passwort\: muss mindestens {0} Grossbuchstaben enthalten.
+invalidPasswordMinUpperCaseCharsMessage=Ung\u00FCltiges Passwort\: muss mindestens {0} Gro\u00DFbuchstaben enthalten.
 invalidPasswordMinSpecialCharsMessage=Ung\u00FCltiges Passwort\: muss mindestens {0} Sonderzeichen enthalten.
 invalidPasswordNotUsernameMessage=Ung\u00FCltiges Passwort\: darf nicht dem Benutzernamen entsprechen.
-invalidPasswordRegexPatternMessage=Ung\u00FCltiges Passwort\: nicht Regex-Muster(n) entsprechen.
-invalidPasswordHistoryMessage=Ung\u00FCltiges Passwort\: darf nicht einem der letzten {0} Passw\u00F6rter entsprechen.
+invalidPasswordRegexPatternMessage=Ung\u00FCltiges Passwort\: entspricht nicht Regex-Muster(n).
+invalidPasswordHistoryMessage=Ung\u00FCltiges Passwort: darf nicht einem der letzten {0} Passw\u00F6rter entsprechen.
 
 failedToProcessResponseMessage=Konnte Antwort nicht verarbeiten.
 httpsRequiredMessage=HTTPS erforderlich.
 realmNotEnabledMessage=Realm nicht aktiviert.
 invalidRequestMessage=Ung\u00FCltiger Request.
-failedLogout=Logout fehlgeschlagen
-unknownLoginRequesterMessage=Ung\u00FCltiger Login Requester
+failedLogout=Logout fehlgeschlagen.
+unknownLoginRequesterMessage=Ung\u00FCltiger Login Requester.
 loginRequesterNotEnabledMessage=Login Requester nicht aktiviert.
 bearerOnlyMessage=Bearer-only Clients k\u00F6nnen sich nicht via Browser anmelden.
 directGrantsOnlyMessage=Direct-grants-only Clients k\u00F6nnen sich nicht via Browser anmelden.
-invalidRedirectUriMessage=Ung\u00FCltige redirect uri.
+invalidRedirectUriMessage=Ung\u00FCltige Redirect Uri.
 unsupportedNameIdFormatMessage=Nicht unterst\u00FCtztes NameIDFormat.
 invalidRequesterMessage=Ung\u00FCltiger Requester.
 registrationNotAllowedMessage=Registrierung nicht erlaubt.
-resetCredentialNotAllowedMessage=Reset Credential nicht erlaubt
+resetCredentialNotAllowedMessage=Reset Credential nicht erlaubt.
 
 permissionNotApprovedMessage=Berechtigung nicht best\u00E4tigt.
-noRelayStateInResponseMessage=Kein relay state in der Antwort von Identity Provider.
+noRelayStateInResponseMessage=Kein Relay State in der Antwort von Identity Provider.
 identityProviderAlreadyLinkedMessage=Die Identit\u00E4t welche von dem Identity Provider zur\u00FCckgegeben wurde ist bereits mit einem anderen Benutzer verkn\u00FCpft.
-insufficientPermissionMessage=Nicht gen\u00FCgend Rechte um die Identit\u00E4t zu verkn\u00FCpfen.
+insufficientPermissionMessage=Nicht gen\u00FCgend Rechte, um die Identit\u00E4t zu verkn\u00FCpfen.
 couldNotProceedWithAuthenticationRequestMessage=Konnte die Authentifizierungsanfrage nicht weiter verarbeiten.
 couldNotObtainTokenMessage=Konnte kein Token vom Identity Provider erhalten.
 unexpectedErrorRetrievingTokenMessage=Unerwarteter Fehler w\u00E4hrend dem Empfang des Tokens vom Identity Provider.
@@ -180,12 +180,12 @@ couldNotSendAuthenticationRequestMessage=Konnte Authentifizierungsanfrage nicht 
 unexpectedErrorHandlingRequestMessage=Unerwarteter Fehler w\u00E4hrend der Bearbeitung der Anfrage an den Identity Provider.
 invalidAccessCodeMessage=Ung\u00FCltiger Access-Code.
 sessionNotActiveMessage=Session nicht aktiv.
-unknownCodeMessage=Unbekannter Code, bitte melden Sie sich erneut \u00FCber die Anwendung an.
-invalidCodeMessage=Ung\u00FCltiger Code, bitte melden Sie sich erneut \u00FCber die Anwendung an.
+unknownCodeMessage=Unbekannter Code. Bitte melden Sie sich erneut \u00FCber die Applikation an.
+invalidCodeMessage=Ung\u00FCltiger Code, bitte melden Sie sich erneut \u00FCber die Applikation an.
 identityProviderUnexpectedErrorMessage=Unerwarteter Fehler w\u00E4hrend der Authentifizierung mit dem Identity Provider.
 identityProviderNotFoundMessage=Konnte keinen Identity Provider zu der Identit\u00E4t finden.
 realmSupportsNoCredentialsMessage=Realm unterst\u00FCtzt keine Credential Typen.
-identityProviderNotUniqueMessage=Der Realm unterst\u00FCtzt mehrere Identity Provider und es konnte kein eindeutiger Identity Provider zum Authentifizieren gew\u00E4hlt werden.
+identityProviderNotUniqueMessage=Der Realm unterst\u00FCtzt mehrere Identity Provider. Es konnte kein eindeutiger Identity Provider zum Authentifizieren gew\u00E4hlt werden.
 
 invalidParameterMessage=Ung\u00FCltiger Parameter\: {0}
 missingParameterMessage=Fehlender Parameter\: {0}

diff --git a/wildfly/server-subsystem/src/main/config/default-server-subsys-config.properties b/wildfly/server-subsystem/src/main/config/default-server-subsys-config.properties
index 132cbef..d7fab92 100644
--- a/wildfly/server-subsystem/src/main/config/default-server-subsys-config.properties
+++ b/wildfly/server-subsystem/src/main/config/default-server-subsys-config.properties
@@ -1,6 +1,12 @@
 # IMPORTANT: If you change this file you should also make equivalent changes
 # to src/main/resources/cli/default-keycloak-subsys-config.cli
 # The CLI file is packaged with the subsystem and extracted by the overlay distribution.
+#
+# Also, you should update the migrate-*.cli scripts in
+# <keycloak>/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin
+#
+# Furthermore, you should run the tests in
+# <keycloak>/testsuite/integration-arquillian/tests/other/server-config-migration
 
 keycloak.server.subsys.default.config=\
 <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">\

diff --git a/wildfly/server-subsystem/src/main/resources/subsystem-templates/README.md b/wildfly/server-subsystem/src/main/resources/subsystem-templates/README.md
new file mode 100644
index 0000000..616f8be
--- /dev/null
+++ b/wildfly/server-subsystem/src/main/resources/subsystem-templates/README.md
@@ -0,0 +1,8 @@
+Subsystem Config Files
+========
+
+IMPORTANT: If you change files in this directory you should also update the migrate-*.cli scripts in  
+`<keycloak>/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin`
+
+Furthermore, you should run the tests in  
+`<keycloak>/testsuite/integration-arquillian/tests/other/server-config-migration`
\ No newline at end of file