diff --git a/jboss/container/config/7.4/ee-elytron/standalone-openshift.xml b/jboss/container/config/7.4/ee-elytron/standalone-openshift.xml
new file mode 100644
index 00000000..bef4acef
--- /dev/null
+++ b/jboss/container/config/7.4/ee-elytron/standalone-openshift.xml
@@ -0,0 +1,563 @@
+<?xml version='1.0' encoding='UTF-8'?>
+
+<server xmlns="urn:jboss:domain:16.0">
+    <extensions>
+        <extension module="org.jboss.as.clustering.infinispan"/>
+        <extension module="org.jboss.as.clustering.jgroups"/>
+        <extension module="org.jboss.as.connector"/>
+        <extension module="org.jboss.as.deployment-scanner"/>
+        <extension module="org.jboss.as.ee"/>
+        <extension module="org.jboss.as.ejb3"/>
+        <extension module="org.jboss.as.jaxrs"/>
+        <extension module="org.jboss.as.jdr"/>
+        <extension module="org.jboss.as.jmx"/>
+        <extension module="org.jboss.as.jpa"/>
+        <extension module="org.jboss.as.jsf"/>
+        <extension module="org.jboss.as.logging"/>
+        <extension module="org.jboss.as.mail"/>
+        <extension module="org.jboss.as.naming"/>
+        <extension module="org.jboss.as.pojo"/>
+        <extension module="org.jboss.as.remoting"/>
+        <extension module="org.jboss.as.sar"/>
+        <extension module="org.jboss.as.transactions"/>
+        <extension module="org.jboss.as.webservices"/>
+        <extension module="org.jboss.as.weld"/>
+        <extension module="org.wildfly.extension.batch.jberet"/>
+        <extension module="org.wildfly.extension.bean-validation"/>
+        <extension module="org.wildfly.extension.clustering.singleton"/>
+        <extension module="org.wildfly.extension.clustering.web"/>
+        <extension module="org.wildfly.extension.discovery"/>
+        <extension module="org.wildfly.extension.ee-security"/>
+        <extension module="org.wildfly.extension.elytron"/>
+        <extension module="org.wildfly.extension.health"/>
+        <extension module="org.wildfly.extension.io"/>
+        <extension module="org.wildfly.extension.messaging-activemq"/>
+        <extension module="org.wildfly.extension.metrics"/>
+        <extension module="org.wildfly.extension.request-controller"/>
+        <extension module="org.wildfly.extension.security.manager"/>
+        <extension module="org.wildfly.extension.undertow"/>
+    </extensions>
+    <management>
+        <identity security-domain="ManagementDomain"/>
+        <audit-log>
+            <formatters>
+                <json-formatter name="json-formatter"/>
+            </formatters>
+            <handlers>
+                <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
+            </handlers>
+            <logger log-boot="true" log-read-only="false" enabled="false">
+                <handlers>
+                    <handler name="file"/>
+                </handlers>
+            </logger>
+        </audit-log>
+        <management-interfaces>
+            <http-interface console-enabled="false">
+                <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/>
+                <socket-binding http="management-http"/>
+            </http-interface>
+        </management-interfaces>
+        <access-control provider="simple">
+            <role-mapping>
+                <role name="SuperUser">
+                    <include>
+                        <user name="$local"/>
+                    </include>
+                </role>
+            </role-mapping>
+        </access-control>
+    </management>
+    <profile>
+        <subsystem xmlns="urn:jboss:domain:logging:8.0">
+            <console-handler name="CONSOLE">
+                <formatter>
+                    <named-formatter name="COLOR-PATTERN"/>
+                </formatter>
+            </console-handler>
+            <logger category="com.arjuna">
+                <level name="WARN"/>
+            </logger>
+            <logger category="io.jaegertracing.Configuration">
+                <level name="WARN"/>
+            </logger>
+            <logger category="org.jboss.as.config">
+                <level name="DEBUG"/>
+            </logger>
+            <logger category="sun.rmi">
+                <level name="WARN"/>
+            </logger>
+            <root-logger>
+                <level name="INFO"/>
+                <handlers>
+                    <handler name="CONSOLE"/>
+                </handlers>
+            </root-logger>
+            <formatter name="COLOR-PATTERN">
+                <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
+            </formatter>
+            <formatter name="OPENSHIFT">
+                <json-formatter>
+                    <exception-output-type value="formatted"/>
+                    <key-overrides timestamp="@timestamp"/>
+                    <meta-data>
+                        <property name="@version" value="1"/>
+                    </meta-data>
+                </json-formatter>
+            </formatter>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:batch-jberet:2.0">
+            <default-job-repository name="in-memory"/>
+            <default-thread-pool name="batch"/>
+            <security-domain name="ApplicationDomain"/>
+            <job-repository name="in-memory">
+                <in-memory/>
+            </job-repository>
+            <thread-pool name="batch">
+                <max-threads count="10"/>
+                <keepalive-time time="30" unit="seconds"/>
+            </thread-pool>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
+        <subsystem xmlns="urn:jboss:domain:datasources:6.0">
+            <datasources>
+                <drivers>
+                    <driver name="h2" module="com.h2database.h2">
+                        <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
+                    </driver>
+                </drivers>
+            </datasources>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
+            <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:discovery:1.0"/>
+        <subsystem xmlns="urn:jboss:domain:distributable-web:2.0" default-session-management="default" default-single-sign-on-management="default">
+            <infinispan-session-management name="default" cache-container="web" granularity="SESSION">
+                <primary-owner-affinity/>
+            </infinispan-session-management>
+            <infinispan-single-sign-on-management name="default" cache-container="web" cache="sso"/>
+            <infinispan-routing cache-container="web" cache="routing"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:ee:6.0">
+            <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
+            <concurrent>
+                <context-services>
+                    <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
+                </context-services>
+                <managed-thread-factories>
+                    <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
+                </managed-thread-factories>
+                <managed-executor-services>
+                    <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
+                </managed-executor-services>
+                <managed-scheduled-executor-services>
+                    <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
+                </managed-scheduled-executor-services>
+            </concurrent>
+            <default-bindings context-service="java:jboss/ee/concurrency/context/default" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:ee-security:1.0"/>
+        <subsystem xmlns="urn:jboss:domain:ejb3:9.0">
+            <session-bean>
+                <stateless>
+                    <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
+                </stateless>
+                <stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
+                <singleton default-access-timeout="5000"/>
+            </session-bean>
+            <mdb>
+                <resource-adapter-ref resource-adapter-name="${ejb.resource-adapter-name:activemq-ra.rar}"/>
+                <bean-instance-pool-ref pool-name="mdb-strict-max-pool"/>
+            </mdb>
+            <pools>
+                <bean-instance-pools>
+                    <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
+                    <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
+                </bean-instance-pools>
+            </pools>
+            <caches>
+                <cache name="simple"/>
+                <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
+            </caches>
+            <passivation-stores>
+                <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
+            </passivation-stores>
+            <async thread-pool-name="default"/>
+            <remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
+                <channel-creation-options>
+                    <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
+                </channel-creation-options>
+            </remote>
+            <thread-pools>
+                <thread-pool name="default">
+                    <max-threads count="10"/>
+                    <keepalive-time time="60" unit="seconds"/>
+                </thread-pool>
+            </thread-pools>
+            <default-security-domain value="other"/>
+            <application-security-domains>
+                <application-security-domain name="other" security-domain="ApplicationDomain"/>
+            </application-security-domains>
+            <default-missing-method-permissions-deny-access value="true"/>
+            <statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
+            <log-system-exceptions value="true"/>
+        </subsystem>
+        <subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
+            <providers>
+                <aggregate-providers name="combined-providers">
+                    <providers name="elytron"/>
+                    <providers name="openssl"/>
+                </aggregate-providers>
+                <provider-loader name="elytron" module="org.wildfly.security.elytron"/>
+                <provider-loader name="openssl" module="org.wildfly.openssl"/>
+            </providers>
+            <audit-logging>
+                <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
+            </audit-logging>
+            <security-domains>
+                <security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
+                    <realm name="ManagementRealm" role-decoder="groups-to-roles"/>
+                    <realm name="local" role-mapper="super-user-mapper"/>
+                </security-domain>
+                <security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
+                    <realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
+                    <realm name="local"/>
+                </security-domain>
+            </security-domains>
+            <security-realms>
+                <identity-realm name="local" identity="$local"/>
+                <properties-realm name="ApplicationRealm">
+                    <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
+                    <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
+                </properties-realm>
+                <properties-realm name="ManagementRealm">
+                    <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
+                    <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
+                </properties-realm>
+            </security-realms>
+            <mappers>
+                <simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
+                    <permission-mapping>
+                        <principal name="anonymous"/>
+                        <permission-set name="default-permissions"/>
+                    </permission-mapping>
+                    <permission-mapping match-all="true">
+                        <permission-set name="login-permission"/>
+                        <permission-set name="default-permissions"/>
+                    </permission-mapping>
+                </simple-permission-mapper>
+                <constant-realm-mapper name="local" realm-name="local"/>
+                <simple-role-decoder name="groups-to-roles" attribute="groups"/>
+                <constant-role-mapper name="super-user-mapper">
+                    <role name="SuperUser"/>
+                </constant-role-mapper>
+            </mappers>
+            <permission-sets>
+                <permission-set name="login-permission">
+                    <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
+                </permission-set>
+                <permission-set name="default-permissions">
+                    <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
+                    <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
+                    <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
+                </permission-set>
+            </permission-sets>
+            <http>
+                <http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
+                    <mechanism-configuration>
+                        <mechanism mechanism-name="DIGEST">
+                            <mechanism-realm realm-name="ManagementRealm"/>
+                        </mechanism>
+                    </mechanism-configuration>
+                </http-authentication-factory>
+                <http-authentication-factory name="application-http-authentication" security-domain="ApplicationDomain" http-server-mechanism-factory="global">
+                    <mechanism-configuration>
+                        <mechanism mechanism-name="BASIC">
+                            <mechanism-realm realm-name="ApplicationRealm"/>
+                        </mechanism>
+                        <mechanism mechanism-name="FORM"/>
+                    </mechanism-configuration>
+                </http-authentication-factory>
+                <provider-http-server-mechanism-factory name="global"/>
+            </http>
+            <sasl>
+                <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
+                    <mechanism-configuration>
+                        <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
+                        <mechanism mechanism-name="DIGEST-MD5">
+                            <mechanism-realm realm-name="ManagementRealm"/>
+                        </mechanism>
+                    </mechanism-configuration>
+                </sasl-authentication-factory>
+                <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
+                    <mechanism-configuration>
+                        <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
+                        <mechanism mechanism-name="DIGEST-MD5">
+                            <mechanism-realm realm-name="ApplicationRealm"/>
+                        </mechanism>
+                    </mechanism-configuration>
+                </sasl-authentication-factory>
+                <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
+                    <properties>
+                        <property name="wildfly.sasl.local-user.default-user" value="$local"/>
+                        <property name="wildfly.sasl.local-user.challenge-path" value="${jboss.server.temp.dir}/auth"/>
+                    </properties>
+                </configurable-sasl-server-factory>
+                <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
+                    <filters>
+                        <filter provider-name="WildFlyElytron"/>
+                    </filters>
+                </mechanism-provider-filtering-sasl-server-factory>
+                <provider-sasl-server-factory name="global"/>
+            </sasl>
+            <tls>
+                <key-stores>
+                    <key-store name="applicationKS">
+                        <credential-reference clear-text="password"/>
+                        <implementation type="JKS"/>
+                        <file path="application.keystore" relative-to="jboss.server.config.dir"/>
+                    </key-store>
+                </key-stores>
+                <key-managers>
+                    <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
+                        <credential-reference clear-text="password"/>
+                    </key-manager>
+                </key-managers>
+                <server-ssl-contexts>
+                    <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
+                </server-ssl-contexts>
+            </tls>
+        </subsystem>
+        <subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
+        <subsystem xmlns="urn:jboss:domain:infinispan:12.0">
+            <cache-container name="ejb" default-cache="repl" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
+                <transport lock-timeout="60000"/>
+                <replicated-cache name="repl">
+                    <locking isolation="REPEATABLE_READ"/>
+                    <transaction mode="BATCH"/>
+                    <heap-memory size="10000"/>
+                    <file-store/>
+                </replicated-cache>
+                <distributed-cache name="dist">
+                    <locking isolation="REPEATABLE_READ"/>
+                    <transaction mode="BATCH"/>
+                    <file-store/>
+                </distributed-cache>
+            </cache-container>
+            <cache-container name="server" default-cache="default" aliases="singleton cluster" modules="org.wildfly.clustering.server">
+                <transport lock-timeout="60000"/>
+                <replicated-cache name="default">
+                    <transaction mode="BATCH"/>
+                </replicated-cache>
+            </cache-container>
+            <cache-container name="web" default-cache="repl" modules="org.wildfly.clustering.web.infinispan">
+                <transport lock-timeout="60000"/>
+                <replicated-cache name="repl">
+                    <locking isolation="REPEATABLE_READ"/>
+                    <transaction mode="BATCH"/>
+                    <file-store/>
+                </replicated-cache>
+                <replicated-cache name="sso">
+                    <locking isolation="REPEATABLE_READ"/>
+                    <transaction mode="BATCH"/>
+                </replicated-cache>
+                <replicated-cache name="routing"/>
+                <distributed-cache name="dist">
+                    <locking isolation="REPEATABLE_READ"/>
+                    <transaction mode="BATCH"/>
+                    <file-store/>
+                </distributed-cache>
+            </cache-container>
+            <cache-container name="hibernate" default-cache="local-query" modules="org.infinispan.hibernate-cache">
+                <transport lock-timeout="60000"/>
+                <local-cache name="local-query">
+                    <heap-memory size="10000"/>
+                    <expiration max-idle="100000"/>
+                </local-cache>
+                <local-cache name="pending-puts">
+                    <expiration max-idle="60000"/>
+                </local-cache>
+                <invalidation-cache name="entity">
+                    <heap-memory size="10000"/>
+                    <expiration max-idle="100000"/>
+                </invalidation-cache>
+                <replicated-cache name="timestamps"/>
+            </cache-container>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:io:3.0">
+            <worker name="default"/>
+            <buffer-pool name="default"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
+        <subsystem xmlns="urn:jboss:domain:jca:5.0">
+            <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
+            <bean-validation enabled="true"/>
+            <default-workmanager>
+                <short-running-threads>
+                    <core-threads count="50"/>
+                    <queue-length count="50"/>
+                    <max-threads count="50"/>
+                    <keepalive-time time="10" unit="seconds"/>
+                </short-running-threads>
+                <long-running-threads>
+                    <core-threads count="50"/>
+                    <queue-length count="50"/>
+                    <max-threads count="50"/>
+                    <keepalive-time time="10" unit="seconds"/>
+                </long-running-threads>
+            </default-workmanager>
+            <cached-connection-manager/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
+        <subsystem xmlns="urn:jboss:domain:jgroups:8.0">
+            <channels default="ee">
+                <channel name="ee" stack="tcp"/>
+            </channels>
+            <stacks>
+                <stack name="tcp">
+                    <transport type="TCP" socket-binding="jgroups-tcp"/>
+                    <protocol type="MERGE3"/>
+                    <protocol type="FD_SOCK"/>
+                    <protocol type="FD_ALL"/>
+                    <protocol type="VERIFY_SUSPECT"/>
+                    <protocol type="pbcast.NAKACK2"/>
+                    <protocol type="UNICAST3"/>
+                    <protocol type="pbcast.STABLE"/>
+                    <protocol type="pbcast.GMS"/>
+                    <protocol type="MFC"/>
+                    <protocol type="FRAG3"/>
+                </stack>
+                <stack name="udp">
+                    <transport type="UDP" socket-binding="jgroups-udp"/>
+                    <protocol type="MERGE3"/>
+                    <protocol type="FD_SOCK"/>
+                    <protocol type="FD_ALL"/>
+                    <protocol type="VERIFY_SUSPECT"/>
+                    <protocol type="pbcast.NAKACK2"/>
+                    <protocol type="UNICAST3"/>
+                    <protocol type="pbcast.STABLE"/>
+                    <protocol type="pbcast.GMS"/>
+                    <protocol type="UFC"/>
+                    <protocol type="MFC"/>
+                    <protocol type="FRAG3"/>
+                </stack>
+            </stacks>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jmx:1.3">
+            <expose-resolved-model/>
+            <expose-expression-model/>
+            <remoting-connector/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jpa:1.1">
+            <jpa default-extended-persistence-inheritance="DEEP"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jsf:1.1"/>
+        <subsystem xmlns="urn:jboss:domain:mail:4.0">
+            <mail-session name="default" jndi-name="java:jboss/mail/Default">
+                <smtp-server outbound-socket-binding-ref="mail-smtp"/>
+            </mail-session>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:messaging-activemq:13.0"/>
+        <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>
+        <subsystem xmlns="urn:jboss:domain:naming:2.0">
+            <remote-naming/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:pojo:1.0"/>
+        <subsystem xmlns="urn:jboss:domain:remoting:4.0">
+            <http-connector name="http-remoting-connector" connector-ref="default" sasl-authentication-factory="application-sasl-authentication"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
+        <subsystem xmlns="urn:jboss:domain:resource-adapters:6.0"/>
+        <subsystem xmlns="urn:jboss:domain:sar:1.0"/>
+        <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
+            <deployment-permissions>
+                <maximum-set>
+                    <permission class="java.security.AllPermission"/>
+                </maximum-set>
+            </deployment-permissions>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:singleton:1.0">
+            <singleton-policies default="default">
+                <singleton-policy name="default" cache-container="server">
+                    <simple-election-policy/>
+                </singleton-policy>
+            </singleton-policies>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:transactions:6.0">
+            <core-environment node-identifier="${jboss.node.name}">
+                <process-id>
+                    <uuid/>
+                </process-id>
+            </core-environment>
+            <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager" recovery-listener="true"/>
+            <coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
+            <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
+            <buffer-cache name="default"/>
+            <server name="default-server">
+                <http-listener name="default" socket-binding="http" redirect-socket="https" proxy-address-forwarding="true" enable-http2="true"/>
+                <host name="default-host" alias="localhost">
+                    <location name="/" handler="welcome-content"/>
+                    <http-invoker http-authentication-factory="application-http-authentication"/>
+                </host>
+            </server>
+            <servlet-container name="default">
+                <jsp-config/>
+                <websockets/>
+            </servlet-container>
+            <handlers>
+                <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
+            </handlers>
+            <application-security-domains>
+                <application-security-domain name="other" security-domain="ApplicationDomain"/>
+            </application-security-domains>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:webservices:2.0" statistics-enabled="${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}}">
+            <modify-wsdl-address>true</modify-wsdl-address>
+            <wsdl-host>jbossws.undefined.host</wsdl-host>
+            <endpoint-config name="Standard-Endpoint-Config"/>
+            <endpoint-config name="Recording-Endpoint-Config">
+                <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
+                    <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
+                </pre-handler-chain>
+            </endpoint-config>
+            <client-config name="Standard-Client-Config"/>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
+    </profile>
+    <interfaces>
+        <interface name="bindall">
+            <inet-address value="0.0.0.0"/>
+        </interface>
+        <interface name="management">
+            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
+        </interface>
+        <interface name="private">
+            <inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
+        </interface>
+        <interface name="public">
+            <inet-address value="${jboss.bind.address:127.0.0.1}"/>
+        </interface>
+    </interfaces>
+    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="0">
+        <socket-binding name="ajp" interface="bindall" port="${jboss.ajp.port:8009}"/>
+        <socket-binding name="http" interface="bindall" port="${jboss.http.port:8080}"/>
+        <socket-binding name="https" interface="bindall" port="${jboss.https.port:8443}"/>
+        <socket-binding name="jgroups-mping" interface="private" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
+        <socket-binding name="jgroups-tcp" interface="private" port="7600"/>
+        <socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
+        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
+        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
+        <socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
+        <socket-binding name="txn-recovery-environment" port="4712"/>
+        <socket-binding name="txn-status-manager" port="4713"/>
+        <outbound-socket-binding name="http-messaging">
+            <remote-destination host="${jboss.messaging.host:localhost}" port="${jboss.http.port:8080}"/>
+        </outbound-socket-binding>
+        <outbound-socket-binding name="mail-smtp">
+            <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
+        </outbound-socket-binding>
+    </socket-binding-group>
+</server>
\ No newline at end of file
diff --git a/jboss/container/eap/galleon/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/feature_groups/os-undertow-elytron.xml b/jboss/container/eap/galleon/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/feature_groups/os-undertow-elytron.xml
new file mode 100644
index 00000000..e43ec471
--- /dev/null
+++ b/jboss/container/eap/galleon/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/feature_groups/os-undertow-elytron.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="os-undertow-elytron" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature-group name="undertow-elytron-security"/>
+    <feature spec="subsystem.undertow">
+        <feature spec="subsystem.undertow.server">
+            <param name="server" value="default-server" />
+            <feature spec="subsystem.undertow.server.host">
+                <param name="host" value="default-host" />
+                <feature spec="subsystem.undertow.server.host.setting.http-invoker">
+                    <unset param="security-realm"/>
+                    <param name="http-authentication-factory" value="application-http-authentication"/>
+                </feature>
+            </feature>
+        </feature>
+    </feature>
+    <feature-group name="os-undertow"/>
+</feature-group-spec>
diff --git a/jboss/container/eap/galleon/config/ee/artifacts/opt/jboss/container/eap/galleon/definitions/fat-default-server/provisioning.xml b/jboss/container/eap/galleon/config/ee-common/artifacts/opt/jboss/container/eap/galleon/definitions/fat-default-server/provisioning.xml
similarity index 100%
rename from jboss/container/eap/galleon/config/ee/artifacts/opt/jboss/container/eap/galleon/definitions/fat-default-server/provisioning.xml
rename to jboss/container/eap/galleon/config/ee-common/artifacts/opt/jboss/container/eap/galleon/definitions/fat-default-server/provisioning.xml
diff --git a/jboss/container/eap/galleon/config/ee/artifacts/opt/jboss/container/eap/galleon/definitions/slim-default-server/provisioning.xml b/jboss/container/eap/galleon/config/ee-common/artifacts/opt/jboss/container/eap/galleon/definitions/slim-default-server/provisioning.xml
similarity index 100%
rename from jboss/container/eap/galleon/config/ee/artifacts/opt/jboss/container/eap/galleon/definitions/slim-default-server/provisioning.xml
rename to jboss/container/eap/galleon/config/ee-common/artifacts/opt/jboss/container/eap/galleon/definitions/slim-default-server/provisioning.xml
diff --git a/jboss/container/eap/galleon/config/ee-common/configure.sh b/jboss/container/eap/galleon/config/ee-common/configure.sh
new file mode 100644
index 00000000..7c873982
--- /dev/null
+++ b/jboss/container/eap/galleon/config/ee-common/configure.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# Configure module
+set -e
+
+SCRIPT_DIR=$(dirname $0)
+ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts
+
+chown -R jboss:root $SCRIPT_DIR
+chmod -R ug+rwX $SCRIPT_DIR
+
+pushd ${ARTIFACTS_DIR}
+cp -pr * /
+popd
diff --git a/jboss/container/eap/galleon/config/ee-common/module.yaml b/jboss/container/eap/galleon/config/ee-common/module.yaml
new file mode 100644
index 00000000..801c3ac8
--- /dev/null
+++ b/jboss/container/eap/galleon/config/ee-common/module.yaml
@@ -0,0 +1,7 @@
+schema_version: 1
+name: jboss.container.eap.galleon.config.ee.common
+version: '1.0'
+description: Install Galleon ee default configuration.
+
+execute:
+- script: configure.sh
diff --git a/jboss/container/eap/galleon/config/ee-elytron/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/configs/standalone/standalone.xml/config.xml b/jboss/container/eap/galleon/config/ee-elytron/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/configs/standalone/standalone.xml/config.xml
new file mode 100644
index 00000000..27d44f9b
--- /dev/null
+++ b/jboss/container/eap/galleon/config/ee-elytron/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/configs/standalone/standalone.xml/config.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" ?>
+
+<config xmlns="urn:jboss:galleon:config:1.0" name="standalone.xml" model="standalone">
+    <layers>
+        <!-- we already have all required in default config -->
+        <!-- Although logically correct, galleon doesn't actually support excluding from model -->
+        <!-- This is harmless, keeping the exclusion commented for reference until GAL-308 is fixed -->
+        <!--<exclude name="operator-required"/>-->
+        <include name="amq6-rar"/>
+    </layers>
+
+     <!-- No sso packages for JDK17 techpreview -->
+    <!-- <feature-group name="sso"/> -->
+
+    <!-- JDK 17 -->
+    <exclude feature-id="core-service.management.security-realm:security-realm=ApplicationRealm"/>
+    <exclude feature-id="core-service.management.security-realm:security-realm=ManagementRealm"/>
+    <feature spec="subsystem.batch-jberet">
+        <param name="security-domain" value="ApplicationDomain"/>
+    </feature>
+    <!-- JDK 17, remoting secured with elytron -->
+    <feature spec="subsystem.remoting.http-connector">
+        <param name="http-connector" value="http-remoting-connector"/>
+        <unset param="security-realm"/>
+        <param name="sasl-authentication-factory" value="application-sasl-authentication"/>
+    </feature>
+    
+    <!-- management -->
+    <!-- JDK 17, do not exclude identity -->
+    <!--<exclude spec="core-service.management.access.identity"/>-->
+    <feature spec="core-service.management.management-interface.http-interface">
+        <param name="socket-binding" value="management-http"/>
+        <unset param="http-authentication-factory"/>
+        <feature spec="core-service.management.management-interface.http-interface.http-upgrade">
+            <param name="sasl-authentication-factory" value="management-sasl-authentication"/>
+        </feature>
+    </feature>
+    <exclude spec="subsystem.core-management"/>
+    <feature-group name="os-management"/>
+
+    <!-- messaging -->
+    <feature spec="subsystem.messaging-activemq"/>
+    <feature-group name="os-messaging"/>
+
+    <!-- logging -->
+    <exclude feature-id="subsystem.logging.pattern-formatter:pattern-formatter=PATTERN"/>
+    <exclude feature-id="subsystem.logging.periodic-rotating-file-handler:periodic-rotating-file-handler=FILE"/>
+    <feature-group name="os-logging"/>
+
+    <!-- jberet We can't remove it... needs a default job repository -->
+    <!--<feature spec="subsystem.batch-jberet">
+        <unset param="default-job-repository"/>
+    </feature>-->
+
+    <!-- datasources -->
+    <!-- We are not keeping the ExampleDS in the config -->
+    <exclude feature-id="subsystem.datasources.data-source:data-source=ExampleDS"/>
+    <feature spec="subsystem.ee.service.default-bindings">
+        <unset param="datasource"/>
+    </feature>
+
+    <!-- ejb3 -->
+    <feature spec="subsystem.ejb3">
+        <param name="default-sfsb-cache" value="distributable"/>
+        <param name="default-sfsb-passivation-disabled-cache" value="simple"/>
+        <param name="default-mdb-instance-pool" value="mdb-strict-max-pool"/>
+        <param name="default-resource-adapter-name" value="${ejb.resource-adapter-name:activemq-ra.rar}"/>
+        <!-- JDK 17, elytron security -->
+        <feature spec="subsystem.ejb3.application-security-domain">
+            <param name="application-security-domain" value="other"/>
+            <param name="security-domain" value="ApplicationDomain"/>
+        </feature>
+    </feature>
+    <exclude spec="subsystem.ejb3.service.timer-service"/>
+
+    <!-- elytron -->
+    <feature-group name="os-elytron"/>
+
+    <!-- clustering -->
+    <exclude spec="subsystem.infinispan"/>
+    <exclude spec="subsystem.distributable-web"/>
+    <feature-group name="os-clustering"/>
+
+    <!-- legacy security -->
+    <!-- JDK 17 excluded fully -->
+    <exclude feature-id="subsystem.security.security-domain:security-domain=jaspitest"/>
+    <exclude feature-id="subsystem.security.security-domain:security-domain=other"/>
+    <exclude feature-id="subsystem.security.security-domain:security-domain=jboss-web-policy"/>
+    <exclude feature-id="subsystem.security.security-domain:security-domain=jboss-ejb-policy"/>
+    <exclude spec="subsystem.security"/>
+    <!-- transactions -->
+    <feature-group name="tx-recovery"/>
+
+    <!-- undertow -->
+    <exclude feature-id="subsystem.undertow.server.https-listener:server=default-server,https-listener=https"/>
+
+    <!-- web-services -->
+    <feature spec="subsystem.webservices">
+        <param name="modify-wsdl-address" value="true"/>
+        <param name="wsdl-host" value="jbossws.undefined.host"/>
+    </feature>
+
+    <feature-group name="os-socket"/>
+
+    <feature-group name="os-undertow-elytron"/>
+
+</config>
diff --git a/jboss/container/eap/galleon/config/ee-elytron/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/layers/standalone/application-security-realm/layer-spec.xml b/jboss/container/eap/galleon/config/ee-elytron/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/layers/standalone/application-security-realm/layer-spec.xml
new file mode 100644
index 00000000..8fc100a1
--- /dev/null
+++ b/jboss/container/eap/galleon/config/ee-elytron/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/layers/standalone/application-security-realm/layer-spec.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" ?>
+<layer-spec xmlns="urn:jboss:galleon:layer-spec:1.0" name="application-security-realm">
+    <exclude feature-id="core-service.management.security-realm:security-realm=ApplicationRealm"/>
+</layer-spec>
diff --git a/jboss/container/eap/galleon/config/ee-elytron/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/layers/standalone/management-security-realm/layer-spec.xml b/jboss/container/eap/galleon/config/ee-elytron/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/layers/standalone/management-security-realm/layer-spec.xml
new file mode 100644
index 00000000..794032c5
--- /dev/null
+++ b/jboss/container/eap/galleon/config/ee-elytron/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/layers/standalone/management-security-realm/layer-spec.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" ?>
+<layer-spec xmlns="urn:jboss:galleon:layer-spec:1.0" name="management-security-realm">
+    <exclude feature-id="core-service.management.security-realm:security-realm=ManagementRealm"/>
+</layer-spec>
diff --git a/jboss/container/eap/galleon/config/ee-elytron/configure.sh b/jboss/container/eap/galleon/config/ee-elytron/configure.sh
new file mode 100644
index 00000000..dbbadb3c
--- /dev/null
+++ b/jboss/container/eap/galleon/config/ee-elytron/configure.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Configure module
+set -e
+
+SCRIPT_DIR=$(dirname $0)
+ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts
+
+chown -R jboss:root $SCRIPT_DIR
+chmod -R ug+rwX $SCRIPT_DIR
+
+pushd ${ARTIFACTS_DIR}
+cp -pr * /
+popd
+
+# Remove sso content for JDK17 tech preview image. To be removed when supported.
+rm "${GALLEON_FP_PATH}/src/main/resources/feature_groups/sso.xml"
+rm -r "${GALLEON_FP_PATH}/src/main/resources/layers/standalone/sso"
diff --git a/jboss/container/eap/galleon/config/ee-elytron/module.yaml b/jboss/container/eap/galleon/config/ee-elytron/module.yaml
new file mode 100644
index 00000000..58fc477b
--- /dev/null
+++ b/jboss/container/eap/galleon/config/ee-elytron/module.yaml
@@ -0,0 +1,11 @@
+schema_version: 1
+name: jboss.container.eap.galleon.config.ee
+version: '1.0-elytron'
+description: Install Galleon ee default configuration.
+
+execute:
+- script: configure.sh
+
+modules:
+  install:
+  - name: jboss.container.eap.galleon.config.ee.common
\ No newline at end of file
diff --git a/jboss/container/eap/galleon/config/ee/module.yaml b/jboss/container/eap/galleon/config/ee/module.yaml
index bb2b318b..1dc32288 100644
--- a/jboss/container/eap/galleon/config/ee/module.yaml
+++ b/jboss/container/eap/galleon/config/ee/module.yaml
@@ -5,3 +5,7 @@ description: Install Galleon ee default configuration.
 
 execute:
 - script: configure.sh
+
+modules:
+  install:
+  - name: jboss.container.eap.galleon.config.ee.common
\ No newline at end of file
diff --git a/jboss/container/eap/launch/added/launch/backward-compatibility.sh b/jboss/container/eap/launch/common/added/launch/backward-compatibility.sh
similarity index 100%
rename from jboss/container/eap/launch/added/launch/backward-compatibility.sh
rename to jboss/container/eap/launch/common/added/launch/backward-compatibility.sh
diff --git a/jboss/container/eap/launch/added/launch/passwd.sh b/jboss/container/eap/launch/common/added/launch/passwd.sh
similarity index 100%
rename from jboss/container/eap/launch/added/launch/passwd.sh
rename to jboss/container/eap/launch/common/added/launch/passwd.sh
diff --git a/jboss/container/eap/launch/added/openshift-launch.sh b/jboss/container/eap/launch/common/added/openshift-launch.sh
similarity index 68%
rename from jboss/container/eap/launch/added/openshift-launch.sh
rename to jboss/container/eap/launch/common/added/openshift-launch.sh
index 33cc30af..a281986a 100755
--- a/jboss/container/eap/launch/added/openshift-launch.sh
+++ b/jboss/container/eap/launch/common/added/openshift-launch.sh
@@ -5,6 +5,23 @@ echo "`date "+%Y-%m-%d %H:%M:%S"` Launching EAP Server"
 # Always start sourcing the launch script supplied by wildfly-cekit-modules
 source ${JBOSS_HOME}/bin/launch/launch.sh
 
+# Append image specific modular options in standalone.conf
+SPEC_VERSION="${JAVA_VERSION//1.}"
+SPEC_VERSION="${SPEC_VERSION//.*}"
+if (( $SPEC_VERSION > 15 )); then
+  MODULAR_JVM_OPTIONS=`echo $JAVA_OPTS | grep "\-\-add\-modules"`
+  if [ "x$MODULAR_JVM_OPTIONS" = "x" ]; then
+    DIRNAME=`dirname "$0"`
+    marker="#JVM modular options added by openshift startup script"
+    if ! grep -q "$marker" "$DIRNAME/standalone.conf"; then
+      jvm_options="$marker
+JAVA_OPTS=\"\$JAVA_OPTS --add-exports=jdk.naming.dns/com.sun.jndi.dns=ALL-UNNAMED\""
+     echo "$jvm_options" >> "$DIRNAME/standalone.conf"
+    fi
+  fi
+fi
+# end specific JDK modular options
+
 function runServer() {
   local instanceDir=$1
   launchServer "$JBOSS_HOME/bin/standalone.sh -c standalone-openshift.xml -bmanagement 0.0.0.0 -Djboss.server.data.dir=${instanceDir} -Dwildfly.statistics-enabled=true"
diff --git a/jboss/container/eap/launch/added/openshift-migrate.sh b/jboss/container/eap/launch/common/added/openshift-migrate.sh
similarity index 100%
rename from jboss/container/eap/launch/added/openshift-migrate.sh
rename to jboss/container/eap/launch/common/added/openshift-migrate.sh
diff --git a/jboss/container/eap/launch/configure.sh b/jboss/container/eap/launch/common/configure.sh
similarity index 100%
rename from jboss/container/eap/launch/configure.sh
rename to jboss/container/eap/launch/common/configure.sh
diff --git a/jboss/container/eap/launch/module.yaml b/jboss/container/eap/launch/common/module.yaml
similarity index 95%
rename from jboss/container/eap/launch/module.yaml
rename to jboss/container/eap/launch/common/module.yaml
index d4370883..7bf6c99e 100644
--- a/jboss/container/eap/launch/module.yaml
+++ b/jboss/container/eap/launch/common/module.yaml
@@ -1,5 +1,5 @@
 schema_version: 1
-name: jboss.container.eap.launch
+name: jboss.container.eap.launch.common
 version: '1.0'
 description: Module that enables CLI configuration for standalone-openshift.xml file
 execute:
diff --git a/jboss/container/eap/launch/ee-no-sso/added/launch/launch-config.sh b/jboss/container/eap/launch/ee-no-sso/added/launch/launch-config.sh
new file mode 100644
index 00000000..7c698b2f
--- /dev/null
+++ b/jboss/container/eap/launch/ee-no-sso/added/launch/launch-config.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# Centralised configuration file to set variables that affect the launch scripts in wildfly-cekit-modules.
+
+# Scripts that modify the configuration. Either via xml marker replacement or via CLI commands.
+# wildfly-cekit-modules will look for each of the listed files and run them if they exist.
+CONFIG_SCRIPT_CANDIDATES=(
+  $JBOSS_HOME/bin/launch/backward-compatibility.sh
+  $JBOSS_HOME/bin/launch/configure_extensions.sh
+  $JBOSS_HOME/bin/launch/passwd.sh
+  $JBOSS_HOME/bin/launch/messaging.sh
+  $JBOSS_HOME/bin/launch/datasource.sh
+  $JBOSS_HOME/bin/launch/resource-adapter.sh
+  $JBOSS_HOME/bin/launch/admin.sh
+  # Keep this order, jgroups.sh before ha.sh. jgroups.sh is the script which initializes the protocol list store
+  # used to share changes in the protocol list when a protocol is added either by ha.sh or by jgroups.sh.
+  # This protocol store is just a set of files under temporal directory. We need them to be able to share changes
+  # done by the ha.sh and jgroups.sh routines which are executed in subshells
+  $JBOSS_HOME/bin/launch/jgroups.sh
+  $JBOSS_HOME/bin/launch/ha.sh
+  $JBOSS_HOME/bin/launch/https.sh
+  $JBOSS_HOME/bin/launch/elytron.sh
+  $JBOSS_HOME/bin/launch/json_logging.sh
+  $JBOSS_HOME/bin/launch/configure_logger_category.sh
+  $JBOSS_HOME/bin/launch/security-domains.sh
+  $JBOSS_HOME/bin/launch/jboss_modules_system_pkgs.sh
+  $JBOSS_HOME/bin/launch/deploymentScanner.sh
+  $JBOSS_HOME/bin/launch/ports.sh
+  $JBOSS_HOME/bin/launch/access_log_valve.sh
+  $JBOSS_HOME/bin/launch/filters.sh
+  $JBOSS_HOME/bin/launch/statefulset.sh
+  /opt/run-java/proxy-options
+)
+# The server configuration file to use. If not set, wildfly-cekit-modules defaults to standalone.xml.
+# For EAP we want standalone-openshift.xml
+WILDFLY_SERVER_CONFIGURATION=standalone-openshift.xml
+# The configuration adjustment mode. For EAP we want both xml marker replacement and CLI commands.
+# Notice that the value of this variable must be aligned with the value configured in assemble
+export CONFIG_ADJUSTMENT_MODE="xml_cli"
diff --git a/jboss/container/eap/launch/ee-no-sso/configure.sh b/jboss/container/eap/launch/ee-no-sso/configure.sh
new file mode 100644
index 00000000..1411b414
--- /dev/null
+++ b/jboss/container/eap/launch/ee-no-sso/configure.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+
+SCRIPT_DIR=$(dirname $0)
+ADDED_DIR=${SCRIPT_DIR}/added
+
+mkdir -p ${JBOSS_HOME}/bin/launch
+#Overwrite openshift-launch.sh
+
+cp -p ${ADDED_DIR}/launch/* ${JBOSS_HOME}/bin/launch
+
+#Ensure permissions
+chmod -R g+rwX ${JBOSS_HOME}/bin/launch/
diff --git a/jboss/container/eap/launch/ee-no-sso/module.yaml b/jboss/container/eap/launch/ee-no-sso/module.yaml
new file mode 100644
index 00000000..14c1d936
--- /dev/null
+++ b/jboss/container/eap/launch/ee-no-sso/module.yaml
@@ -0,0 +1,11 @@
+schema_version: 1
+name: jboss.container.eap.launch
+version: '1.0-no-sso'
+description: Module that enables CLI configuration for standalone-openshift.xml file, no SSO script
+execute:
+- script: configure.sh
+  user: '185'
+
+modules:
+  install:
+  - name: jboss.container.eap.launch.common
\ No newline at end of file
diff --git a/jboss/container/eap/launch/added/launch/launch-config.sh b/jboss/container/eap/launch/ee/added/launch/launch-config.sh
similarity index 100%
rename from jboss/container/eap/launch/added/launch/launch-config.sh
rename to jboss/container/eap/launch/ee/added/launch/launch-config.sh
diff --git a/jboss/container/eap/launch/ee/configure.sh b/jboss/container/eap/launch/ee/configure.sh
new file mode 100644
index 00000000..1411b414
--- /dev/null
+++ b/jboss/container/eap/launch/ee/configure.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+
+SCRIPT_DIR=$(dirname $0)
+ADDED_DIR=${SCRIPT_DIR}/added
+
+mkdir -p ${JBOSS_HOME}/bin/launch
+#Overwrite openshift-launch.sh
+
+cp -p ${ADDED_DIR}/launch/* ${JBOSS_HOME}/bin/launch
+
+#Ensure permissions
+chmod -R g+rwX ${JBOSS_HOME}/bin/launch/
diff --git a/jboss/container/eap/launch/ee/module.yaml b/jboss/container/eap/launch/ee/module.yaml
new file mode 100644
index 00000000..7f5384a2
--- /dev/null
+++ b/jboss/container/eap/launch/ee/module.yaml
@@ -0,0 +1,11 @@
+schema_version: 1
+name: jboss.container.eap.launch
+version: '1.0'
+description: Module that enables CLI configuration for standalone-openshift.xml file
+execute:
+- script: configure.sh
+  user: '185'
+
+modules:
+  install:
+  - name: jboss.container.eap.launch.common
\ No newline at end of file
diff --git a/os-eap70-sso/configure.sh b/os-eap70-sso/configure.sh
index cd6c5ec3..886b8e9a 100755
--- a/os-eap70-sso/configure.sh
+++ b/os-eap70-sso/configure.sh
@@ -4,8 +4,8 @@ SCRIPT_DIR=$(dirname $0)
 ADDED_DIR=${SCRIPT_DIR}/added
 SOURCES_DIR="/tmp/artifacts"
 
-unzip -o $SOURCES_DIR/rh-sso-7.4.6-eap7-adapter.zip -d $JBOSS_HOME
-unzip -o $SOURCES_DIR/rh-sso-7.4.6-saml-eap7-adapter.zip -d $JBOSS_HOME
+unzip -o $SOURCES_DIR/rh-sso-7.4.10-eap7-adapter.zip -d $JBOSS_HOME
+unzip -o $SOURCES_DIR/rh-sso-7.4.10-saml-eap7-adapter.zip -d $JBOSS_HOME
 
 chown -R jboss:root $JBOSS_HOME
 chmod -R g+rwX $JBOSS_HOME
diff --git a/os-eap70-sso/module.yaml b/os-eap70-sso/module.yaml
index e22dc356..aaefe2c5 100644
--- a/os-eap70-sso/module.yaml
+++ b/os-eap70-sso/module.yaml
@@ -7,9 +7,9 @@ execute:
   user: '185'
 
 artifacts:
-- name: rh-sso-7.4.6-eap7-adapter
-  target: rh-sso-7.4.6-eap7-adapter.zip
-  md5: 10b1adaace20aae249ac124f4f32469a
-- name: rh-sso-7.4.6-saml-eap7-adapter
-  target: rh-sso-7.4.6-saml-eap7-adapter.zip
-  md5: 7392404a47ddc22bdbd1f76982ca27c3
+- name: rh-sso-7.4.10-eap7-adapter
+  target: rh-sso-7.4.10-eap7-adapter.zip
+  md5: c397605d0e12baa060615bc80912d153
+- name: rh-sso-7.4.10-saml-eap7-adapter
+  target: rh-sso-7.4.10-saml-eap7-adapter.zip
+  md5: 3e5b3e8d416dde2894746891552012d6
diff --git a/tests/examples/test-app-advanced-extensions/pom.xml b/tests/examples/test-app-advanced-extensions/pom.xml
index 585a34fa..f5a021a6 100644
--- a/tests/examples/test-app-advanced-extensions/pom.xml
+++ b/tests/examples/test-app-advanced-extensions/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-war-plugin</artifactId>
-                        <version>2.3</version>
+                        <version>3.3.2</version>
                         <configuration>
                             <failOnMissingWebXml>false</failOnMissingWebXml>
                             <outputDirectory>target</outputDirectory>
diff --git a/tests/examples/test-app-drivers-at-runtime/pom.xml b/tests/examples/test-app-drivers-at-runtime/pom.xml
index 585a34fa..f5a021a6 100644
--- a/tests/examples/test-app-drivers-at-runtime/pom.xml
+++ b/tests/examples/test-app-drivers-at-runtime/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-war-plugin</artifactId>
-                        <version>2.3</version>
+                        <version>3.3.2</version>
                         <configuration>
                             <failOnMissingWebXml>false</failOnMissingWebXml>
                             <outputDirectory>target</outputDirectory>
diff --git a/tests/examples/test-app-drivers/pom.xml b/tests/examples/test-app-drivers/pom.xml
index 585a34fa..f5a021a6 100644
--- a/tests/examples/test-app-drivers/pom.xml
+++ b/tests/examples/test-app-drivers/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-war-plugin</artifactId>
-                        <version>2.3</version>
+                        <version>3.3.2</version>
                         <configuration>
                             <failOnMissingWebXml>false</failOnMissingWebXml>
                             <outputDirectory>target</outputDirectory>
diff --git a/tests/examples/test-app-ejb/pom.xml b/tests/examples/test-app-ejb/pom.xml
index 5b38f66c..3557da51 100644
--- a/tests/examples/test-app-ejb/pom.xml
+++ b/tests/examples/test-app-ejb/pom.xml
@@ -29,6 +29,13 @@
 
     <build>
         <finalName>test-app-ejb</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-war-plugin</artifactId>
+                <version>3.3.2</version>
+            </plugin>
+        </plugins>
     </build>
 
 </project>
\ No newline at end of file
diff --git a/tests/examples/test-app-extension/pom.xml b/tests/examples/test-app-extension/pom.xml
index 585a34fa..f5a021a6 100644
--- a/tests/examples/test-app-extension/pom.xml
+++ b/tests/examples/test-app-extension/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-war-plugin</artifactId>
-                        <version>2.3</version>
+                        <version>3.3.2</version>
                         <configuration>
                             <failOnMissingWebXml>false</failOnMissingWebXml>
                             <outputDirectory>target</outputDirectory>
diff --git a/tests/examples/test-app-jaxrs-exclude/pom.xml b/tests/examples/test-app-jaxrs-exclude/pom.xml
index 3170b85b..626bd5b3 100644
--- a/tests/examples/test-app-jaxrs-exclude/pom.xml
+++ b/tests/examples/test-app-jaxrs-exclude/pom.xml
@@ -64,7 +64,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-war-plugin</artifactId>
-                        <version>2.3</version>
+                        <version>3.3.2</version>
                         <configuration>
                             <failOnMissingWebXml>false</failOnMissingWebXml>
                             <outputDirectory>target</outputDirectory>
diff --git a/tests/examples/test-app-jaxrs/pom.xml b/tests/examples/test-app-jaxrs/pom.xml
index 3170b85b..626bd5b3 100644
--- a/tests/examples/test-app-jaxrs/pom.xml
+++ b/tests/examples/test-app-jaxrs/pom.xml
@@ -64,7 +64,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-war-plugin</artifactId>
-                        <version>2.3</version>
+                        <version>3.3.2</version>
                         <configuration>
                             <failOnMissingWebXml>false</failOnMissingWebXml>
                             <outputDirectory>target</outputDirectory>
diff --git a/tests/examples/test-app-jpa2lc/pom.xml b/tests/examples/test-app-jpa2lc/pom.xml
index 32d3691f..6e1a8cb5 100644
--- a/tests/examples/test-app-jpa2lc/pom.xml
+++ b/tests/examples/test-app-jpa2lc/pom.xml
@@ -29,6 +29,13 @@
 
     <build>
         <finalName>test-app-jpa2lc</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-war-plugin</artifactId>
+                <version>3.3.2</version>
+            </plugin>
+        </plugins>
     </build>
 
 </project>
\ No newline at end of file
diff --git a/tests/examples/test-app-postgres/pom.xml b/tests/examples/test-app-postgres/pom.xml
index 585a34fa..f5a021a6 100644
--- a/tests/examples/test-app-postgres/pom.xml
+++ b/tests/examples/test-app-postgres/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-war-plugin</artifactId>
-                        <version>2.3</version>
+                        <version>3.3.2</version>
                         <configuration>
                             <failOnMissingWebXml>false</failOnMissingWebXml>
                             <outputDirectory>target</outputDirectory>
diff --git a/tests/examples/test-app-settings/pom.xml b/tests/examples/test-app-settings/pom.xml
index 585a34fa..f5a021a6 100644
--- a/tests/examples/test-app-settings/pom.xml
+++ b/tests/examples/test-app-settings/pom.xml
@@ -89,7 +89,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-war-plugin</artifactId>
-                        <version>2.3</version>
+                        <version>3.3.2</version>
                         <configuration>
                             <failOnMissingWebXml>false</failOnMissingWebXml>
                             <outputDirectory>target</outputDirectory>
diff --git a/tests/examples/test-app-web-security/pom.xml b/tests/examples/test-app-web-security/pom.xml
index edc86461..3d344e90 100644
--- a/tests/examples/test-app-web-security/pom.xml
+++ b/tests/examples/test-app-web-security/pom.xml
@@ -36,7 +36,7 @@
           <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-war-plugin</artifactId>
-                <version>2.3</version>
+                <version>3.3.2</version>
                 <configuration>
                     <failOnMissingWebXml>false</failOnMissingWebXml>
                     <outputDirectory>target</outputDirectory>
diff --git a/tests/examples/test-sso/app-profile-jee-saml/pom.xml b/tests/examples/test-sso/app-profile-jee-saml/pom.xml
index b803f09e..68cb6a1b 100644
--- a/tests/examples/test-sso/app-profile-jee-saml/pom.xml
+++ b/tests/examples/test-sso/app-profile-jee-saml/pom.xml
@@ -72,6 +72,11 @@
                     <skip>false</skip>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-war-plugin</artifactId>
+                <version>3.3.2</version>
+            </plugin>
         </plugins>
     </build>
 </project>
diff --git a/tests/examples/test-sso/app-profile-jee/pom.xml b/tests/examples/test-sso/app-profile-jee/pom.xml
index 4f4722a0..537311f6 100644
--- a/tests/examples/test-sso/app-profile-jee/pom.xml
+++ b/tests/examples/test-sso/app-profile-jee/pom.xml
@@ -50,6 +50,11 @@
                     <skip>false</skip>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-war-plugin</artifactId>
+                <version>3.3.2</version>
+            </plugin>
         </plugins>
     </build>
 </project>
diff --git a/tests/features/admin-jdk17.feature b/tests/features/admin-jdk17.feature
new file mode 100644
index 00000000..bac3d056
--- /dev/null
+++ b/tests/features/admin-jdk17.feature
@@ -0,0 +1,20 @@
+@jboss-eap-7/eap74-openjdk17-openshift-rhel8
+Feature: EAP Openshift admin
+
+  Scenario: Standard configuration
+    When container is started with env
+       | variable       | value           |
+       | ADMIN_USERNAME | kabir           |
+       | ADMIN_PASSWORD | pass            |
+    Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value management-http-authentication on XPath //*[local-name()='http-interface']/@http-authentication-factory
+    And file /opt/eap/standalone/configuration/mgmt-users.properties should contain kabir
+
+  Scenario: Standard configuration, galleon s2i
+    Given s2i build git://github.com/openshift/openshift-jee-sample from . with env and true using master
+       | variable                 | value           |
+       | ADMIN_USERNAME           | kabir           |
+       | ADMIN_PASSWORD           | pass            |
+       | GALLEON_PROVISION_LAYERS | core-server     |
+    Then container log should contain WFLYSRV0025
+    Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should have 0 elements on XPath  //*[local-name()='http-interface'][@security-realm="ManagementRealm"]
+    And file /opt/eap/standalone/configuration/mgmt-users.properties should contain kabir
\ No newline at end of file
diff --git a/tests/features/admin.feature b/tests/features/admin.feature
index 2fdc700a..5a69a9f6 100644
--- a/tests/features/admin.feature
+++ b/tests/features/admin.feature
@@ -1,4 +1,5 @@
-@jboss-eap-7 @jboss-eap-7-tech-preview
+@jboss-eap-7/eap74-openjdk11-openshift-rhel8 @jboss-eap-7/eap74-openjdk8-openshift-rhel7
+@jboss-eap-7/eap-xp3-openjdk11-openshift-rhel8 @jboss-eap-7/eap-xp4-openjdk11-openshift-rhel8
 Feature: EAP Openshift admin
 
   Scenario: Standard configuration
diff --git a/tests/features/basic.feature b/tests/features/basic.feature
index c080e16a..9b1b42dd 100644
--- a/tests/features/basic.feature
+++ b/tests/features/basic.feature
@@ -94,7 +94,7 @@ Feature: Common EAP tests
 
   Scenario: Check if jolokia is configured correctly
     When container is ready
-    Then container log should contain -javaagent:/usr/share/java/jolokia-jvm-agent/jolokia-jvm.jar=config=/opt/jboss/container/jolokia/etc/jolokia.properties
+   Then container log should contain -javaagent:/usr/share/java/jolokia-jvm-agent/jolokia-jvm.jar=config=/opt/jboss/container/jolokia/etc/jolokia.properties
 
   @redhat-sso-7-tech-preview/sso-cd-openshift @redhat-sso-7/sso73-openshift
   # https://issues.jboss.org/browse/CLOUD-295
diff --git a/tests/features/common.feature b/tests/features/common.feature
index fe52aa38..bba086e8 100644
--- a/tests/features/common.feature
+++ b/tests/features/common.feature
@@ -1,5 +1,6 @@
 @jboss-eap-7 @jboss-eap-6 @jboss-eap-7-tech-preview
 Feature: Openshift common test
+
   Scenario: Check jolokia port is available
     When container is ready
     Then check that port 8778 is open
@@ -48,15 +49,4 @@ Feature: Openshift common test
      And run sh -c 'test -L /usr/bin/jar && echo "yes" || echo "no"' in container and immediately check its output for yes
      And run sh -c 'test -L /usr/bin/rmic && echo "yes" || echo "no"' in container and immediately check its output for yes
      And run sh -c 'test -L /usr/bin/xjc && echo "yes" || echo "no"' in container and immediately check its output for yes
-     And run sh -c 'test -L /usr/bin/wsimport && echo "yes" || echo "no"' in container and immediately check its output for yes
-
-  # JDK 11 images don't have xjc or wsimport
-  @jboss-eap-7-tech-preview/eap72-openjdk11-openshift
-  Scenario: Check that java binaries are linked properly
-    When container is ready
-    Then run sh -c 'test -L /usr/bin/java && echo "yes" || echo "no"' in container and immediately check its output for yes
-     And run sh -c 'test -L /usr/bin/keytool && echo "yes" || echo "no"' in container and immediately check its output for yes
-     And run sh -c 'test -L /usr/bin/rmid && echo "yes" || echo "no"' in container and immediately check its output for yes
-     And run sh -c 'test -L /usr/bin/javac && echo "yes" || echo "no"' in container and immediately check its output for yes
-     And run sh -c 'test -L /usr/bin/jar && echo "yes" || echo "no"' in container and immediately check its output for yes
-     And run sh -c 'test -L /usr/bin/rmic && echo "yes" || echo "no"' in container and immediately check its output for yes
+     And run sh -c 'test -L /usr/bin/wsimport && echo "yes" || echo "no"' in container and immediately check its output for yes
\ No newline at end of file
diff --git a/tests/features/datasource.feature b/tests/features/datasource.feature
index a30f6df5..0ec93fee 100644
--- a/tests/features/datasource.feature
+++ b/tests/features/datasource.feature
@@ -764,7 +764,7 @@ Feature: EAP Openshift datasources
 	       | JDBC_SKIP_RECOVERY        | true                         |
 	       | EE_DEFAULT_DATASOURCE     | does-not-match-anything      |
 	    Then container log should contain ERROR The list of configured datasources does not contain a datasource matching the ee default-bindings datasource specified with EE_DEFAULT_DATASOURCE='does-not-match-anything'.
-  
+
   Scenario: check postgresql datasource, galleon s2i
     Given s2i build git://github.com/jboss-container-images/jboss-eap-modules from tests/examples/test-app-postgres with env and true
        | variable                  | value                            |
diff --git a/tests/features/driver.feature b/tests/features/driver.feature
index ac9877d4..d1b25162 100644
--- a/tests/features/driver.feature
+++ b/tests/features/driver.feature
@@ -15,7 +15,7 @@ Feature: EAP Openshift drivers
     Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value postgresql on XPath //*[local-name()='drivers']/*[local-name()='driver']/@name
     Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value org.postgresql.jdbc on XPath //*[local-name()='drivers']/*[local-name()='driver']/@module
     Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value org.postgresql.xa.PGXADataSource on XPath //*[local-name()='drivers']/*[local-name()='driver']/*[local-name()='xa-datasource-class']
- 
+
   Scenario: check oracle driver
     Given s2i build git://github.com/jboss-container-images/jboss-eap-modules from tests/examples/test-app-prov-oracle with env and true
    | variable    | value                           |
diff --git a/tests/features/galleon.feature b/tests/features/galleon.feature
index ed2a4c93..142685b3 100644
--- a/tests/features/galleon.feature
+++ b/tests/features/galleon.feature
@@ -120,13 +120,13 @@ Feature: Openshift EAP galleon s2i tests
     Given XML namespaces
        | prefix | url                          |
        | ns     | urn:jboss:domain:keycloak:1.1 |
-    Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
+    Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
        | variable               | value                                            |
        | ARTIFACT_DIR           | app-jee-jsp/target,app-profile-jee-jsp/target |
        | SSO_REALM         | demo    |
        | SSO_PUBLIC_KEY    | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLezsNQtZSaJvNZXTmjhlpIJnnwgGL5R1vkPLdt7odMgDzLHQ1h4DlfJPuPI4aI8uo8VkSGYQXWaOGUh3YJXtdO1vcym1SuP8ep6YnDy9vbUibA/o8RW6Wnj3Y4tqShIfuWf3MEsiH+KizoIJm6Av7DTGZSGFQnZWxBEZ2WUyFt297aLWuVM0k9vHMWSraXQo78XuU3pxrYzkI+A4QpeShg8xE7mNrs8g3uTmc53KR45+wW1icclzdix/JcT6YaSgLEVrIR9WkkYfEGj3vSrOzYA46pQe6WQoenLKtIDFmFDPjhcPoi989px9f+1HCIYP0txBS/hnJZaPdn5/lEUKQIDAQAB  |
        | SSO_URL           | http://localhost:8080/auth    |
-       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND |-Dversion.war.maven.plugin=3.3.2 |
        | GALLEON_PROVISION_LAYERS | cloud-server |
     Then container log should contain WFLYCTL0310: Extension module org.keycloak.keycloak-adapter-subsystem not found
 
@@ -342,7 +342,7 @@ Feature: Openshift EAP galleon s2i tests
 # CLOUD-3949
 @ignore 
   Scenario: Test cloud-server, exclude open-tracing and observability
-    Given failing s2i build git://github.com/openshift/openshift-jee-sample from . using master
+    Given failing s2i build git://github.com/openshift/openshift-jee-sample from .
       | variable                             | value         |
       | GALLEON_PROVISION_LAYERS             | cloud-server,-open-tracing,-observability  |
 
@@ -377,7 +377,7 @@ Feature: Openshift EAP galleon s2i tests
   # microprofile layer didn't make it in CD19
   @ignore
   Scenario: Test jaxrs-server+microprofile, exclude all mp layers.
-    Given failing s2i build git://github.com/openshift/openshift-jee-sample from . using master
+    Given failing s2i build git://github.com/openshift/openshift-jee-sample from .
       | variable                             | value         |
       | GALLEON_PROVISION_LAYERS             | jaxrs-server,microprofile,-microprofile-config,-microprofile-fault-tolerance,-microprofile-jwt,-microprofile-metrics,-microprofile-openapi,-open-tracing  |
     Then container log should contain WFLYSRV0025
diff --git a/tests/features/gc-jdk17.feature b/tests/features/gc-jdk17.feature
new file mode 100644
index 00000000..4fd637ba
--- /dev/null
+++ b/tests/features/gc-jdk17.feature
@@ -0,0 +1,131 @@
+@jboss-eap-7/eap74-openjdk17-openshift-rhel8
+Feature: Openshift OpenJDK GC tests
+
+  Scenario: Check default GC configuration
+    When container is ready
+    Then container log should match regex ^ *JAVA_OPTS: *.* -XX:\+UseParallelGC\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MinHeapFreeRatio=10\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MaxHeapFreeRatio=20\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:GCTimeRatio=4\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:AdaptiveSizePolicyWeight=90\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MetaspaceSize=96m\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:\+ExitOnOutOfMemoryError\s
+
+  Scenario: Check GC_MIN_HEAP_FREE_RATIO GC configuration
+    When container is started with env
+       | variable                         | value  |
+       | GC_MIN_HEAP_FREE_RATIO           | 5      |
+    Then container log should match regex ^ *JAVA_OPTS: *.* -XX:\+UseParallelGC\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MinHeapFreeRatio=5\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MaxHeapFreeRatio=20\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:GCTimeRatio=4\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:AdaptiveSizePolicyWeight=90\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MetaspaceSize=96m\s
+
+  Scenario: Check GC_MAX_HEAP_FREE_RATIO GC configuration
+    When container is started with env
+       | variable                         | value  |
+       | GC_MAX_HEAP_FREE_RATIO           | 50     |
+    Then container log should match regex ^ *JAVA_OPTS: *.* -XX:\+UseParallelGC\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MinHeapFreeRatio=10\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MaxHeapFreeRatio=50\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:GCTimeRatio=4\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:AdaptiveSizePolicyWeight=90\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MetaspaceSize=96m\s
+
+  Scenario: Check GC_TIME_RATIO GC configuration
+    When container is started with env
+       | variable                         | value  |
+       | GC_TIME_RATIO                    | 5      |
+    Then container log should match regex ^ *JAVA_OPTS: *.* -XX:\+UseParallelGC\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MinHeapFreeRatio=10\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MaxHeapFreeRatio=20\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:GCTimeRatio=5\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:AdaptiveSizePolicyWeight=90\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MetaspaceSize=96m\s
+
+  Scenario: Check GC_ADAPTIVE_SIZE_POLICY_WEIGHT GC configuration
+    When container is started with env
+       | variable                         | value  |
+       | GC_ADAPTIVE_SIZE_POLICY_WEIGHT   | 80     |
+    Then container log should match regex ^ *JAVA_OPTS: *.* -XX:\+UseParallelGC\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MinHeapFreeRatio=10\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MaxHeapFreeRatio=20\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:GCTimeRatio=4\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:AdaptiveSizePolicyWeight=80\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MetaspaceSize=96m\s
+
+  Scenario: Check GC_METASPACE_SIZE and GC_MAX_METASPACE_SIZE GC configuration
+    When container is started with env
+       | variable                 | value  |
+       | GC_METASPACE_SIZE        | 60     |
+       | GC_MAX_METASPACE_SIZE    | 120    |
+    Then container log should match regex ^ *JAVA_OPTS: *.* -XX:\+UseParallelGC\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MinHeapFreeRatio=10\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MaxHeapFreeRatio=20\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:GCTimeRatio=4\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:AdaptiveSizePolicyWeight=90\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MetaspaceSize=60m\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -XX:MaxMetaspaceSize=120m\s
+
+  Scenario: Check for adjusted heap sizes
+    When container is started with args
+      | arg       | value                                                    |
+      | mem_limit | 1073741824                                               |
+      | env_json  | {"JAVA_MAX_MEM_RATIO": 25, "JAVA_INITIAL_MEM_RATIO": 50} |
+    Then container log should match regex ^ *JAVA_OPTS: *.* -Xms128m\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -Xmx256m\s
+
+  # CLOUD-193 (mem-limit); CLOUD-459 (default heap size == max)
+  Scenario: CLOUD-193 Check for dynamic resource allocation
+    When container is started with args
+      | arg                    | value             |
+      | mem_limit              | 1073741824        |
+    Then container log should match regex ^ *JAVA_OPTS: *.* -Xms128m\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -Xmx512m\s
+
+  # CLOUD-459 (override default heap size)
+  Scenario: CLOUD-459 Check for adjusted default heap size
+    When container is started with args
+      | arg       | value                         |
+      | mem_limit | 1073741824                    |
+      | env_json  | {"INITIAL_HEAP_PERCENT": 0.5} |
+    Then container log should match regex ^ *JAVA_OPTS: *.* -Xms256m\s
+      And container log should match regex ^ *JAVA_OPTS: *.* -Xmx512m\s
+
+  Scenario: CLOUD-1524, test JAVA_CORE_LIMIT
+    When container is started with env
+      | variable              | value    |
+      | JAVA_CORE_LIMIT       | 3        |
+    Then container log should match regex ^ *JAVA_OPTS: *.* -XX:ParallelGCThreads=3\s
+     And container log should match regex ^ *JAVA_OPTS: *.* -Djava.util.concurrent.ForkJoinPool.common.parallelism=3\s
+     And container log should match regex ^ *JAVA_OPTS: *.* -XX:CICompilerCount=2\s
+
+  Scenario: CLOUD-1524, test JAVA_CORE_LIMIT < CONTAINER_CORE_LIMIT
+    When container is started with args and env
+      | arg_env              | value    |
+      | arg_cpu_quota        | 20000    |
+      | arg_cpu_period       | 5000     |
+      | env_JAVA_CORE_LIMIT  | 2        |
+    Then container log should match regex ^ *JAVA_OPTS: *.* -XX:ParallelGCThreads=2\s
+     And container log should match regex ^ *JAVA_OPTS: *.* -Djava.util.concurrent.ForkJoinPool.common.parallelism=2\s
+     And container log should match regex ^ *JAVA_OPTS: *.* -XX:CICompilerCount=2\s
+
+  Scenario: CLOUD-1524, test JAVA_CORE_LIMIT > CONTAINER_CORE_LIMIT
+    When container is started with args and env
+      | arg_env              | value    |
+      | arg_cpu_quota        | 20000    |
+      | arg_cpu_period       | 5000     |
+      | env_JAVA_CORE_LIMIT  | 6        |
+   Then container log should match regex ^ *JAVA_OPTS: *.* -XX:ParallelGCThreads=4\s
+    And container log should match regex ^ *JAVA_OPTS: *.* -Djava.util.concurrent.ForkJoinPool.common.parallelism=4\s
+    And container log should match regex ^ *JAVA_OPTS: *.* -XX:CICompilerCount=2\s
+
+  Scenario: CLOUD-1524, test CONTAINER_CORE_LIMIT
+    When container is started with args
+      | arg                  | value    |
+      | cpu_quota            | 20000    |
+      | cpu_period           | 5000     |
+   Then container log should match regex ^ *JAVA_OPTS: *.* -XX:ParallelGCThreads=4\s
+    And container log should match regex ^ *JAVA_OPTS: *.* -Djava.util.concurrent.ForkJoinPool.common.parallelism=4\s
+    And container log should match regex ^ *JAVA_OPTS: *.* -XX:CICompilerCount=2\s
\ No newline at end of file
diff --git a/tests/features/gc.feature b/tests/features/gc.feature
index 2ff4f2cf..a2cff5e0 100644
--- a/tests/features/gc.feature
+++ b/tests/features/gc.feature
@@ -1,4 +1,5 @@
-@jboss-eap-7 @jboss-eap-7-tech-preview
+@jboss-eap-7/eap74-openjdk11-openshift-rhel8 @jboss-eap-7/eap74-openjdk8-openshift-rhel7
+@jboss-eap-7/eap-xp3-openjdk11-openshift-rhel8 @jboss-eap-7/eap-xp4-openjdk11-openshift-rhel8
 Feature: Openshift OpenJDK GC tests
 
   Scenario: Check default GC configuration
diff --git a/tests/features/https-jdk17.feature b/tests/features/https-jdk17.feature
new file mode 100644
index 00000000..79dc8485
--- /dev/null
+++ b/tests/features/https-jdk17.feature
@@ -0,0 +1,56 @@
+@jboss-eap-7/eap74-openjdk17-openshift-rhel8
+Feature: Check HTTPS configuration
+
+Scenario: Configure HTTPS with an existing https-listener should give error
+    When container is started with command bash
+      | variable               | value        |
+      | EAP_HTTPS_PASSWORD     | p@ssw0rd     |
+      | EAP_HTTPS_KEYSTORE_DIR | /opt/eap     |
+      | EAP_HTTPS_KEYSTORE     | keystore.jks |
+      | HTTPS_KEYSTORE_TYPE     | JKS |
+    Then copy features/jboss-eap-modules/scripts/https/add-https-listener-elytron.cli to /tmp in container
+    And run /opt/eap/bin/jboss-cli.sh --file=/tmp/add-https-listener-elytron.cli in container once
+    And run script -c /opt/eap/bin/openshift-launch.sh /tmp/boot.log in container and detach
+    And file /tmp/boot.log should contain There is already an undertow https-listener for the 'default-server' server so we are not adding it
+
+  Scenario: Use Elytron for HTTPS (the default for JDK17)
+    When container is started with env
+      | variable                      | value        |
+      | HTTPS_PASSWORD                | p@ssw0rd     |
+      | HTTPS_KEYSTORE_DIR            | /opt/eap     |
+      | HTTPS_KEYSTORE                | keystore.jks |
+      | HTTPS_KEYSTORE_TYPE           | JKS          |
+    Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should have 0 elements on XPath //*[local-name()='security-realm'][@name="ApplicationRealm"]/*[local-name()='server-identities']
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value https on XPath //*[local-name()='server'][@name="default-server"]/*[local-name()='https-listener']/@name
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value https on XPath //*[local-name()='server'][@name="default-server"]/*[local-name()='https-listener']/@socket-binding
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value LocalhostSslContext on XPath //*[local-name()='server'][@name="default-server"]/*[local-name()='https-listener']/@ssl-context
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value p@ssw0rd on XPath //*[local-name()='tls']/*[local-name()='key-stores']/*[local-name()='key-store'][@name="LocalhostKeyStore"]/*[local-name()='credential-reference']/@clear-text
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value JKS on XPath //*[local-name()='tls']/*[local-name()='key-stores']/*[local-name()='key-store'][@name="LocalhostKeyStore"]/*[local-name()='implementation']/@type
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /opt/eap/keystore.jks on XPath //*[local-name()='tls']/*[local-name()='key-stores']/*[local-name()='key-store'][@name="LocalhostKeyStore"]/*[local-name()='file']/@path
+
+Scenario: Https, No undertow should give error
+    Given s2i build git://github.com/openshift/openshift-jee-sample from . with env and true using master
+       | variable                   | value         |
+       | GALLEON_PROVISION_LAYERS   | core-server   |
+       | EAP_HTTPS_PASSWORD         | p@ssw0rd      |
+       | EAP_HTTPS_KEYSTORE_DIR     | /opt/eap      |
+       | EAP_HTTPS_KEYSTORE         | keystore.jks  |
+       | HTTPS_KEYSTORE_TYPE     | JKS |
+    Then container log should contain You have set environment variables to configure Https. However, your base configuration does not contain the Undertow subsystem
+
+  Scenario: Use Elytron for HTTPS, galleon s2i (the default for JDK17)
+    Given s2i build git://github.com/openshift/openshift-jee-sample from . with env and true using master
+      | variable                      | value                       |
+      | HTTPS_PASSWORD                | p@ssw0rd                    |
+      | HTTPS_KEYSTORE_DIR            | /opt/eap                    |
+      | HTTPS_KEYSTORE                | keystore.jks                |
+      | HTTPS_KEYSTORE_TYPE           | JKS                         |
+      | GALLEON_PROVISION_LAYERS      | cloud-server   |
+    Then container log should contain WFLYSRV0025
+    Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should have 0 elements on XPath //*[local-name()='security-realm'][@name="ApplicationRealm"]/*[local-name()='server-identities']
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value https on XPath //*[local-name()='server'][@name="default-server"]/*[local-name()='https-listener']/@name
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value https on XPath //*[local-name()='server'][@name="default-server"]/*[local-name()='https-listener']/@socket-binding
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value LocalhostSslContext on XPath //*[local-name()='server'][@name="default-server"]/*[local-name()='https-listener']/@ssl-context
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value p@ssw0rd on XPath //*[local-name()='tls']/*[local-name()='key-stores']/*[local-name()='key-store'][@name="LocalhostKeyStore"]/*[local-name()='credential-reference']/@clear-text
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value JKS on XPath //*[local-name()='tls']/*[local-name()='key-stores']/*[local-name()='key-store'][@name="LocalhostKeyStore"]/*[local-name()='implementation']/@type
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /opt/eap/keystore.jks on XPath //*[local-name()='tls']/*[local-name()='key-stores']/*[local-name()='key-store'][@name="LocalhostKeyStore"]/*[local-name()='file']/@path
diff --git a/tests/features/https.feature b/tests/features/https.feature
index a6449a1b..074fcbaa 100644
--- a/tests/features/https.feature
+++ b/tests/features/https.feature
@@ -1,4 +1,5 @@
-@jboss-eap-7 @jboss-eap-7-tech-preview
+@jboss-eap-7/eap74-openjdk11-openshift-rhel8 @jboss-eap-7/eap74-openjdk8-openshift-rhel7
+@jboss-eap-7/eap-xp3-openjdk11-openshift-rhel8 @jboss-eap-7/eap-xp4-openjdk11-openshift-rhel8
 Feature: Check HTTPS configuration
 
   # We are not able to test the following fail-fast error conditions
diff --git a/tests/features/not-jdk17.feature b/tests/features/not-jdk17.feature
new file mode 100644
index 00000000..36e6a7fa
--- /dev/null
+++ b/tests/features/not-jdk17.feature
@@ -0,0 +1,25 @@
+@jboss-eap-7/eap74-openjdk11-openshift-rhel8 @jboss-eap-7/eap74-openjdk8-openshift-rhel7
+@jboss-eap-7/eap-xp3-openjdk11-openshift-rhel8 @jboss-eap-7/eap-xp4-openjdk11-openshift-rhel8
+Feature: Tests that can't run on jdk17
+
+  # JDK 11 images don't have xjc or wsimport
+  # This one is to be ignored when running jboss-eap-7/eap74-openjdk17-openshift-rhel8
+  @jboss-eap-7-tech-preview/eap72-openjdk11-openshift
+  Scenario: Check that java binaries are linked properly
+    When container is ready
+    Then run sh -c 'test -L /usr/bin/java && echo "yes" || echo "no"' in container and immediately check its output for yes
+     And run sh -c 'test -L /usr/bin/keytool && echo "yes" || echo "no"' in container and immediately check its output for yes
+     And run sh -c 'test -L /usr/bin/rmid && echo "yes" || echo "no"' in container and immediately check its output for yes
+     And run sh -c 'test -L /usr/bin/javac && echo "yes" || echo "no"' in container and immediately check its output for yes
+     And run sh -c 'test -L /usr/bin/jar && echo "yes" || echo "no"' in container and immediately check its output for yes
+     And run sh -c 'test -L /usr/bin/rmic && echo "yes" || echo "no"' in container and immediately check its output for yes
+
+  # CLOUD-807
+  # JDK 11 needs an extra dep for javax.annotations
+  @jboss-eap-7-tech-preview/eap72-openjdk11-openshift
+  # Nashorn removed on JDk17
+  Scenario: Test if the container has the JavaScript engine available
+    Given s2i build https://github.com/luck3y/openshift-examples from eap-tests/jsengine using openjdk-11
+    Then container log should contain Engine found: jdk.nashorn.api.scripting.NashornScriptEngine
+    And container log should contain Engine class provider found.
+    And container log should not contain JavaScript engine not found.
\ No newline at end of file
diff --git a/tests/features/s2i-jdk17.feature b/tests/features/s2i-jdk17.feature
new file mode 100644
index 00000000..fbd1f544
--- /dev/null
+++ b/tests/features/s2i-jdk17.feature
@@ -0,0 +1,17 @@
+@jboss-eap-7/eap74-openjdk17-openshift-rhel8
+Feature: Openshift EAP s2i tests
+
+# Like above, but JDK 11 options have changed.
+  # see cct_module/dynamic-resources for details.
+  # Test used to add -P jboss-eap-repository-insecure,-securecentral,insecurecentral but we can't use unsecure repos, they are banned by parent pom.xml.
+  @jboss-eap-7-tech-preview/eap72-openjdk11-openshift
+  Scenario: Test to ensure that maven is run with -Djava.net.preferIPv4Stack=true and user-supplied arguments, even when MAVEN_ARGS is overridden, and doesn't clear the local repository after the build
+    Given s2i build https://github.com/jboss-developer/jboss-eap-quickstarts from helloworld using openshift
+       | variable          | value                                                                                  |
+       | MAVEN_ARGS        | -e -Dcom.redhat.xpaas.repo.jbossorg -DskipTests package |
+       | MAVEN_ARGS_APPEND | -Dfoo=bar                                                                              |
+    Then container log should contain WFLYSRV0025
+    And run sh -c 'test -d /tmp/artifacts/m2/org && echo all good' in container and immediately check its output for all good
+    And s2i build log should contain -Djava.net.preferIPv4Stack=true
+    And s2i build log should contain -Dfoo=bar
+    And s2i build log should contain -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+ExitOnOutOfMemoryError
diff --git a/tests/features/s2i.feature b/tests/features/s2i.feature
index 08880806..a2294815 100644
--- a/tests/features/s2i.feature
+++ b/tests/features/s2i.feature
@@ -48,6 +48,8 @@ Feature: Openshift EAP s2i tests
   # CLOUD-579
   Scenario: Test that maven is executed in batch mode
     Given s2i build https://github.com/jboss-openshift/openshift-examples from helloworld
+    | variable          | value                                                                                  |
+    | MAVEN_ARGS_APPEND | -Dmaven.compiler.target=1.8 -Dmaven.compiler.source=1.8 -Dversion.war.plugin=3.3.2|
     Then s2i build log should contain --batch-mode
     And s2i build log should not contain \r
 
@@ -59,22 +61,13 @@ Feature: Openshift EAP s2i tests
     And container log should contain Engine class provider found.
     And container log should not contain JavaScript engine not found.
 
-  # CLOUD-807
-  # JDK 11 needs an extra dep for javax.annotations
-  @jboss-eap-7-tech-preview/eap72-openjdk11-openshift
-  Scenario: Test if the container has the JavaScript engine available
-    Given s2i build https://github.com/luck3y/openshift-examples from eap-tests/jsengine using openjdk-11
-    Then container log should contain Engine found: jdk.nashorn.api.scripting.NashornScriptEngine
-    And container log should contain Engine class provider found.
-    And container log should not contain JavaScript engine not found.
-
   # Always force IPv4 (CLOUD-188)
   # Append user-supplied arguments (CLOUD-412)
   # Allow the user to clear down the maven repository after running s2i (CLOUD-413)
   Scenario: Test to ensure that maven is run with -Djava.net.preferIPv4Stack=true and user-supplied arguments, and clears the local repository after the build
     Given s2i build https://github.com/jboss-openshift/openshift-examples from helloworld
        | variable          | value                      |
-       | MAVEN_ARGS_APPEND | -Dfoo=bar                  |
+       | MAVEN_ARGS_APPEND | -Dfoo=bar  -Dmaven.compiler.target=1.8 -Dmaven.compiler.source=1.8 -Dversion.war.plugin=3.3.2 |
        | MAVEN_LOCAL_REPO  | /home/jboss/.m2/repository |
        | MAVEN_CLEAR_REPO  | true                       |
     Then s2i build log should contain -Djava.net.preferIPv4Stack=true
diff --git a/tests/features/scripts/https/add-https-listener-elytron.cli b/tests/features/scripts/https/add-https-listener-elytron.cli
new file mode 100644
index 00000000..d1cf4ea2
--- /dev/null
+++ b/tests/features/scripts/https/add-https-listener-elytron.cli
@@ -0,0 +1,3 @@
+embed-server --timeout=30 --std-out=echo --server-config=standalone-openshift.xml
+/subsystem=undertow/server=default-server/https-listener=https:add(ssl-context=applicationSSC, socket-binding=https, proxy-address-forwarding=true)
+stop-embedded-server
\ No newline at end of file
diff --git a/tests/features/security_domains-jdk17.feature b/tests/features/security_domains-jdk17.feature
new file mode 100644
index 00000000..a12886f3
--- /dev/null
+++ b/tests/features/security_domains-jdk17.feature
@@ -0,0 +1,150 @@
+@jboss-eap-7/eap74-openjdk17-openshift-rhel8
+Feature: EAP Openshift security domains
+
+  Scenario: check security-domain configured
+    Given s2i build https://github.com/jboss-openshift/openshift-examples from security-custom-configuration with env
+       | variable           | value       |
+       | SECDOMAIN_NAME | HiThere     |
+     Then container log should contain ERROR SECDOMAIN_NAME env variable can't be set, use ELYTRON_SECDOMAIN_NAME env variable to configure authentication using Elytron.
+
+  Scenario: check Elytron configuration with elytron core realms security domain fail
+    Given s2i build https://github.com/jboss-container-images/jboss-eap-modules from tests/examples/test-app-web-security with env and true
+       | variable                   | value       |
+       | ELYTRON_SECDOMAIN_NAME     | my-security-domain     |
+       | ELYTRON_SECDOMAIN_CORE_REALM | true                 |
+     Then container log should contain WFLYSRV0025
+     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value my-security-domain on XPath //*[local-name()='subsystem' and starts-with(namespace-uri(), 'urn:jboss:domain:undertow:')]/*[local-name()='application-security-domains']/*[local-name()='application-security-domain']/@name
+     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value ApplicationDomain on XPath //*[local-name()='subsystem' and starts-with(namespace-uri(), 'urn:jboss:domain:undertow:')]/*[local-name()='application-security-domains']/*[local-name()='application-security-domain']/@security-domain
+     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value my-security-domain on XPath //*[local-name()='subsystem' and starts-with(namespace-uri(), 'urn:jboss:domain:ejb3:')]/*[local-name()='application-security-domains']/*[local-name()='application-security-domain']/@name
+     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value ApplicationDomain on XPath //*[local-name()='subsystem' and starts-with(namespace-uri(), 'urn:jboss:domain:ejb3:')]/*[local-name()='application-security-domains']/*[local-name()='application-security-domain']/@security-domain
+     And check that page is served
+      | property                   | value       |
+      | expected_status_code       | 401         |
+      | path                       | /test       |
+      | port                       | 8080        |
+
+  Scenario: check Elytron configuration with elytron core realms security domain success
+    Given s2i build https://github.com/jboss-container-images/jboss-eap-modules from tests/examples/test-app-web-security with env and true using master without running
+       | variable                   | value       |
+       | ELYTRON_SECDOMAIN_NAME     | my-security-domain     |
+       | ELYTRON_SECDOMAIN_CORE_REALM | true                 |
+    When container integ- is started with command bash
+    Then run /opt/eap/bin/add-user.sh -a -u jfdenise -p pass -g Admin -sc /opt/eap/standalone/configuration in container once    
+    And run script -c /opt/eap/bin/openshift-launch.sh /tmp/boot.log in container and detach
+    And check that port 8080 is open
+    And check that page is served
+      | property                   | value       |
+      | path                       | /test       |
+      | port                       | 8080        |
+      | username | jfdenise |
+      | password | pass |
+
+  Scenario: check Elytron configuration with elytron core realms security domain fail, galleon
+    Given s2i build https://github.com/jboss-container-images/jboss-eap-modules from tests/examples/test-app-web-security with env and true
+       | variable                   | value       |
+       | ELYTRON_SECDOMAIN_NAME     | my-security-domain     |
+       | ELYTRON_SECDOMAIN_CORE_REALM | true                 |
+       | GALLEON_PROVISION_LAYERS | datasources-web-server                 |
+     Then container log should contain WFLYSRV0025
+     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value my-security-domain on XPath //*[local-name()='subsystem' and starts-with(namespace-uri(), 'urn:jboss:domain:undertow:')]/*[local-name()='application-security-domains']/*[local-name()='application-security-domain']/@name
+     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value ApplicationDomain on XPath //*[local-name()='subsystem' and starts-with(namespace-uri(), 'urn:jboss:domain:undertow:')]/*[local-name()='application-security-domains']/*[local-name()='application-security-domain']/@security-domain
+     And check that page is served
+      | property                   | value       |
+      | expected_status_code       | 401         |
+      | path                       | /test       |
+      | port                       | 8080        |
+
+  Scenario: check Elytron configuration with elytron core realms security domain success, galleon
+    Given s2i build https://github.com/jboss-container-images/jboss-eap-modules from tests/examples/test-app-web-security with env and true using master without running
+       | variable                   | value       |
+       | ELYTRON_SECDOMAIN_NAME     | my-security-domain     |
+       | ELYTRON_SECDOMAIN_CORE_REALM | true                 |
+       | GALLEON_PROVISION_LAYERS | datasources-web-server                 |
+    When container integ- is started with command bash
+    Then run /opt/eap/bin/add-user.sh -a -u jfdenise -p pass -g Admin -sc /opt/eap/standalone/configuration in container once    
+    And run script -c /opt/eap/bin/openshift-launch.sh /tmp/boot.log in container and detach
+    And check that port 8080 is open
+    And check that page is served
+      | property                   | value       |
+      | path                       | /test       |
+      | port                       | 8080        |
+      | username | jfdenise |
+      | password | pass |
+
+ Scenario: check Elytron configuration with elytron custom security domain fail
+    Given s2i build https://github.com/jboss-container-images/jboss-eap-modules from tests/examples/test-app-web-security with env and true using master without running
+       | variable                   | value       |
+       | ELYTRON_SECDOMAIN_NAME     | my-security-domain     |
+       | ELYTRON_SECDOMAIN_USERS_PROPERTIES | empty-foo-users.properties                 |
+       | ELYTRON_SECDOMAIN_ROLES_PROPERTIES | empty-foo-roles.properties                 |
+    When container integ- is started with command bash
+    Then copy features/jboss-eap-modules/scripts/security_domains/empty-foo-users.properties to /opt/eap/standalone/configuration/ in container    
+    Then copy features/jboss-eap-modules/scripts/security_domains/empty-foo-roles.properties to /opt/eap/standalone/configuration/ in container    
+    And run script -c /opt/eap/bin/openshift-launch.sh /tmp/boot.log in container and detach
+    And check that port 8080 is open
+    And check that page is served
+      | property                   | value       |
+      | expected_status_code       | 401         |
+      | path                       | /test       |
+      | port                       | 8080        |
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value my-security-domain on XPath //*[local-name()='subsystem' and starts-with(namespace-uri(), 'urn:jboss:domain:undertow:')]/*[local-name()='application-security-domains']/*[local-name()='application-security-domain']/@name
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value my-security-domain on XPath //*[local-name()='subsystem' and starts-with(namespace-uri(), 'urn:jboss:domain:undertow:')]/*[local-name()='application-security-domains']/*[local-name()='application-security-domain']/@security-domain
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value my-security-domain on XPath //*[local-name()='subsystem' and starts-with(namespace-uri(), 'urn:jboss:domain:ejb3:')]/*[local-name()='application-security-domains']/*[local-name()='application-security-domain']/@name
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value my-security-domain on XPath //*[local-name()='subsystem' and starts-with(namespace-uri(), 'urn:jboss:domain:ejb3:')]/*[local-name()='application-security-domains']/*[local-name()='application-security-domain']/@security-domain
+
+  Scenario: check Elytron configuration with elytron custom security domain success
+    Given s2i build https://github.com/jboss-container-images/jboss-eap-modules from tests/examples/test-app-web-security with env and true using master without running
+       | variable                   | value       |
+       | ELYTRON_SECDOMAIN_NAME     | my-security-domain     |
+       | ELYTRON_SECDOMAIN_USERS_PROPERTIES | foo-users.properties                 |
+       | ELYTRON_SECDOMAIN_ROLES_PROPERTIES | foo-roles.properties                 |
+    When container integ- is started with command bash
+    Then copy features/jboss-eap-modules/scripts/security_domains/foo-users.properties to /opt/eap/standalone/configuration/ in container    
+    Then copy features/jboss-eap-modules/scripts/security_domains/foo-roles.properties to /opt/eap/standalone/configuration/ in container    
+    And run script -c /opt/eap/bin/openshift-launch.sh /tmp/boot.log in container and detach
+    And check that port 8080 is open
+    And check that page is served
+      | property                   | value       |
+      | path                       | /test       |
+      | port                       | 8080        |
+      | username | jfdenise |
+      | password | pass |
+
+ Scenario: check Elytron configuration with elytron custom security domain fail, galleon
+    Given s2i build https://github.com/jboss-container-images/jboss-eap-modules from tests/examples/test-app-web-security with env and true using master without running
+       | variable                   | value       |
+       | ELYTRON_SECDOMAIN_NAME     | my-security-domain     |
+       | ELYTRON_SECDOMAIN_USERS_PROPERTIES | empty-foo-users.properties                 |
+       | ELYTRON_SECDOMAIN_ROLES_PROPERTIES | empty-foo-roles.properties                 |
+       | GALLEON_PROVISION_LAYERS | datasources-web-server                 |
+    When container integ- is started with command bash
+    Then copy features/jboss-eap-modules/scripts/security_domains/empty-foo-users.properties to /opt/eap/standalone/configuration/ in container    
+    Then copy features/jboss-eap-modules/scripts/security_domains/empty-foo-roles.properties to /opt/eap/standalone/configuration/ in container    
+    And run script -c /opt/eap/bin/openshift-launch.sh /tmp/boot.log in container and detach
+    And check that port 8080 is open
+    And check that page is served
+      | property                   | value       |
+      | expected_status_code       | 401         |
+      | path                       | /test       |
+      | port                       | 8080        |
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value my-security-domain on XPath //*[local-name()='subsystem' and starts-with(namespace-uri(), 'urn:jboss:domain:undertow:')]/*[local-name()='application-security-domains']/*[local-name()='application-security-domain']/@name
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value my-security-domain on XPath //*[local-name()='subsystem' and starts-with(namespace-uri(), 'urn:jboss:domain:undertow:')]/*[local-name()='application-security-domains']/*[local-name()='application-security-domain']/@security-domain
+
+  Scenario: check Elytron configuration with elytron custom security domain success, galleon
+    Given s2i build https://github.com/jboss-container-images/jboss-eap-modules from tests/examples/test-app-web-security with env and true using master without running
+       | variable                   | value       |
+       | ELYTRON_SECDOMAIN_NAME     | my-security-domain     |
+       | ELYTRON_SECDOMAIN_USERS_PROPERTIES | foo-users.properties                 |
+       | ELYTRON_SECDOMAIN_ROLES_PROPERTIES | foo-roles.properties                 |
+       | GALLEON_PROVISION_LAYERS | datasources-web-server |
+    When container integ- is started with command bash
+    Then copy features/jboss-eap-modules/scripts/security_domains/foo-users.properties to /opt/eap/standalone/configuration/ in container    
+    Then copy features/jboss-eap-modules/scripts/security_domains/foo-roles.properties to /opt/eap/standalone/configuration/ in container    
+    And run script -c /opt/eap/bin/openshift-launch.sh /tmp/boot.log in container and detach
+    And check that port 8080 is open
+    And check that page is served
+      | property                   | value       |
+      | path                       | /test       |
+      | port                       | 8080        |
+      | username | jfdenise |
+      | password | pass |
diff --git a/tests/features/security_domains.feature b/tests/features/security_domains.feature
index 34640b55..e5fe6214 100644
--- a/tests/features/security_domains.feature
+++ b/tests/features/security_domains.feature
@@ -1,4 +1,5 @@
-@jboss-eap-7 @jboss-eap-7-tech-preview
+@jboss-eap-7/eap74-openjdk11-openshift-rhel8 @jboss-eap-7/eap74-openjdk8-openshift-rhel7
+@jboss-eap-7/eap-xp3-openjdk11-openshift-rhel8 @jboss-eap-7/eap-xp4-openjdk11-openshift-rhel8
 Feature: EAP Openshift security domains
 
   Scenario: check security-domain configured
diff --git a/tests/features/sso.feature b/tests/features/sso.feature
index 49059008..97e0e45a 100644
--- a/tests/features/sso.feature
+++ b/tests/features/sso.feature
@@ -6,13 +6,13 @@ Feature: OpenShift EAP SSO tests
      Given XML namespaces
        | prefix | url                          |
        | ns     | urn:jboss:domain:keycloak:1.1 |
-     Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts using 7.0.x-ose
+     Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts using 7.0.x-ose
        | variable               | value                                            |
        | ARTIFACT_DIR           | app-jee-jsp/target,app-profile-jee-jsp/target |
        | SSO_REALM         | demo    |
        | SSO_PUBLIC_KEY    | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLezsNQtZSaJvNZXTmjhlpIJnnwgGL5R1vkPLdt7odMgDzLHQ1h4DlfJPuPI4aI8uo8VkSGYQXWaOGUh3YJXtdO1vcym1SuP8ep6YnDy9vbUibA/o8RW6Wnj3Y4tqShIfuWf3MEsiH+KizoIJm6Av7DTGZSGFQnZWxBEZ2WUyFt297aLWuVM0k9vHMWSraXQo78XuU3pxrYzkI+A4QpeShg8xE7mNrs8g3uTmc53KR45+wW1icclzdix/JcT6YaSgLEVrIR9WkkYfEGj3vSrOzYA46pQe6WQoenLKtIDFmFDPjhcPoi989px9f+1HCIYP0txBS/hnJZaPdn5/lEUKQIDAQAB  |
        | SSO_URL           | http://localhost:8080/auth    |
-       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2|
     Then container log should contain WFLYSRV0010: Deployed "app-profile-jsp.war"
     Then container log should contain WFLYSRV0010: Deployed "app-jsp.war"
     Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value demo on XPath //ns:realm/@name
@@ -21,21 +21,21 @@ Feature: OpenShift EAP SSO tests
      Given XML namespaces
        | prefix | url                          |
        | ns     | urn:jboss:domain:keycloak:1.1 |
-     Given s2i build http://github.com/bdecoste/keycloak-examples using securedeployments
+     Given s2i build http://github.com/jfdenise/keycloak-examples using securedeployments
        | variable                   | value                                            |
        | ARTIFACT_DIR               | app-profile-jee-saml/target,app-profile-jee/target |
-       | MAVEN_ARGS_APPEND          | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND          | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2|
     Then container log should contain WFLYSRV0010: Deployed "app-profile-jee.war"
     Then container log should contain WFLYSRV0010: Deployed "app-profile-jee-saml.war"
 
    Scenario: Check default keycloak config
-     Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts using 7.0.x-ose
+     Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts using 7.0.x-ose
        | variable               | value                                                                     |
        | ARTIFACT_DIR           | app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target    |
        | SSO_REALM              | demo                                                                      |
        | SSO_PUBLIC_KEY         | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLezsNQtZSaJvNZXTmjhlpIJnnwgGL5R1vkPLdt7odMgDzLHQ1h4DlfJPuPI4aI8uo8VkSGYQXWaOGUh3YJXtdO1vcym1SuP8ep6YnDy9vbUibA/o8RW6Wnj3Y4tqShIfuWf3MEsiH+KizoIJm6Av7DTGZSGFQnZWxBEZ2WUyFt297aLWuVM0k9vHMWSraXQo78XuU3pxrYzkI+A4QpeShg8xE7mNrs8g3uTmc53KR45+wW1icclzdix/JcT6YaSgLEVrIR9WkkYfEGj3vSrOzYA46pQe6WQoenLKtIDFmFDPjhcPoi989px9f+1HCIYP0txBS/hnJZaPdn5/lEUKQIDAQAB  |
        | SSO_URL                | http://localhost:8080/auth    |
-       | MAVEN_ARGS_APPEND      | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND      | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
     Then container log should contain Deployed "service.war"
     And container log should contain Deployed "app-profile-jsp.war"
     And container log should contain Deployed "app-jsp.war"
@@ -55,7 +55,7 @@ Feature: OpenShift EAP SSO tests
     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value idp on XPath //*[local-name()='secure-deployment'][@name="app-profile-saml.war"]/*[local-name()='SP']/*[local-name()='IDP']/@entityID 
 
   Scenario: Check custom keycloak config, elytron
-     Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts using 7.0.x-ose
+     Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts using 7.0.x-ose
        | variable               | value                                                                     |
        | ARTIFACT_DIR           | app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target    |
        | SSO_REALM              | demo                                                                      |
@@ -65,7 +65,7 @@ Feature: OpenShift EAP SSO tests
        | SSO_BEARER_ONLY        | true                          |
        | SSO_SAML_LOGOUT_PAGE   | /tombrady                     |
        | SSO_FORCE_LEGACY_SECURITY   | false                     |
-       | MAVEN_ARGS_APPEND      | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND      | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
     Then container log should contain Deployed "service.war"
     And container log should contain Deployed "app-profile-jsp.war"
     And container log should contain Deployed "app-jsp.war"
@@ -83,11 +83,11 @@ Feature: OpenShift EAP SSO tests
     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /tombrady on XPath //*[local-name()='secure-deployment'][@name="app-profile-saml.war"]/*[local-name()='SP']/@logoutPage       
     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value true on XPath //*[local-name()='secure-deployment'][@name="app-profile-saml.war"]/*[local-name()='SP']/*[local-name()='Keys']/*[local-name()='Key']/@signing 
     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value idp on XPath //*[local-name()='secure-deployment'][@name="app-profile-saml.war"]/*[local-name()='SP']/*[local-name()='IDP']/@entityID 
-    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should have 2 elements on XPath //*[local-name()='application-security-domain']
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should have 4 elements on XPath //*[local-name()='application-security-domain']
     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value keycloak on XPath //*[local-name()='application-security-domain']/@name
 
   Scenario: Check custom keycloak config
-     Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts using 7.0.x-ose
+     Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts using 7.0.x-ose
        | variable               | value                                                                     |
        | ARTIFACT_DIR           | app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target    |
        | SSO_REALM              | demo                                                                      |
@@ -96,7 +96,7 @@ Feature: OpenShift EAP SSO tests
        | SSO_ENABLE_CORS        | true                          |
        | SSO_BEARER_ONLY        | true                          |
        | SSO_SAML_LOGOUT_PAGE   | /tombrady                     |
-       | MAVEN_ARGS_APPEND      | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND      | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
     Then container log should contain Deployed "service.war"
     And container log should contain Deployed "app-profile-jsp.war"
     And container log should contain Deployed "app-jsp.war"
@@ -114,20 +114,20 @@ Feature: OpenShift EAP SSO tests
     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value /tombrady on XPath //*[local-name()='secure-deployment'][@name="app-profile-saml.war"]/*[local-name()='SP']/@logoutPage       
     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value true on XPath //*[local-name()='secure-deployment'][@name="app-profile-saml.war"]/*[local-name()='SP']/*[local-name()='Keys']/*[local-name()='Key']/@signing 
     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value idp on XPath //*[local-name()='secure-deployment'][@name="app-profile-saml.war"]/*[local-name()='SP']/*[local-name()='IDP']/@entityID 
-    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should have 0 elements on XPath //*[local-name()='application-security-domain']
-    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value keycloak on XPath //*[local-name()='security-domain']/@name
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should have 4 elements on XPath //*[local-name()='application-security-domain']
+    And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value keycloak on XPath //*[local-name()='application-security-domain']/@name
 
   Scenario: deploys the keycloak examples, then checks if it's deployed in cloud-server,sso layers.
      Given XML namespaces
        | prefix | url                          |
        | ns     | urn:jboss:domain:keycloak:1.1 |
-     Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
+     Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
        | variable               | value                                            |
        | ARTIFACT_DIR           | app-jee-jsp/target,app-profile-jee-jsp/target |
        | SSO_REALM         | demo    |
        | SSO_PUBLIC_KEY    | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLezsNQtZSaJvNZXTmjhlpIJnnwgGL5R1vkPLdt7odMgDzLHQ1h4DlfJPuPI4aI8uo8VkSGYQXWaOGUh3YJXtdO1vcym1SuP8ep6YnDy9vbUibA/o8RW6Wnj3Y4tqShIfuWf3MEsiH+KizoIJm6Av7DTGZSGFQnZWxBEZ2WUyFt297aLWuVM0k9vHMWSraXQo78XuU3pxrYzkI+A4QpeShg8xE7mNrs8g3uTmc53KR45+wW1icclzdix/JcT6YaSgLEVrIR9WkkYfEGj3vSrOzYA46pQe6WQoenLKtIDFmFDPjhcPoi989px9f+1HCIYP0txBS/hnJZaPdn5/lEUKQIDAQAB  |
        | SSO_URL           | http://localhost:8080/auth    |
-       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
        | GALLEON_PROVISION_LAYERS | cloud-server,sso |
     Then container log should contain WFLYSRV0010: Deployed "app-profile-jsp.war"
     Then container log should contain WFLYSRV0010: Deployed "app-jsp.war"
@@ -137,13 +137,13 @@ Feature: OpenShift EAP SSO tests
      Given XML namespaces
        | prefix | url                          |
        | ns     | urn:jboss:domain:keycloak:1.1 |
-     Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
+     Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
        | variable               | value                                            |
        | ARTIFACT_DIR           | app-jee-jsp/target,app-profile-jee-jsp/target |
        | SSO_REALM         | demo    |
        | SSO_PUBLIC_KEY    | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLezsNQtZSaJvNZXTmjhlpIJnnwgGL5R1vkPLdt7odMgDzLHQ1h4DlfJPuPI4aI8uo8VkSGYQXWaOGUh3YJXtdO1vcym1SuP8ep6YnDy9vbUibA/o8RW6Wnj3Y4tqShIfuWf3MEsiH+KizoIJm6Av7DTGZSGFQnZWxBEZ2WUyFt297aLWuVM0k9vHMWSraXQo78XuU3pxrYzkI+A4QpeShg8xE7mNrs8g3uTmc53KR45+wW1icclzdix/JcT6YaSgLEVrIR9WkkYfEGj3vSrOzYA46pQe6WQoenLKtIDFmFDPjhcPoi989px9f+1HCIYP0txBS/hnJZaPdn5/lEUKQIDAQAB  |
        | SSO_URL           | http://localhost:8080/auth    |
-       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
        | GALLEON_PROVISION_LAYERS | cloud-server,sso |
        | SSO_SECURITY_DOMAIN | foo |
     Then container log should contain WFLYSRV0010: Deployed "app-profile-jsp.war"
@@ -151,15 +151,15 @@ Feature: OpenShift EAP SSO tests
     Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value demo on XPath //ns:realm/@name
     Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should have 2 elements on XPath //*[local-name()='application-security-domain']
     Then XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value foo on XPath //*[local-name()='application-security-domain']/@name
-    
+
     Scenario: Check default keycloak config in cloud-server,sso layers.
-     Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
+     Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
        | variable               | value                                                                     |
        | ARTIFACT_DIR           | app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target    |
        | SSO_REALM              | demo                                                                      |
        | SSO_PUBLIC_KEY         | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLezsNQtZSaJvNZXTmjhlpIJnnwgGL5R1vkPLdt7odMgDzLHQ1h4DlfJPuPI4aI8uo8VkSGYQXWaOGUh3YJXtdO1vcym1SuP8ep6YnDy9vbUibA/o8RW6Wnj3Y4tqShIfuWf3MEsiH+KizoIJm6Av7DTGZSGFQnZWxBEZ2WUyFt297aLWuVM0k9vHMWSraXQo78XuU3pxrYzkI+A4QpeShg8xE7mNrs8g3uTmc53KR45+wW1icclzdix/JcT6YaSgLEVrIR9WkkYfEGj3vSrOzYA46pQe6WQoenLKtIDFmFDPjhcPoi989px9f+1HCIYP0txBS/hnJZaPdn5/lEUKQIDAQAB  |
        | SSO_URL                | http://localhost:8080/auth    |
-       | MAVEN_ARGS_APPEND      | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND      | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
        | GALLEON_PROVISION_LAYERS | cloud-server,sso |
     Then container log should contain Deployed "service.war"
     And container log should contain Deployed "app-profile-jsp.war"
@@ -180,7 +180,7 @@ Feature: OpenShift EAP SSO tests
     And XML file /opt/eap/standalone/configuration/standalone-openshift.xml should contain value idp on XPath //*[local-name()='secure-deployment'][@name="app-profile-saml.war"]/*[local-name()='SP']/*[local-name()='IDP']/@entityID 
 
   Scenario: Check custom keycloak config in cloud-server,sso layers.
-     Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
+     Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
        | variable               | value                                                                     |
        | ARTIFACT_DIR           | app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target    |
        | SSO_REALM              | demo                                                                      |
@@ -189,7 +189,7 @@ Feature: OpenShift EAP SSO tests
        | SSO_ENABLE_CORS        | true                          |
        | SSO_BEARER_ONLY        | true                          |
        | SSO_SAML_LOGOUT_PAGE   | /tombrady                     |
-       | MAVEN_ARGS_APPEND      | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND      | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
        | GALLEON_PROVISION_LAYERS | cloud-server,sso |
     Then container log should contain Deployed "service.war"
     And container log should contain Deployed "app-profile-jsp.war"
@@ -212,24 +212,24 @@ Feature: OpenShift EAP SSO tests
   @ignore 
   # we can't provision an unsecure configuration.
   Scenario: SSO, no elytron should give error
-    Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
+    Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
        | variable                   | value         |
        | ARTIFACT_DIR           | app-jee-jsp/target,app-profile-jee-jsp/target |
        | SSO_REALM         | demo    |
        | SSO_PUBLIC_KEY    | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLezsNQtZSaJvNZXTmjhlpIJnnwgGL5R1vkPLdt7odMgDzLHQ1h4DlfJPuPI4aI8uo8VkSGYQXWaOGUh3YJXtdO1vcym1SuP8ep6YnDy9vbUibA/o8RW6Wnj3Y4tqShIfuWf3MEsiH+KizoIJm6Av7DTGZSGFQnZWxBEZ2WUyFt297aLWuVM0k9vHMWSraXQo78XuU3pxrYzkI+A4QpeShg8xE7mNrs8g3uTmc53KR45+wW1icclzdix/JcT6YaSgLEVrIR9WkkYfEGj3vSrOzYA46pQe6WQoenLKtIDFmFDPjhcPoi989px9f+1HCIYP0txBS/hnJZaPdn5/lEUKQIDAQAB  |
        | SSO_URL           | http://localhost:8080/auth    |
-       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
        | GALLEON_PROVISION_LAYERS   | management   |
     Then container log should contain You have set environment variables to enable sso. Fix your configuration to contain elytron subsystem for this to happen.
 
   Scenario: SSO, no undertow should give error
-    Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts from . with env and true using 7.0.x-ose without running
+    Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts from . with env and true using 7.0.x-ose without running
        | variable                   | value         |
        | ARTIFACT_DIR           | app-jee-jsp/target,app-profile-jee-jsp/target |
        | SSO_REALM         | demo    |
        | SSO_PUBLIC_KEY    | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLezsNQtZSaJvNZXTmjhlpIJnnwgGL5R1vkPLdt7odMgDzLHQ1h4DlfJPuPI4aI8uo8VkSGYQXWaOGUh3YJXtdO1vcym1SuP8ep6YnDy9vbUibA/o8RW6Wnj3Y4tqShIfuWf3MEsiH+KizoIJm6Av7DTGZSGFQnZWxBEZ2WUyFt297aLWuVM0k9vHMWSraXQo78XuU3pxrYzkI+A4QpeShg8xE7mNrs8g3uTmc53KR45+wW1icclzdix/JcT6YaSgLEVrIR9WkkYfEGj3vSrOzYA46pQe6WQoenLKtIDFmFDPjhcPoi989px9f+1HCIYP0txBS/hnJZaPdn5/lEUKQIDAQAB  |
        | SSO_URL           | http://localhost:8080/auth    |
-       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
        | GALLEON_PROVISION_LAYERS   | core-server   |
     When container integ- is started with command bash
     # Add dummy script just for the then clause.
@@ -238,13 +238,13 @@ Feature: OpenShift EAP SSO tests
     And file /tmp/boot.log should contain You have set environment variables to enable sso. Fix your configuration to contain undertow subsystem for this to happen.
 
   Scenario: SSO, undertow app sec domain already exists should give error
-    Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts from . with env and true using 7.0.x-ose without running
+    Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts from . with env and true using 7.0.x-ose without running
        | variable                   | value         |
        | ARTIFACT_DIR           | app-jee-jsp/target,app-profile-jee-jsp/target |
        | SSO_REALM         | demo    |
        | SSO_PUBLIC_KEY    | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLezsNQtZSaJvNZXTmjhlpIJnnwgGL5R1vkPLdt7odMgDzLHQ1h4DlfJPuPI4aI8uo8VkSGYQXWaOGUh3YJXtdO1vcym1SuP8ep6YnDy9vbUibA/o8RW6Wnj3Y4tqShIfuWf3MEsiH+KizoIJm6Av7DTGZSGFQnZWxBEZ2WUyFt297aLWuVM0k9vHMWSraXQo78XuU3pxrYzkI+A4QpeShg8xE7mNrs8g3uTmc53KR45+wW1icclzdix/JcT6YaSgLEVrIR9WkkYfEGj3vSrOzYA46pQe6WQoenLKtIDFmFDPjhcPoi989px9f+1HCIYP0txBS/hnJZaPdn5/lEUKQIDAQAB  |
        | SSO_URL           | http://localhost:8080/auth    |
-       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
        | GALLEON_PROVISION_LAYERS   | cloud-server,sso   |
     When container integ- is started with command bash
     Then copy features/jboss-eap-modules/scripts/sso/add-undertow-sec-domain.cli to /tmp in container
@@ -253,13 +253,13 @@ Feature: OpenShift EAP SSO tests
     And file /tmp/boot.log should contain Undertow already contains keycloak application security domain. Fix your configuration or set SSO_SECURITY_DOMAIN env variable.
 
   Scenario: SSO, ejb3 app sec domain already exists should give error
-    Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts from . with env and true using 7.0.x-ose without running
+    Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts from . with env and true using 7.0.x-ose without running
        | variable                   | value         |
        | ARTIFACT_DIR           | app-jee-jsp/target,app-profile-jee-jsp/target |
        | SSO_REALM         | demo    |
        | SSO_PUBLIC_KEY    | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLezsNQtZSaJvNZXTmjhlpIJnnwgGL5R1vkPLdt7odMgDzLHQ1h4DlfJPuPI4aI8uo8VkSGYQXWaOGUh3YJXtdO1vcym1SuP8ep6YnDy9vbUibA/o8RW6Wnj3Y4tqShIfuWf3MEsiH+KizoIJm6Av7DTGZSGFQnZWxBEZ2WUyFt297aLWuVM0k9vHMWSraXQo78XuU3pxrYzkI+A4QpeShg8xE7mNrs8g3uTmc53KR45+wW1icclzdix/JcT6YaSgLEVrIR9WkkYfEGj3vSrOzYA46pQe6WQoenLKtIDFmFDPjhcPoi989px9f+1HCIYP0txBS/hnJZaPdn5/lEUKQIDAQAB  |
        | SSO_URL           | http://localhost:8080/auth    |
-       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
        | SSO_FORCE_LEGACY_SECURITY   | false                     |
     When container integ- is started with command bash
     Then copy features/jboss-eap-modules/scripts/sso/add-ejb3-sec-domain.cli to /tmp in container
@@ -268,12 +268,12 @@ Feature: OpenShift EAP SSO tests
     And file /tmp/boot.log should contain ejb3 already contains keycloak application security domain. Fix your configuration or set SSO_SECURITY_DOMAIN env variable.
 
   Scenario: Check deployment is properly deployed in cloud-server,sso layers
-     Given s2i build https://github.com/redhat-developer/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
+     Given s2i build https://github.com/jfdenise/redhat-sso-quickstarts from . with env and true using 7.0.x-ose
        | variable               | value                                                                     |
        | ARTIFACT_DIR           | app-profile-jee-jsp/target    |
        | SSO_REALM              | demo                                                                      |
        | SSO_URL                | http://localhost:8080/auth    |
-       | MAVEN_ARGS_APPEND      | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND      | -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
        | GALLEON_PROVISION_LAYERS | datasources-web-server,sso |
     Then container log should contain Existing other application-security-domain is extended with support for keycloak
     Then container log should contain WFLYSRV0025
@@ -283,10 +283,10 @@ Feature: OpenShift EAP SSO tests
      Given XML namespaces
        | prefix | url                          |
        | ns     | urn:jboss:domain:keycloak:1.1 |
-     Given s2i build http://github.com/bdecoste/keycloak-examples using securedeployments
+     Given s2i build http://github.com/jfdenise/keycloak-examples using securedeployments
        | variable                   | value                                            |
        | ARTIFACT_DIR               | app-profile-jee/target |
-       | MAVEN_ARGS_APPEND          | -Dmaven.compiler.source=1.6 -Dmaven.compiler.target=1.6 |
+       | MAVEN_ARGS_APPEND          |-Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8  -Dversion.war.maven.plugin=3.3.2 |
        | GALLEON_PROVISION_LAYERS | datasources-web-server,sso |
     Then container log should contain Existing other application-security-domain is extended with support for keycloak
     Then container log should contain WFLYSRV0025
diff --git a/tests/features/variable_expansion.feature b/tests/features/variable_expansion.feature
index 14c9ff5d..a13b917a 100644
--- a/tests/features/variable_expansion.feature
+++ b/tests/features/variable_expansion.feature
@@ -39,6 +39,7 @@ Feature: Check correct variable expansion used
        | variable    | value         |
        | APP_DATADIR | configuration |
        | DATA_DIR    |               |
+       | MAVEN_ARGS_APPEND | -Dmaven.compiler.target=1.8 -Dmaven.compiler.source=1.8 -Dversion.war.plugin=3.3.2 |
     Then s2i build log should contain Copying app data from configuration to /opt/eap/standalone/data
     And run ls /opt/eap/standalone/data/standalone-openshift.xml in container and check its output for /opt/eap/standalone/data/standalone-openshift.xml
 
@@ -48,6 +49,7 @@ Feature: Check correct variable expansion used
        | variable    | value                         |
        | APP_DATADIR | modules/org/postgresql94/main |
        | DATA_DIR    | /tmp/test                     |
+       | MAVEN_ARGS_APPEND | -Dmaven.compiler.target=1.8 -Dmaven.compiler.source=1.8 -Dversion.war.plugin=3.3.2 |
     Then s2i build log should contain Copying app data from modules/org/postgresql94/main to /tmp/test...
      And run ls /tmp/test/module.xml in container and check its output for /tmp/test/module.xml
 
@@ -57,5 +59,6 @@ Feature: Check correct variable expansion used
        | variable    | value                         |
        | APP_DATADIR | modules/org/postgresql94/main |
        | DATA_DIR    | /tmp                          |
+       | MAVEN_ARGS_APPEND |  -Dmaven.compiler.target=1.8 -Dmaven.compiler.source=1.8 -Dversion.war.plugin=3.3.2 |
     Then s2i build log should contain Copying app data from modules/org/postgresql94/main to /tmp...
      And run ls /tmp/module.xml in container and check its output for /tmp/module.xml