From 5bb12cf6b4ec84d6cccfad14788335d825a223c8 Mon Sep 17 00:00:00 2001
From: ThilinaManamgoda <maanafunedu@gmail.com>
Date: Wed, 4 Apr 2018 22:55:22 +0530
Subject: [PATCH 1/4] 2.2.0 configurations

---
 .../datasources/analytics-datasources.xml     |  10 +-
 .../apim/repository/conf/api-manager.xml      |  98 +---
 .../apim/repository/conf/axis2/axis2.xml      |  36 +-
 .../apim/repository/conf/carbon.xml           |  14 +-
 .../apim/repository/conf/log4j.properties     | 220 -------
 .../apim/repository/conf/registry.xml         |  19 +-
 .../apim/repository/conf/user-mgt.xml         |  13 +-
 .../jaggeryapps/portal/configs/designer.json  | 124 ++--
 .../docker-compose.yml                        |  37 +-
 .../repository/conf/consent-mgt-config.xml    |  42 ++
 .../repository/conf/identity/identity.xml     | 542 ++++++++++++++----
 .../is-as-km/repository/conf/user-mgt.xml     |  13 +-
 .../mysql/scripts/apim_mysql5.7.sql           | 412 ++++++++++---
 .../mysql/scripts/carbon_mysql5.7.sql         |  13 +
 dockerfiles/apim-analytics/Dockerfile         |   2 +-
 dockerfiles/apim-analytics/README.md          |  16 +-
 dockerfiles/apim/Dockerfile                   |   2 +-
 dockerfiles/apim/README.md                    |  16 +-
 dockerfiles/is-as-km/Dockerfile               |   2 +-
 dockerfiles/is-as-km/README.md                |  14 +-
 dockerfiles/microgateway/Dockerfile           |  66 +++
 dockerfiles/microgateway/README.md            |  79 +++
 22 files changed, 1162 insertions(+), 628 deletions(-)
 delete mode 100644 docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/log4j.properties
 create mode 100644 docker-compose/APIM-ISasKM-with-Analytics/is-as-km/repository/conf/consent-mgt-config.xml
 create mode 100644 dockerfiles/microgateway/Dockerfile
 create mode 100644 dockerfiles/microgateway/README.md

diff --git a/docker-compose/APIM-ISasKM-with-Analytics/apim-analytics/repository/conf/datasources/analytics-datasources.xml b/docker-compose/APIM-ISasKM-with-Analytics/apim-analytics/repository/conf/datasources/analytics-datasources.xml
index 381dabca..57d01b07 100755
--- a/docker-compose/APIM-ISasKM-with-Analytics/apim-analytics/repository/conf/datasources/analytics-datasources.xml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/apim-analytics/repository/conf/datasources/analytics-datasources.xml
@@ -19,10 +19,11 @@
                     <driverClassName>com.mysql.jdbc.Driver</driverClassName>
                     <maxActive>50</maxActive>
                     <maxWait>60000</maxWait>
-                    <testOnBorrow>true</testOnBorrow>
                     <validationQuery>SELECT 1</validationQuery>
-                    <validationInterval>30000</validationInterval>
                     <defaultAutoCommit>false</defaultAutoCommit>
+                    <initialSize>0</initialSize>
+                    <testWhileIdle>true</testWhileIdle>
+                    <minEvictableIdleTimeMillis>4000</minEvictableIdleTimeMillis>
                     <defaultTransactionIsolation>READ_COMMITTED</defaultTransactionIsolation>
                 </configuration>
             </definition>
@@ -39,10 +40,11 @@
                     <driverClassName>com.mysql.jdbc.Driver</driverClassName>
                     <maxActive>50</maxActive>
                     <maxWait>60000</maxWait>
-                    <testOnBorrow>true</testOnBorrow>
                     <validationQuery>SELECT 1</validationQuery>
-                    <validationInterval>30000</validationInterval>
                     <defaultAutoCommit>false</defaultAutoCommit>
+                    <initialSize>0</initialSize>
+                    <testWhileIdle>true</testWhileIdle>
+                    <minEvictableIdleTimeMillis>4000</minEvictableIdleTimeMillis>
                     <defaultTransactionIsolation>READ_COMMITTED</defaultTransactionIsolation>
                 </configuration>
             </definition>
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/api-manager.xml b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/api-manager.xml
index c7296e75..674a7358 100755
--- a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/api-manager.xml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/api-manager.xml
@@ -56,8 +56,6 @@
              Token generation the implementation is provided in URLSafeJWTGenerator -->
         <!--<JWTGeneratorImpl>org.wso2.carbon.apimgt.keymgt.token.URLSafeJWTGenerator</JWTGeneratorImpl>-->
 
-        <!-- Remove UserName from JWT Token -->
-        <!-- <RemoveUserNameFromJWTForApplicationToken>true</RemoveUserNameFromJWTForApplicationToken>-->
     </JWTConfiguration>
 
     <!-- Primary/secondary login configuration for APIstore. If user likes to keep two login attributes in a distributed setup, to login the APIstore,
@@ -108,6 +106,15 @@
         <!-- This parameter specifies whether Recently Added APIs will be loaded from the cache or not.
              If there are multiple API modification during a short time period, better to disable cache. -->
         <EnableRecentlyAddedAPICache>false</EnableRecentlyAddedAPICache>
+        <!-- This parameter specifies whether scopes are taken from cache or not. If you are modifying application
+        subscriptions frequently, modifying the user roles frequently or updating the subscribed APIs frequently, it
+        is better to turn-off this cache-->
+        <EnableScopeCache>true</EnableScopeCache>
+        <!-- This indicates whether the role cache need to enabled in the publisher. If this is disabled, there will
+        be a call to key manager to all the calls to API publisher APIs. It is highly recommended to enable this
+        cache. However, if the system is in a state, where the role addition and deletion happens seamlessly, the
+        cache will be in in-valid state.-->
+        <EnablePublisherRoleCache>true</EnablePublisherRoleCache>
 	    <!-- JWT claims Cache expiry in seconds -->
         <!--JWTClaimCacheExpiry>900</JWTClaimCacheExpiry-->
         <!-- Expiry time for the apim key mgt validation info cache -->
@@ -190,7 +197,7 @@
             </ExecutionTime>
 	    <AlertTypes>
                 <Name>org.wso2.analytics.apim.alertStakeholderInfo</Name>
-                <Version>1.0.0</Version>
+                <Version>1.0.1</Version>
             </AlertTypes>
         </Streams>
 
@@ -216,7 +223,7 @@
              -If you need to start two API Manager instances in the same machine, you need to give different ports to "ThriftServerPort" value in two nodes.
              -ThriftServerHost - Allows to configure a hostname for the thrift server. It uses the carbon hostname by default.
 	         -The Gateway uses this parameter to connect to the key validation thrift service. -->
-        <KeyValidatorClientType>WSClient</KeyValidatorClientType>
+        <KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
         <ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
         <!--ThriftClientPort>10397</ThriftClientPort-->
 
@@ -249,6 +256,8 @@
     <OAuthConfigurations>
         <!-- Remove OAuth headers from outgoing message. -->
         <!--RemoveOAuthHeadersFromOutMessage>true</RemoveOAuthHeadersFromOutMessage-->
+        <!--Authorization header-->
+        <!--AuthorizationHeader>Authorization</AuthorizationHeader-->
         <!-- Scope used for marking Application Tokens. If a token is generated with this scope, they will be treated as Application Access Tokens -->
         <ApplicationTokenScope>am_application_scope</ApplicationTokenScope>
         <!-- All  scopes under the ScopeWhitelist element are not validating against roles that has assigned to it.
@@ -280,6 +289,7 @@
 
     <!-- API Store Related Configurations -->
     <APIStore>
+        <EnableMultipleGroupId>false</EnableMultipleGroupId>
         <!--GroupingExtractor>org.wso2.carbon.apimgt.impl.DefaultGroupIDExtractorImpl</GroupingExtractor-->
         <!--This property is used to indicate how we do user name comparision for token generation https://wso2.org/jira/browse/APIMANAGER-2225-->
         <CompareCaseInsensitively>true</CompareCaseInsensitively>
@@ -317,7 +327,7 @@
 
     <APIPublisher>
         <DisplayURL>false</DisplayURL>
-        <URL>https://localhost/publisher</URL>
+        <URL>https://localhost:${mgt.transport.https.port}/publisher</URL>
         <!-- This parameter specifies enabling the capability of setting API documentation level granular visibility levels.
              By default any document associate with an API will have the same permissions set as the API.With enabling below
              property,it will show two additional permission levels as visible only to all registered users in a particular
@@ -325,6 +335,8 @@
         <!--EnableAPIDocVisibilityLevels>true</EnableAPIDocVisibilityLevels-->
         <!-- Uncomment this to limit the number of APIs in api the API Publisher -->
         <!--APIsPerPage>30</APIsPerPage-->
+        <!-- This property need to be enabled to enable the publisher access control support -->
+        <EnableAccessControl>true</EnableAccessControl>
     </APIPublisher>
 
     <!-- Status observers can be registered against the API Publisher to listen for
@@ -336,46 +348,6 @@
         <Observer>org.wso2.carbon.apimgt.impl.observers.SimpleLoggingObserver</Observer>
     </StatusObservers-->
 
-    <!-- Use this configuration Create APIs at the Server startup -->
-    <StartupAPIPublisher>
-        <!-- Enable/Disable the API Startup Publisher -->
-        <Enabled>false</Enabled>
-
-        <!-- Configuration to create APIs for local endpoints.
-             Endpoint will be computed as http://${carbon.local.ip}:${mgt.transport.http.port}/Context.
-             Define many LocalAPI elements as below to create many APIs
-             for local Endpoints.
-             IconPath should be relative to CARBON_HOME. -->
-        <LocalAPIs>
-            <LocalAPI>
-                <Context>/resource</Context>
-                <Provider>admin</Provider>
-                <Version>1.0.0</Version>
-                <IconPath>none</IconPath>
-                <DocumentURL>none</DocumentURL>
-                <AuthType>Any</AuthType>
-            </LocalAPI>
-        </LocalAPIs>
-
-        <!-- Configuration to create APIs for remote endpoints.
-             When Endpoint need to be defined use this configuration.
-             Define many API elements as below to create many APIs
-             for external Endpoints.
-             If you do not need to add Icon or Documentation set
-             'none' as the value for IconPath & DocumentURL. -->
-        <!--APIs>
-            <API>
-                <Context>/resource</Context>
-                <Endpoint>http://localhost:9764/resource</Endpoint>
-                <Provider>admin</Provider>
-                <Version>1.0.0</Version>
-                <IconPath>none</IconPath>
-                <DocumentURL>none</DocumentURL>
-                <AuthType>Any</AuthType>
-            </API>
-        </APIs-->
-    </StartupAPIPublisher>
-
     <!-- Configuration to enable/disable sending CORS headers in the Gateway response
          and define the Access-Control-Allow-Origin header value.-->
     <CORSConfiguration>
@@ -571,13 +543,15 @@
     </RESTAPI>
     <ThrottlingConfigurations>
         <EnableAdvanceThrottling>true</EnableAdvanceThrottling>
-        <DataPublisher>
-            <Enabled>true</Enabled>
+        <TrafficManager>
             <Type>Binary</Type>
             <ReceiverUrlGroup>tcp://${carbon.local.ip}:${receiver.url.port}</ReceiverUrlGroup>
             <AuthUrlGroup>ssl://${carbon.local.ip}:${auth.url.port}</AuthUrlGroup>
             <Username>${admin.username}</Username>
             <Password>${admin.password}</Password>
+        </TrafficManager>
+        <DataPublisher>
+            <Enabled>true</Enabled>
             <DataPublisherPool>
                 <MaxIdle>1000</MaxIdle>
                 <InitIdleCapacity>200</InitIdleCapacity>
@@ -589,6 +563,7 @@
             </DataPublisherThreadPool>
         </DataPublisher>
         <PolicyDeployer>
+            <Enabled>true</Enabled>
             <ServiceURL>https://localhost:${mgt.transport.https.port}${carbon.context}services/</ServiceURL>
             <Username>${admin.username}</Username>
             <Password>${admin.password}</Password>
@@ -600,32 +575,16 @@
         </BlockCondition>
         <JMSConnectionDetails>
             <Enabled>true</Enabled>
-            <ServiceURL>tcp://${carbon.local.ip}:${jms.port}</ServiceURL>
-            <Username>${admin.username}</Username>
-            <Password>${admin.password}</Password>
             <Destination>throttleData</Destination>
             <!--InitDelay>300000</InitDelay-->
             <JMSConnectionParameters>
                 <transport.jms.ConnectionFactoryJNDIName>TopicConnectionFactory</transport.jms.ConnectionFactoryJNDIName>
                 <transport.jms.DestinationType>topic</transport.jms.DestinationType>
                 <java.naming.factory.initial>org.wso2.andes.jndi.PropertiesFileInitialContextFactory</java.naming.factory.initial>
-                <connectionfactory.TopicConnectionFactory>amqp://${jms.username}:${jms.password}@clientid/carbon?brokerlist='${jms.url}'</connectionfactory.TopicConnectionFactory>
+                <connectionfactory.TopicConnectionFactory>amqp://${admin.username}:${admin.password}@clientid/carbon?brokerlist='tcp://${carbon.local.ip}:${jms.port}'</connectionfactory.TopicConnectionFactory>
             </JMSConnectionParameters>
-            <JMSTaskManager>
-                <MinThreadPoolSize>20</MinThreadPoolSize>
-                <MaxThreadPoolSize>100</MaxThreadPoolSize>
-                <KeepAliveTimeInMillis>1000</KeepAliveTimeInMillis>
-                <JobQueueSize>10</JobQueueSize>
-            </JMSTaskManager>
         </JMSConnectionDetails>
-        <JMSEventPublisherParameters>
-                <java.naming.factory.initial>org.wso2.andes.jndi.PropertiesFileInitialContextFactory</java.naming.factory.initial>
-                <java.naming.provider.url>repository/conf/jndi.properties</java.naming.provider.url>
-                <transport.jms.DestinationType>topic</transport.jms.DestinationType>
-                <transport.jms.Destination>throttleData</transport.jms.Destination>
-                <transport.jms.ConcurrentPublishers>allow</transport.jms.ConcurrentPublishers>
-                <transport.jms.ConnectionFactoryJNDIName>TopicConnectionFactory</transport.jms.ConnectionFactoryJNDIName>
-        </JMSEventPublisherParameters>
+
         <!--DefaultLimits>
             <SubscriptionTierLimits>
                 <Gold>5000</Gold>
@@ -649,14 +608,15 @@
         <EnableJWTClaimConditions>false</EnableJWTClaimConditions>
         <EnableQueryParamConditions>false</EnableQueryParamConditions>
     </ThrottlingConfigurations>
+    
     <WorkflowConfigurations>
         <Enabled>false</Enabled>
     	<ServerUrl>https://localhost:9445/bpmn</ServerUrl>   		
     	<ServerUser>${admin.username}</ServerUser>
     	<ServerPassword>${admin.password}</ServerPassword>
-    	<WorkflowCallbackAPI>https://localhost:${mgt.transport.https.port}/api/am/publisher/v0.11/workflows/update-workflow-status</WorkflowCallbackAPI>
+    	<WorkflowCallbackAPI>https://localhost:${mgt.transport.https.port}/api/am/publisher/v0.12/workflows/update-workflow-status</WorkflowCallbackAPI>
         <TokenEndPoint>https://localhost:${https.nio.port}/token</TokenEndPoint>
-        <DCREndPoint>https://localhost:${mgt.transport.https.port}/client-registration/v0.11/register</DCREndPoint>
+        <DCREndPoint>https://localhost:${mgt.transport.https.port}/client-registration/v0.12/register</DCREndPoint>
         <DCREndPointUser>${admin.username}</DCREndPointUser>
         <DCREndPointPassword>${admin.password}</DCREndPointPassword>
     </WorkflowConfigurations>
@@ -668,8 +628,8 @@
             <ModelPackage>org.wso2.client.model.</ModelPackage>
             <ApiPackage>org.wso2.client.api.</ApiPackage>
             <!-- Configure supported languages/Frameworks as comma separated values,
-             Supported Languages/Frameworks : android, java, scala, csharp, cpp, dart, flash, go, groovy, javascript, jmeter,
-             nodejs, perl, php, python, ruby, swift, clojure, aspNet5, asyncScala, spring, csharpDotNet2, haskell-->
+             Supported Languages/Frameworks : android, java, scala, csharp, dart, flash, groovy, javascript, jmeter,
+             nodejs, perl, php, python, ruby, swift, clojure, asyncScala, csharpDotNet2-->
             <SupportedLanguages>java,android</SupportedLanguages>
         </ClientGeneration>
     </SwaggerCodegen>
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/axis2/axis2.xml b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/axis2/axis2.xml
index 6aa4d146..4cbe17c0 100644
--- a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/axis2/axis2.xml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/axis2/axis2.xml
@@ -168,14 +168,16 @@
                          class="org.apache.axis2.format.PlainTextFormatter"/>
 
         <!--JSON Message Formatters-->
-	<messageFormatter contentType="application/json"
-                          class="org.apache.synapse.commons.json.JsonFormatter"/>
+        <messageFormatter contentType="application/json"
+                          class="org.apache.synapse.commons.json.JsonStreamFormatter"/>
         <!--messageFormatter contentType="application/json"
-                          class="org.apache.synapse.commons.json.JsonStreamFormatter"/-->
+                          class="org.apache.synapse.commons.json.JsonFormatter"/-->
         <messageFormatter contentType="application/json/badgerfish"
                           class="org.apache.axis2.json.JSONBadgerfishMessageFormatter"/>
         <messageFormatter contentType="text/javascript"
                           class="org.apache.axis2.json.JSONMessageFormatter"/>
+        <messageFormatter contentType="application/octet-streaml" 
+                          class="org.wso2.carbon.relay.ExpandingMessageFormatter"/>
 
         <!-- See https://wso2.org/jira/browse/ESBJAVA-1725 before enabling bellow line -->
         <!--messageFormatter contentType=".*"
@@ -232,14 +234,17 @@
                         class="org.apache.axis2.format.PlainTextBuilder"/>
 
         <!--JSON Message Builders-->
-	<messageBuilder contentType="application/json"
-                        class="org.apache.synapse.commons.json.JsonBuilder"/>
+        <messageBuilder contentType="application/json"
+                        class="org.apache.synapse.commons.json.JsonStreamBuilder"/>
         <!--messageBuilder contentType="application/json"
-                        class="org.apache.synapse.commons.json.JsonStreamBuilder"/-->
+                        class="org.apache.synapse.commons.json.JsonBuilder"/-->
         <messageBuilder contentType="application/json/badgerfish"
                         class="org.apache.axis2.json.JSONBadgerfishOMBuilder"/>
         <messageBuilder contentType="text/javascript"
                         class="org.apache.axis2.json.JSONBuilder"/>
+        <messageBuilder contentType="application/octet-stream" 
+                        class="org.wso2.carbon.relay.BinaryRelayBuilder"/>
+
         <!--messageBuilder contentType="text/javascript"
                         class="org.apache.axis2.json.JSONStreamBuilder"/-->
 
@@ -543,7 +548,15 @@
                 <Password>wso2carbon</Password>
             </TrustStore>
         </parameter>
-        <parameter name="HostnameVerifier">AllowAll</parameter>>
+        <!-- ============================================== -->
+        <!-- Configuration for Dynamic SSL Profile loading. -->
+        <!-- Configured for 10 mins. -->
+        <!-- ============================================== -->
+        <parameter name="dynamicSSLProfilesConfig">
+            <filePath>repository/resources/security/sslprofiles.xml</filePath>
+            <fileReadInterval>600000</fileReadInterval>
+        </parameter>
+        <!--<parameter name="HostnameVerifier">AllowAll</parameter>-->
             <!--supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
     </transportSender>
 
@@ -601,6 +614,15 @@
         <parameter name="ws.outflow.dispatch.fault.sequence" locked="false">outflowFaultSeq</parameter>
     </transportSender>
 
+    <transportSender name="wss" class="org.wso2.carbon.websocket.transport.WebsocketTransportSender">
+        <parameter name="ws.outflow.dispatch.sequence" locked="false">outflowDispatchSeq</parameter>
+        <parameter name="ws.outflow.dispatch.fault.sequence" locked="false">outflowFaultSeq</parameter>
+        <parameter name="ws.trust.store" locked="false">
+            <ws.trust.store.location>repository/resources/security/client-truststore.jks</ws.trust.store.location>
+            <ws.trust.store.Password>wso2carbon</ws.trust.store.Password>
+        </parameter>
+    </transportSender>
+
     <!--<transportSender name="https"-->
                      <!--class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">-->
         <!--<parameter name="PROTOCOL">HTTP/1.1</parameter>-->
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/carbon.xml b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/carbon.xml
index 2e369a33..f0f9ba3a 100755
--- a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/carbon.xml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/carbon.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <!--
- Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@
     <!--
        Product Version
     -->
-    <Version>2.1.0</Version>
+    <Version>2.2.0</Version>
 
     <!--
        Host name or IP address of the machine hosting this server
@@ -574,16 +574,6 @@
         <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
     </DeploymentSynchronizer>
 
-    <!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync.
-        In master nodes you need to set both AutoCommit and AutoCheckout to true
-        and in  worker nodes set only AutoCheckout to true.
-    -->
-    <!--<DeploymentSynchronizer>
-        <Enabled>true</Enabled>
-        <AutoCommit>false</AutoCommit>
-        <AutoCheckout>true</AutoCheckout>
-    </DeploymentSynchronizer>-->
-
     <!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB -->
     <!--<MediationConfig>
         <LoadFromRegistry>false</LoadFromRegistry>
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/log4j.properties b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/log4j.properties
deleted file mode 100644
index 3119b407..00000000
--- a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/log4j.properties
+++ /dev/null
@@ -1,220 +0,0 @@
-#
-#  Copyright (c) 2005-2015, WSO2 Inc. (http://wso2.com) All Rights Reserved.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#        http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-#
-
-##
-# This is the log4j configuration file used by WSO2 AM
-# =====================================================
-#
-# IMPORTANT : Please do not remove or change the names of any of the Appenders defined here.
-# The layout pattern & log file can be changed using the WSO2 AM Management Console, and those
-# settings will override the settings in this file.
-##
-
-
-# the root category is ERROR (applies for all 3rd party JARs etc) and will be logged to the
-# LOG_APPENDER and the CONSOLE_APPENDER
-
-log4j.rootLogger=ERROR, CARBON_CONSOLE, CARBON_LOGFILE, CARBON_MEMORY, CARBON_SYS_LOG, ERROR_LOGFILE, DAS_AGENT
-
-log4j.logger.AUDIT_LOG=INFO, AUDIT_LOGFILE
-
-log4j.category.org.apache.synapse=INFO
-log4j.category.org.apache.synapse.transport=INFO
-log4j.category.org.apache.axis2=INFO
-log4j.category.org.apache.axis2.transport=INFO
-log4j.logger.com.atomikos=INFO,ATOMIKOS
-log4j.logger.org.quartz=WARN
-log4j.logger.org.wso2=INFO
-log4j.logger.org.wso2.carbon=INFO
-#log4j.category.org.apache.synapse.transport.nhttp.util=DEBUG
-#log4j.category.org.apache.http.impl.nio.reactor=DEBUG
-#log4j.logger.org.wso2.carbon.utils.deployment.ComponentBuilder=DEBUG
-#log4j.logger.org.wso2.carbon.utils.deployment.OSGiBundleDeployer=DEBUG
-log4j.logger.org.apache.catalina=WARN
-log4j.logger.org.apache.coyote=WARN
-log4j.logger.org.apache.axis2.enterprise=FATAL
-log4j.logger.de.hunsicker.jalopy.io=FATAL
-
-# uncomment the following logs to see HTTP headers and messages
-#log4j.logger.org.apache.synapse.transport.http.headers=DEBUG
-#log4j.logger.org.apache.synapse.transport.http.wire=DEBUG
-
-# qpid related logs for the message broker
-log4j.logger.qpid=WARN
-log4j.logger.org.apache.qpid=WARN
-log4j.logger.org.apache.qpid.server.Main=INFO
-log4j.logger.qpid.message=WARN
-log4j.logger.qpid.message.broker.listening=INFO
-log4j.logger.org.wso2.carbon.databridge.agent.thrift.AsyncDataPublisher=WARN
-
-# The console appender is used to display general information at console
-log4j.appender.CARBON_CONSOLE=org.wso2.carbon.utils.logging.appenders.CarbonConsoleAppender
-log4j.appender.CARBON_CONSOLE.layout=org.apache.log4j.PatternLayout
-log4j.appender.CARBON_CONSOLE.layout.ConversionPattern=[%d{ISO8601}] %5p - %c{1} %m%n
-
-# Configure the service logger at INFO level. Writes only run-time/mediation-time audit messages
-log4j.category.SERVICE_LOGGER=INFO, SERVICE_APPENDER
-log4j.additivity.SERVICE_LOGGER=false
-log4j.appender.SERVICE_APPENDER=org.apache.log4j.RollingFileAppender
-log4j.appender.SERVICE_APPENDER.File=${carbon.home}/repository/logs/${instance.log}/wso2-apigw-service${instance.log}.log
-log4j.appender.SERVICE_APPENDER.MaxFileSize=1000KB
-log4j.appender.SERVICE_APPENDER.MaxBackupIndex=10
-log4j.appender.SERVICE_APPENDER.layout=org.apache.log4j.PatternLayout
-log4j.appender.SERVICE_APPENDER.layout.ConversionPattern=%d{ISO8601} [%X{ip}-%X{host}] [%t] %5p %c{1} %m%n
-
-# The trace logger dumps enough information @INFO level, but maybe pushed upto TRACE.
-# Writes only run-time/mediation time tracing/debug messages for messages passing through trace
-# enabled sequences, mediators and services. Enabling tracing on these has a performance impact
-log4j.category.TRACE_LOGGER=INFO, TRACE_APPENDER, TRACE_MEMORYAPPENDER
-log4j.additivity.TRACE_LOGGER=false
-log4j.appender.TRACE_APPENDER=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.TRACE_APPENDER.File=${carbon.home}/repository/logs/${instance.log}/wso2-apigw-trace${instance.log}.log
-log4j.appender.TRACE_APPENDER.Append=true
-log4j.appender.TRACE_APPENDER.layout=org.apache.log4j.PatternLayout
-log4j.appender.TRACE_APPENDER.layout.ConversionPattern=%d{HH:mm:ss,SSS} [%X{ip}-%X{host}] [%t] %5p %c{1} %m%n
-
-# The memory appender for trace logger
-log4j.appender.TRACE_MEMORYAPPENDER=org.wso2.carbon.utils.logging.appenders.MemoryAppender
-log4j.appender.TRACE_MEMORYAPPENDER.bufferSize=2000
-log4j.appender.TRACE_MEMORYAPPENDER.layout=org.apache.log4j.PatternLayout
-log4j.appender.TRACE_MEMORYAPPENDER.layout.ConversionPattern=%d{HH:mm:ss,SSS} [%X{ip}-%X{host}] [%t] %5p %m%n
-
-# CARBON_LOGFILE is set to be a DailyRollingFileAppender using a PatternLayout.
-log4j.appender.CARBON_LOGFILE=org.wso2.carbon.utils.logging.appenders.CarbonDailyRollingFileAppender
-# Log file will be overridden by the configuration setting in the DB
-# This path should be relative to WSO2 Carbon Home
-log4j.appender.CARBON_LOGFILE.File=${carbon.home}/repository/logs/${instance.log}/wso2carbon${instance.log}.log
-log4j.appender.CARBON_LOGFILE.Append=true
-log4j.appender.CARBON_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
-# ConversionPattern will be overridden by the configuration setting in the DB
-log4j.appender.CARBON_LOGFILE.layout.ConversionPattern=TID: [%T] [%S] [%d] %P%5p {%c} - %x %m {%c}%n
-log4j.appender.CARBON_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
-log4j.appender.CARBON_LOGFILE.threshold=DEBUG
-
-# The standard error log where all the warnings, errors and fatal errors will be logged
-log4j.appender.ERROR_LOGFILE=org.apache.log4j.FileAppender
-log4j.appender.ERROR_LOGFILE.File=${carbon.home}/repository/logs/${instance.log}/wso2-apigw-errors.log
-log4j.appender.ERROR_LOGFILE.layout=org.apache.log4j.PatternLayout
-log4j.appender.ERROR_LOGFILE.layout.ConversionPattern=%d{ISO8601} [%X{ip}-%X{host}] [%t] %5p %c{1} %m%n
-log4j.appender.ERROR_LOGFILE.threshold=WARN
-
-# The memory appender for logging
-log4j.appender.CARBON_MEMORY=org.wso2.carbon.logging.service.appender.CarbonMemoryAppender
-log4j.appender.CARBON_MEMORY.bufferSize=2000
-log4j.appender.CARBON_MEMORY.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
-# ConversionPattern will be overridden by the configuration setting in the DB
-log4j.appender.CARBON_MEMORY.layout.ConversionPattern=TID: [%T] [%S] [%d] %P%5p {%c} - %x %m {%c}%n
-log4j.appender.CARBON_MEMORY.layout.TenantPattern=%U%@%D [%T] [%S]
-log4j.appender.CARBON_MEMORY.columnList=%T,%S,%A,%d,%c,%p,%m,%H,%I,%Stacktrace
-log4j.appender.CARBON_MEMORY.threshold=DEBUG
-
-# LOGEVENT is set to be a LogEventAppender using a PatternLayout to send logs to LOGEVENT
-log4j.appender.LOGEVENT=org.wso2.carbon.logging.appender.LogEventAppender
-log4j.appender.LOGEVENT.url=tcp://localhost:7611
-log4j.appender.LOGEVENT.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
-log4j.appender.LOGEVENT.columnList=%T,%S,%A,%d,%c,%p,%m,%I,%Stacktrace
-log4j.appender.LOGEVENT.userName=admin
-log4j.appender.LOGEVENT.password=admin
-log4j.appender.LOGEVENT.processingLimit=1000
-log4j.appender.LOGEVENT.maxTolerableConsecutiveFailure=20
-
-
-log4j.appender.CARBON_SYS_LOG = org.apache.log4j.net.SyslogAppender
-log4j.appender.CARBON_SYS_LOG.layout=org.apache.log4j.PatternLayout
-log4j.appender.CARBON_SYS_LOG.layout.ConversionPattern=[%d] %5p - %x %m {%c}%n
-log4j.appender.CARBON_SYS_LOG.SyslogHost=localhost
-log4j.appender.CARBON_SYS_LOG.Facility=USER
-log4j.appender.CARBON_SYS_LOG.threshold=DEBUG
-
-# LOGEVENT is set to be a LogEventAppender using a PatternLayout to send logs to LOGEVENT
-log4j.appender.LOGEVENT=org.wso2.carbon.logging.appender.LogEventAppender
-log4j.appender.LOGEVENT.url=tcp://localhost:7611
-log4j.appender.LOGEVENT.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
-log4j.appender.LOGEVENT.columnList=%T,%S,%A,%d,%c,%p,%m,%H,%I,%Stacktrace
-log4j.appender.LOGEVENT.userName=admin
-log4j.appender.LOGEVENT.password=admin
-
-log4j.logger.org.apache.directory.shared.ldap=WARN, CARBON_CONSOLE
-log4j.logger.org.apache.directory.server.ldap.handlers=WARN, CARBON_CONSOLE
-log4j.logger.org.apache.directory.shared.ldap.entry.DefaultServerAttribute=FATAL, CARBON_CONSOLE
-log4j.logger.org.apache.directory.shared.ldap.ldif.LdifReader=ERROR, CARBON_CONSOLE
-log4j.logger.org.apache.directory.server.ldap.LdapProtocolHandler=ERROR, CARBON_CONSOLE
-
-## Trace Logger configuration which will append to a XMPP chatroom or JID ##
-#log4j.appender.XMPP_APPENDER=org.wso2.carbon.utils.logging.IMAppender
-#log4j.appender.XMPP_APPENDER.host=jabber.org
-#log4j.appender.XMPP_APPENDER.username=wso2esb
-#log4j.appender.XMPP_APPENDER.password=wso2esb
-#log4j.appender.XMPP_APPENDER.recipient=ruwan@jabber.org
-#log4j.appender.XMPP_APPENDER.layout=org.apache.log4j.PatternLayout
-#log4j.appender.XMPP_APPENDER.layout.ConversionPattern=[%X{host}] [%t] %-5p [%d{HH:mm:ss,SSS}] %C{1} - %m%n
-
-# Appender config to AUDIT_LOGFILE
-log4j.appender.AUDIT_LOGFILE=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.AUDIT_LOGFILE.File=${carbon.home}/repository/logs/audit.log
-log4j.appender.AUDIT_LOGFILE.Append=true
-log4j.appender.AUDIT_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
-log4j.appender.AUDIT_LOGFILE.layout.ConversionPattern=[%d] %P%5p - %x %m %n
-log4j.appender.AUDIT_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
-log4j.appender.AUDIT_LOGFILE.threshold=INFO
-log4j.additivity.AUDIT_LOG=false
-
-# Appender config to send Atomikos transaction logs to new log file tm.out.
-log4j.appender.ATOMIKOS = org.apache.log4j.RollingFileAppender
-log4j.appender.ATOMIKOS.File = repository/logs/tm.out
-log4j.appender.ATOMIKOS.Append = true
-log4j.appender.ATOMIKOS.layout = org.apache.log4j.PatternLayout
-log4j.appender.ATOMIKOS.layout.ConversionPattern=%p %t %c - %m%n
-log4j.additivity.com.atomikos=false
-
-# DAS_AGENT is set to be a Custom Log Appender.
-log4j.appender.DAS_AGENT=org.wso2.carbon.analytics.shared.data.agents.log4j.appender.LogEventAppender
-# DAS_AGENT uses PatternLayout.
-log4j.appender.DAS_AGENT.layout=org.wso2.carbon.analytics.shared.data.agents.log4j.util.TenantAwarePatternLayout
-log4j.appender.DAS_AGENT.columnList=%D,%S,%A,%d,%c,%p,%m,%H,%I,%Stacktrace
-log4j.appender.DAS_AGENT.userName=admin
-log4j.appender.DAS_AGENT.password=admin
-log4j.appender.DAS_AGENT.url=tcp://am-analytics:7612
-log4j.appender.DAS_AGENT.maxTolerableConsecutiveFailure=5
-log4j.appender.DAS_AGENT.streamDef=loganalyzer:1.0.0
-log4j.logger.trace.messages=TRACE,CARBON_TRACE_LOGFILE
-
-# Appender config to CARBON_TRACE_LOGFILE
-log4j.appender.CARBON_TRACE_LOGFILE=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.CARBON_TRACE_LOGFILE.File=${carbon.home}/repository/logs/${instance.log}/wso2carbon-trace-messages${instance.log}.log
-log4j.appender.CARBON_TRACE_LOGFILE.Append=true
-log4j.appender.CARBON_TRACE_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
-log4j.appender.CARBON_TRACE_LOGFILE.layout.ConversionPattern=[%d] %P%5p {%c} - %x %m %n
-log4j.appender.CARBON_TRACE_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
-log4j.appender.CARBON_TRACE_LOGFILE.threshold=TRACE
-log4j.additivity.trace.messages=false
-
-
-# The event trace logger dumps enough information @INFO level, but maybe pushed upto TRACE.
-# Writes only run-time/event processing time tracing/debug messages for event passing through trace
-# enabled transport adapters event formatters, builders and processors. Enabling event tracing on these has a performance impact
-log4j.category.EVENT_TRACE_LOGGER=INFO, EVENT_TRACE_APPENDER, EVENT_TRACE_MEMORYAPPENDER
-log4j.additivity.EVENT_TRACE_LOGGER=false
-log4j.appender.EVENT_TRACE_APPENDER=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.EVENT_TRACE_APPENDER.File=${carbon.home}/repository/logs/${instance.log}/wso2-cep-trace${instance.log}.log
-log4j.appender.EVENT_TRACE_APPENDER.Append=true
-log4j.appender.EVENT_TRACE_APPENDER.layout=org.apache.log4j.PatternLayout
-log4j.appender.EVENT_TRACE_APPENDER.layout.ConversionPattern=%d{HH:mm:ss,SSS} [%X{ip}-%X{host}] [%t] %5p %c{1} %m%n
-# The memory appender for trace logger
-log4j.appender.EVENT_TRACE_MEMORYAPPENDER=org.wso2.carbon.utils.logging.appenders.MemoryAppender
-log4j.appender.EVENT_TRACE_MEMORYAPPENDER.bufferSize=2000
-log4j.appender.EVENT_TRACE_MEMORYAPPENDER.layout=org.apache.log4j.PatternLayout
-log4j.appender.EVENT_TRACE_MEMORYAPPENDER.layout.ConversionPattern=%d{HH:mm:ss,SSS} [%X{ip}-%X{host}] [%t] %5p %m%n
\ No newline at end of file
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/registry.xml b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/registry.xml
index dd0f0c87..a19c96e2 100644
--- a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/registry.xml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/registry.xml
@@ -144,11 +144,11 @@
 
 
     <!-- This handler use to index APIs when there change in Api artifact-->
-    <handler class="org.wso2.carbon.registry.indexing.IndexingHandler">
-            <filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
-                 <property name="mediaType">application/vnd.wso2-api+xml</property>
-            </filter>
-        </handler>
+    <handler class="org.wso2.carbon.apimgt.impl.handlers.CustomAPIIndexHandler">
+        <filter class = "org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
+            <property name="mediaType">application/vnd.wso2-api+xml</property>
+        </filter>
+    </handler>
 
    <!--This handler delete the subscription hierarcy generated in the notifications path when a subscription is deleted directly -->
 
@@ -243,6 +243,13 @@
     </filter>
    </handler>
 
+    <!--This handler hides the password of secure endpoints if specified, in an API-->
+    <!--handler class="org.wso2.carbon.apimgt.impl.handlers.APIEndpointPasswordRegistryHandler" methods="GET,PUT">
+        <filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
+            <property name="mediaType">application/vnd.wso2-api+xml</property>
+        </filter>
+    </handler-->
+
     <!--remoteInstance url="https://localhost:9443/registry">
 	<id>instanceid</id>
 	    <username>username</username>
@@ -280,6 +287,7 @@
     <!-- This defines index configuration which is used in meta data search feature of the registry -->
     <indexingConfiguration>
         <startIndexing>true</startIndexing>
+        <!--skipCache>true</skipCache-->
         <startingDelayInSeconds>35</startingDelayInSeconds>
         <indexingFrequencyInSeconds>3</indexingFrequencyInSeconds>
         <!--number of resources submit for given indexing thread -->
@@ -298,6 +306,7 @@
             <!--indexer class="org.wso2.carbon.governance.registry.extensions.indexers.RXTIndexer" mediaTypeRegEx="application/wsdl\+xml" profiles ="default,api-store,api-publisher"/>
             <indexer class="org.wso2.carbon.governance.registry.extensions.indexers.RXTIndexer" mediaTypeRegEx="application/x-xsd\+xml " profiles ="default,api-store,api-publisher"/>
             <indexer class="org.wso2.carbon.governance.registry.extensions.indexers.RXTIndexer" mediaTypeRegEx="application/policy\+xml" profiles ="default,api-store,api-publisher"/-->
+            <indexer class="org.wso2.carbon.apimgt.impl.indexing.indexer.CustomAPIIndexer" mediaTypeRegEx="application/vnd.wso2-api\+xml" profiles ="default,api-store,api-publisher"/>
             <indexer class="org.wso2.carbon.governance.registry.extensions.indexers.RXTIndexer" mediaTypeRegEx="application/vnd.(.)+\+xml" profiles ="default,api-store,api-publisher"/>
             <!--indexer class="org.wso2.carbon.registry.indexing.indexer.XMLIndexer" mediaTypeRegEx="application/(.)+\+xml"/>
             <indexer class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer" mediaTypeRegEx="text/(.)+"/>
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/user-mgt.xml b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/user-mgt.xml
index 9640e5f6..d6121e5c 100644
--- a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/user-mgt.xml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/user-mgt.xml
@@ -84,9 +84,9 @@
             <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
             <Property name="MembershipAttribute">member</Property>
             <Property name="BackLinksEnabled">false</Property>
-            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
             <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
-            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
             <Property name="SCIMEnabled">false</Property>
             <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
             <Property name="MultiAttributeSeparator">,</Property>
@@ -132,13 +132,13 @@
             <Property name="MemberOfAttribute">memberOf</Property>
             <Property name="BackLinksEnabled">true</Property>
             <Property name="Referral">follow</Property>
-            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
             <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
             <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
             <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
             <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
             <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
-            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
             <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
             <Property name="SCIMEnabled">false</Property>
             <Property name="IsBulkImportSupported">true</Property>
@@ -149,6 +149,7 @@
             <Property name="userAccountControl">512</Property>
             <Property name="MaxUserNameListLength">100</Property>     
             <Property name="MaxRoleNameListLength">100</Property>                     
+            <Property name="MembershipAttributeRange">1500</Property>
             <Property name="kdcEnabled">false</Property>
             <Property name="defaultRealmName">WSO2.ORG</Property>
             <Property name="UserRolesCacheEnabled">true</Property>
@@ -185,13 +186,13 @@
             <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
             <Property name="MembershipAttribute">member</Property>
             <Property name="BackLinksEnabled">false</Property>
-            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
             <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
             <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
             <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
             <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
             <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
-            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
             <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
             <Property name="SCIMEnabled">true</Property>
             <Property name="IsBulkImportSupported">true</Property>
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json
index e518e148..a76a0c62 100644
--- a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json
+++ b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json
@@ -1,66 +1,66 @@
 {
-    "store": {
-        "types": ["fs"]
-    },
-    "gadgetGeneration" :{
-        "isCreateGadgetEnable": false,
-        "ignoreProviders": ["rt"]
-    },
-    "authentication": {
-        "activeMethod": "basic",
-        "methods": {
-            "sso": {
-                "attributes": {
-                    "issuer": "portal",
-                    "identityProviderURL": "https://localhost:9443/samlsso",
-                    "responseSigningEnabled": "false",
-                    "acs": "https://localhost:9444/portal/acs",
-                    "identityAlias": "wso2carbon",
-                    "useTenantKey": false
-                }
-            },
-            "basic": {
-                "attributes": {}
-            }
+  "store": {
+    "types": ["fs"]
+  },
+  "gadgetGeneration" :{
+    "isCreateGadgetEnable": false,
+    "ignoreProviders": ["rt"]
+  },
+  "authentication": {
+    "activeMethod": "basic",
+    "methods": {
+      "sso": {
+        "attributes": {
+          "issuer": "portal",
+          "identityProviderURL": "https://localhost:9443/samlsso",
+          "responseSigningEnabled": "false",
+          "acs": "https://localhost:9444/portal/acs",
+          "identityAlias": "wso2carbon",
+          "useTenantKey": false
         }
-    },
-    "authorization": {
-        "activeMethod": "",
-        "methods": {
-            "oauth": {
-                "attributes": {
-                    "idPServer": "%https.ip%/oauth2/token",
-                    "dynamicClientProperties": {
-                        "callbackUrl": "%https.ip%/portal",
-                        "clientName": "portal",
-                        "owner": "admin",
-                        "applicationType": "JaggeryApp",
-                        "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer",
-                        "saasApp": false,
-                        "dynamicClientRegistrationEndPoint": "%https.ip%/dynamic-client-web/register/",
-                        "tokenScope": "Production"
-                    }
-                }
-            }
+      },
+      "basic": {
+        "attributes": {}
+      }
+    }
+  },
+  "authorization": {
+    "activeMethod": "",
+    "methods": {
+      "oauth": {
+        "attributes": {
+          "idPServer": "%https.ip%/oauth2/token",
+          "dynamicClientProperties": {
+            "callbackUrl": "%https.ip%/portal",
+            "clientName": "portal",
+            "owner": "admin",
+            "applicationType": "JaggeryApp",
+            "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer",
+            "saasApp": false,
+            "dynamicClientRegistrationEndPoint": "%https.ip%/dynamic-client-web/register/",
+            "tokenScope": "Production"
+          }
         }
-    },
-    "designers": [
-        "Internal/everyone"
-    ],
-    "tenantPrefix": "/t",
-    "shareStore": false,
-    "theme": "basic",
-    "cacheTimeoutSeconds": "5",
-    "cacheSizeBytes": "1073741824",
-    "defaultDashboardRedirect": false,
-    "isCreateGadgetEnable": true,
-    "oauth": {
-        "username": "admin",
-        "password": "admin"
-    },
-    "host": {
-        "hostname": "am-analytics",
-        "port": "",
-        "protocol": ""
+      }
     }
-}
+  },
+  "designers": [
+    "Internal/everyone"
+  ],
+  "tenantPrefix": "/t",
+  "shareStore": false,
+  "theme": "basic",
+  "cacheTimeoutSeconds": "5",
+  "cacheSizeBytes": "1073741824",
+  "defaultDashboardRedirect": false,
+  "isCreateGadgetEnable": true,
+  "oauth": {
+    "username": "admin",
+    "password": "admin"
+  },
+  "host": {
+    "hostname": "am-analytics",
+    "port": "",
+    "protocol": ""
+  }
+}
\ No newline at end of file
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/docker-compose.yml b/docker-compose/APIM-ISasKM-with-Analytics/docker-compose.yml
index e7baaee5..ac90fd57 100755
--- a/docker-compose/APIM-ISasKM-with-Analytics/docker-compose.yml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/docker-compose.yml
@@ -15,7 +15,7 @@ services:
       timeout: 60s
       retries: 5
   am-analytics:
-    image: docker.wso2.com/wso2am-analytics:2.1.0
+    image: wso2am-analytics:2.2.0
     ports:
       - "9444:9444"
       - "9764:9764"
@@ -29,12 +29,12 @@ services:
       mysql:
         condition: service_healthy
     volumes:
-      - ./apim-analytics/repository/conf/datasources/analytics-datasources.xml:/home/wso2carbon/wso2am-analytics-2.1.0/repository/conf/datasources/analytics-datasources.xml
-      - ./apim-analytics/repository/conf/datasources/stats-datasources.xml:/home/wso2carbon/wso2am-analytics-2.1.0/repository/conf/datasources/stats-datasources.xml
+      - ./apim-analytics/repository/conf/datasources/analytics-datasources.xml:/home/wso2carbon/wso2am-analytics-2.2.0/repository/conf/datasources/analytics-datasources.xml
+      - ./apim-analytics/repository/conf/datasources/stats-datasources.xml:/home/wso2carbon/wso2am-analytics-2.2.0/repository/conf/datasources/stats-datasources.xml
     links:
       - mysql
   is-as-km:
-    image: docker.wso2.com/wso2is-km:5.3.0
+    image: wso2is-km:5.5.0
     healthcheck:
       test: ["CMD", "curl", "-k", "-f", "https://localhost:9443/carbon/admin/login.jsp"]
       interval: 10s
@@ -46,9 +46,11 @@ services:
       am-analytics:
         condition: service_healthy  
     volumes:
-      - ./is-as-km/repository/conf/datasources/master-datasources.xml:/home/wso2carbon/wso2is-km-5.3.0/repository/conf/datasources/master-datasources.xml
-      - ./is-as-km/repository/conf/user-mgt.xml:/home/wso2carbon/wso2is-km-5.3.0/repository/conf/user-mgt.xml
-      - ./is-as-km/repository/conf/registry.xml:/home/wso2carbon/wso2is-km-5.3.0/repository/conf/registry.xml
+      - ./is-as-km/repository/conf/datasources/master-datasources.xml:/home/wso2carbon/wso2is-km-5.5.0/repository/conf/datasources/master-datasources.xml
+      - ./is-as-km/repository/conf/user-mgt.xml:/home/wso2carbon/wso2is-km-5.5.0/repository/conf/user-mgt.xml
+      - ./is-as-km/repository/conf/registry.xml:/home/wso2carbon/wso2is-km-5.5.0/repository/conf/registry.xml
+      - ./is-as-km/repository/conf/identity/identity.xml:/home/wso2carbon/wso2is-km-5.5.0/repository/conf/identity/identity.xml
+      - ./is-as-km/repository/conf/consent-mgt-config.xml:/home/wso2carbon/wso2is-km-5.5.0/repository/conf/consent-mgt-config.xml
     ports:
       - "9765:9763"
       - "9445:9443"
@@ -56,7 +58,7 @@ services:
       - mysql
       - am-analytics
   api-manager:
-    image: docker.wso2.com/wso2am:2.1.0
+    image: wso2am:2.2.0
     healthcheck:
       test: ["CMD", "curl", "-k", "-f", "https://localhost:9443/carbon/admin/login.jsp"]
       interval: 10s
@@ -70,16 +72,15 @@ services:
       is-as-km:
         condition: service_healthy
     volumes:
-      - ./apim/repository/conf/datasources/master-datasources.xml:/home/wso2carbon/wso2am-2.1.0/repository/conf/datasources/master-datasources.xml
-      - ./apim/repository/conf/api-manager.xml:/home/wso2carbon/wso2am-2.1.0/repository/conf/api-manager.xml
-      - ./apim/repository/conf/carbon.xml:/home/wso2carbon/wso2am-2.1.0/repository/conf/carbon.xml
-      - ./apim/repository/conf/user-mgt.xml:/home/wso2carbon/wso2am-2.1.0/repository/conf/user-mgt.xml
-      - ./apim/repository/conf/registry.xml:/home/wso2carbon/wso2am-2.1.0/repository/conf/registry.xml
-      - ./apim/repository/conf/tomcat/catalina-server.xml:/home/wso2carbon/wso2am-2.1.0/repository/conf/tomcat/catalina-server.xml
-      - ./apim/repository/conf/axis2/axis2.xml:/home/wso2carbon/wso2am-2.1.0/repository/conf/axis2/axis2.xml
-      - ./apim/bin/wso2server.sh:/home/wso2carbon/wso2am-2.1.0/bin/wso2server.sh
-      - ./apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json:/home/wso2carbon/wso2am-2.1.0/repository/deployment/server/jaggeryapps/portal/configs/designer.json
-      - ./apim/repository/conf/log4j.properties:/home/wso2carbon/wso2am-2.1.0/repository/conf/log4j.properties
+      - ./apim/repository/conf/datasources/master-datasources.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/datasources/master-datasources.xml
+      - ./apim/repository/conf/api-manager.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/api-manager.xml
+      - ./apim/repository/conf/carbon.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/carbon.xml
+      - ./apim/repository/conf/user-mgt.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/user-mgt.xml
+      - ./apim/repository/conf/registry.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/registry.xml
+      - ./apim/repository/conf/tomcat/catalina-server.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/tomcat/catalina-server.xml
+      - ./apim/repository/conf/axis2/axis2.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/axis2/axis2.xml
+      - ./apim/bin/wso2server.sh:/home/wso2carbon/wso2am-2.2.0/bin/wso2server.sh
+      - ./apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json:/home/wso2carbon/wso2am-2.2.0/repository/deployment/server/jaggeryapps/portal/configs/designer.json
     ports:
       - "9763:9763"
       - "9443:9443"
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/is-as-km/repository/conf/consent-mgt-config.xml b/docker-compose/APIM-ISasKM-with-Analytics/is-as-km/repository/conf/consent-mgt-config.xml
new file mode 100644
index 00000000..54f33f74
--- /dev/null
+++ b/docker-compose/APIM-ISasKM-with-Analytics/is-as-km/repository/conf/consent-mgt-config.xml
@@ -0,0 +1,42 @@
+<!--
+  ~ Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<ConsentManager xmlns="http://wso2.org/carbon/consent/management">
+    <DataSource>
+        <!-- Include a data source name (jndiConfigName) from the set of data sources defined in master-datasources
+        .xml -->
+        <Name>jdbc/CarbonDB</Name>
+    </DataSource>
+    <PIIController>
+        <PiiController>change-me</PiiController>
+        <Contact>change-me</Contact>
+        <Email>change-me</Email>
+        <Phone>change-me</Phone>
+        <OnBehalf>false</OnBehalf>
+        <PiiControllerUrl>change-me</PiiControllerUrl>
+        <Address>
+            <Country>change-me</Country>
+            <Locality>change-me</Locality>
+            <Region>change-me</Region>
+            <PostOfficeBoxNumber>change-me</PostOfficeBoxNumber>
+            <PostalCode>change-me</PostalCode>
+            <StreetAddress>change-me</StreetAddress>
+        </Address>
+    </PIIController>
+    <SearchLimits>
+        <Purpose>100</Purpose>
+    </SearchLimits>
+</ConsentManager>
\ No newline at end of file
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/is-as-km/repository/conf/identity/identity.xml b/docker-compose/APIM-ISasKM-with-Analytics/is-as-km/repository/conf/identity/identity.xml
index b5b51535..7c789552 100644
--- a/docker-compose/APIM-ISasKM-with-Analytics/is-as-km/repository/conf/identity/identity.xml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/is-as-km/repository/conf/identity/identity.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="ISO-8859-1"?>
 <!--
 ~ Copyright (c) 2011, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 ~
@@ -14,7 +14,9 @@
 ~ See the License for the specific language governing permissions and
 ~ limitations under the License.
  -->
+
 <Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
+
     <JDBCPersistenceManager>
         <DataSource>
             <!-- Include a data source name (jndiConfigName) from the set of data
@@ -33,18 +35,22 @@
                 <Enable>true</Enable>
                 <CleanUpTimeout>20160</CleanUpTimeout>
                 <CleanUpPeriod>1140</CleanUpPeriod>
+                <!--Instead of deleting all the records at once, we are deleting the records in chunks to prevent the -->
+                <!--possible deadlock and lock scenarios. The following property defines the chunk size.-->
+                <DeleteChunkSize>50000</DeleteChunkSize>
             </SessionDataCleanUp>
             <OperationDataCleanUp>
                 <Enable>true</Enable>
-                <CleanUpPeriod>720</CleanUpPeriod>
             </OperationDataCleanUp>
         </SessionDataPersist>
     </JDBCPersistenceManager>
+
     <!-- Time configurations are in minutes -->
     <TimeConfig>
         <SessionIdleTimeout>15</SessionIdleTimeout>
         <RememberMeTimeout>20160</RememberMeTimeout>
     </TimeConfig>
+
     <!-- Security configurations -->
     <Security>
         <!-- The directory under which all other KeyStore files will be stored -->
@@ -52,16 +58,18 @@
         <KeyManagerType>SunX509</KeyManagerType>
         <TrustManagerType>SunX509</TrustManagerType>
     </Security>
+
     <Identity>
         <IssuerPolicy>SelfAndManaged</IssuerPolicy>
         <TokenValidationPolicy>CertValidate</TokenValidationPolicy>
-        <BlackList/>
-        <WhiteList/>
+        <BlackList></BlackList>
+        <WhiteList></WhiteList>
         <System>
-            <KeyStore/>
-            <StorePass/>
+            <KeyStore></KeyStore>
+            <StorePass></StorePass>
         </System>
     </Identity>
+
     <OpenID>
         <!--
             Default values for OpenIDServerUrl and OpenIDUSerPattern are built in following format
@@ -84,19 +92,23 @@
                        ii.  PrivateAssociationCryptoStore
                        iii. PrivateAssociationReplicationStore
         -->
+
         <!-- Specify full qualified class name of the class which going to use as private association store -->
         <!-- 
 		<OpenIDPrivateAssociationStoreClass>org.wso2.carbon.identity.provider.openid.PrivateAssociationCryptoStore</OpenIDPrivateAssociationStoreClass>
 	-->
+
         <!-- The expiration time (in minutes) for the OpenID association -->
         <!--
 		<OpenIDAssociationExpiryTime>15</OpenIDAssociationExpiryTime>
 	-->
+
         <!-- Configs specific to PrivateAssociationCryptoStore -->
         <!-- Server secret. This value should be the same in all nodes in the cluster -->
         <!--
 		<OpenIDPrivateAssociationServerKey>qewlj324lmasc</OpenIDPrivateAssociationServerKey>
 	-->
+
         <!-- Configs specific to PrivateAssociationCryptoStore -->
         <!-- This enable private association cleanup task which cleans expired private associations -->
         <!--
@@ -107,11 +119,33 @@
 		<OpenIDAssociationCleanupPeriod>15</OpenIDAssociationCleanupPeriod>
 	-->
     </OpenID>
+
     <OAuth>
-        <AppInfoCacheTimeout>-1</AppInfoCacheTimeout>
-        <AuthorizationGrantCacheTimeout>-1</AuthorizationGrantCacheTimeout>
-        <SessionDataCacheTimeout>-1</SessionDataCacheTimeout>
-        <ClaimCacheTimeout>-1</ClaimCacheTimeout>
+        <!-- Specify the Token issuer class to be used.
+             Default: org.wso2.carbon.identity.oauth2.token.OauthTokenIssuerImpl.
+             Applicable values: org.wso2.carbon.identity.oauth2.token.JWTTokenIssuer
+        -->
+        <!--<IdentityOAuthTokenGenerator>org.wso2.carbon.identity.oauth2.token.JWTTokenIssuer</IdentityOAuthTokenGenerator>-->
+
+        <!-- True, if access token alias is stored in the database instead of access token.
+             Eg. token alias and token is same when default AccessTokenValueGenerator is used.
+             When JWTTokenIssuer is used, jti is used as the token alias
+             Default: true.
+             Applicable values: true,false
+        -->
+        <!--<PersistAccessTokenAlias>false</PersistAccessTokenAlias>-->
+
+        <!-- This configuration is used to specify the access token value generator.
+             Default: org.apache.oltu.oauth2.as.issuer.UUIDValueGenerator
+             Applicable values: org.apache.oltu.oauth2.as.issuer.UUIDValueGenerator,
+                                org.apache.oltu.oauth2.as.issuer.MD5Generator,
+                                org.wso2.carbon.identity.oauth.tokenvaluegenerator.SHA256Generator-->
+        <!--<AccessTokenValueGenerator>org.wso2.carbon.identity.oauth.tokenvaluegenerator.SHA256Generator</AccessTokenValueGenerator>-->
+
+        <!-- This configuration is used to specify whether the Service Provider tenant domain should be used when generating
+             access token. Otherwise user domain will be used. Currently this value is only supported by the JWTTokenIssuer.-->
+        <!--<UseSPTenantDomain>True</UseSPTenantDomain>-->
+
         <!--
             Default values for OAuth1RequestTokenUrl, OAuth1AccessTokenUrl, OAuth1AuthorizeUrl
             OAuth2AuthzEPUrl, OAuth2TokenEPUrl and OAuth2UserInfoEPUrl are built in following format
@@ -123,7 +157,7 @@
         <OAuth1AccessTokenUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth/access-token</OAuth1AccessTokenUrl>
         <OAuth2AuthzEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/authorize</OAuth2AuthzEPUrl>
         <OAuth2TokenEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</OAuth2TokenEPUrl>
-        <OAuth2RevokeEPUrll>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/revoke</OAuth2RevokeEPUrll>
+        <OAuth2RevokeEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/revoke</OAuth2RevokeEPUrl>
         <OAuth2IntrospectEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/introspect</OAuth2IntrospectEPUrl>
         <OAuth2UserInfoEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/userinfo</OAuth2UserInfoEPUrl>
         <OIDCCheckSessionEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oidc/checksession</OIDCCheckSessionEPUrl>
@@ -133,11 +167,14 @@
         <OIDCConsentPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_consent.do</OIDCConsentPage>
         <OIDCLogoutConsentPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_logout_consent.do</OIDCLogoutConsentPage>
         <OIDCLogoutPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/authenticationendpoint/oauth2_logout.do</OIDCLogoutPage>
+
         <OIDCWebFingerEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/.well-known/webfinger</OIDCWebFingerEPUrl>
+
         <!-- For tenants below urls will be modified as https://<hostname>:<port>/t/<tenant domain>/<path>-->
-        <OAuth2DCREPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/identity/connect/register</OAuth2DCREPUrl>
+        <OAuth2DCREPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/api/identity/oauth2/dcr/v1.0/register</OAuth2DCREPUrl>
         <OAuth2JWKSPage>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/jwks</OAuth2JWKSPage>
         <OIDCDiscoveryEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/oidcdiscovery</OIDCDiscoveryEPUrl>
+
         <!-- Default validity period for Authorization Code in seconds -->
         <AuthorizationCodeDefaultValidityPeriod>300</AuthorizationCodeDefaultValidityPeriod>
         <!-- Default validity period for application access tokens in seconds -->
@@ -147,19 +184,13 @@
         <!-- Validity period for refresh token -->
         <RefreshTokenValidityPeriod>84600</RefreshTokenValidityPeriod>
         <!-- Timestamp skew in seconds -->
-        <TimestampSkew>300</TimestampSkew>
-        <!-- Enable OAuth caching -->
-        <EnableOAuthCache>false</EnableOAuthCache>
+        <TimestampSkew>0</TimestampSkew>
         <!-- Enable renewal of refresh token for refresh_token grant -->
         <RenewRefreshTokenForRefreshGrant>true</RenewRefreshTokenForRefreshGrant>
         <!-- Process the token before storing it in database, e.g. encrypting -->
         <TokenPersistenceProcessor>org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor</TokenPersistenceProcessor>
-        <!-- Supported Client Authentication Methods -->
-        <ClientAuthHandlers>
-            <ClientAuthHandler Class="org.wso2.carbon.identity.oauth2.token.handlers.clientauth.BasicAuthClientAuthHandler">
-                <Property Name="StrictClientCredentialValidation">false</Property>
-            </ClientAuthHandler>
-        </ClientAuthHandlers>
+        <!-- If the user is a federated, user will not be able to access claims from local userstore even if the username matches -->
+        <MapFederatedUsersToLocal>false</MapFederatedUsersToLocal>
         <!-- Supported Response Types -->
         <SupportedResponseTypes>
             <SupportedResponseType>
@@ -196,6 +227,8 @@
             <SupportedGrantType>
                 <GrantTypeName>client_credentials</GrantTypeName>
                 <GrantTypeHandlerImplClass>org.wso2.carbon.apimgt.keymgt.handlers.ExtendedClientCredentialsGrantHandler</GrantTypeHandlerImplClass>
+                <IsRefreshTokenAllowed>false</IsRefreshTokenAllowed>
+                <IdTokenAllowed>false</IdTokenAllowed>
             </SupportedGrantType>
             <SupportedGrantType>
                 <GrantTypeName>urn:ietf:params:oauth:grant-type:saml2-bearer</GrantTypeName>
@@ -203,21 +236,73 @@
             </SupportedGrantType>
             <SupportedGrantType>
                 <GrantTypeName>iwa:ntlm</GrantTypeName>
-                <GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth.common.NTLMAuthenticationValidator</GrantTypeValidatorImplClass>
-                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandlerWithHandshake</GrantTypeHandlerImplClass>
+                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.token.handlers.grant.iwa.ntlm.NTLMAuthenticationGrantHandler</GrantTypeHandlerImplClass>
+            </SupportedGrantType>
+            <SupportedGrantType>
+                <GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
+                <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler</GrantTypeHandlerImplClass>
+                <GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
             </SupportedGrantType>
         </SupportedGrantTypes>
+
+        <!--
+            Defines the grant types that will filter user claims based on user consent in their responses such as
+            id_token or user info response.
+
+            Default grant types that filter user claims based on user consent are 'authorization_code' and 'implicit'.
+
+            Supported versions: IS 5.5.0 onwards.
+        -->
+        <UserConsentEnabledGrantTypes>
+            <UserConsentEnabledGrantType>
+                <GrantTypeName>authorization_code</GrantTypeName>
+            </UserConsentEnabledGrantType>
+            <UserConsentEnabledGrantType>
+                <GrantTypeName>implicit</GrantTypeName>
+            </UserConsentEnabledGrantType>
+        </UserConsentEnabledGrantTypes>
+
         <OAuthCallbackHandlers>
             <OAuthCallbackHandler Class="org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler"/>
         </OAuthCallbackHandlers>
         <OAuthScopeValidator class="org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator"/>
-        <!--TokenValidators>
+        <TokenValidators>
             <TokenValidator type="bearer" class="org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator"/>
-        </TokenValidators-->
+            <TokenValidator type="jwt" class="org.wso2.carbon.identity.oauth2.validators.OAuth2JWTTokenValidator"/>
+        </TokenValidators>
+
+        <!-- Scope validators list. The validators registered here wil be executed during token validation. -->
+        <ScopeValidators>
+            <ScopeValidator class="org.wso2.carbon.identity.oauth2.validators.JDBCScopeValidator" />
+            <ScopeValidator class="org.wso2.carbon.identity.oauth2.validators.xacml.XACMLScopeValidator"/>
+        </ScopeValidators>
+
+        <!-- Scope handlers list. The handlers registered here will be executed at the scope validation phase while
+             issuing access tokens. -->
+        <ScopeHandlers>
+            <ScopeHandler class="org.wso2.carbon.identity.oauth2.validators.OIDCScopeHandler" />
+        </ScopeHandlers>
+
         <!-- Assertions can be used to embedd parameters into access token. -->
         <EnableAssertions>
             <UserName>false</UserName>
         </EnableAssertions>
+
+
+        <!-- This should be true if subject identifier in the token validation response needs to adhere to the
+        following SP configuration.
+
+        - Use tenant domain in local subject identifier.
+        - Use user store domain in local subject identifier.
+
+        if the value is false, subject identifier will be set as the fully qualified username.
+
+        Default value : false
+
+        Supported versions: IS 5.4.0 beta onwards
+        -->
+        <!--<BuildSubjectIdentifierFromSPConfig>true</BuildSubjectIdentifierFromSPConfig>-->
+
         <!-- This should be set to true when using multiple user stores and keys
             should saved into different tables according to the user store. By default
             all the application keys are saved in to the same table. UserName Assertion
@@ -227,9 +312,7 @@
             provide 'A:foo.com', foo.com should be the user store domain name and 'A'
             represent the relavant mapping of token store table, i.e. tokens will be
             added to a table called IDN_OAUTH2_ACCESS_TOKEN_A. -->
-        <AccessTokenPartitioningDomains>
-            <!-- A:foo.com, B:bar.com -->
-        </AccessTokenPartitioningDomains>
+        <AccessTokenPartitioningDomains><!-- A:foo.com, B:bar.com --></AccessTokenPartitioningDomains>
         <AuthorizationContextTokenGeneration>
             <Enabled>false</Enabled>
             <TokenGeneratorImplClass>org.wso2.carbon.identity.oauth2.authcontext.JWTTokenGenerator</TokenGeneratorImplClass>
@@ -238,16 +321,46 @@
             <SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
             <AuthorizationContextTTL>15</AuthorizationContextTTL>
         </AuthorizationContextTokenGeneration>
+
         <SAML2Grant>
             <!--SAML2TokenHandler></SAML2TokenHandler-->
+            <!-- UserType conifg decides whether the SAML assertion carrying user is local user or a federated user.
+            Only Local Users can access claims from local userstore. LEGACY users will have to have tenant domain appended username.
+            They will not be able to access claims from local userstore. To get claims by mapping users with exact same username from local
+            userstore (for non LOCAL scenarios) use mapFederatedUsersToLocal config -->
+            <!--<UserType>LOCAL</UserType>-->
+            <UserType>FEDERATED</UserType>
+            <!--UserType>LEGACY</UserType-->
         </SAML2Grant>
+
         <OpenIDConnect>
             <IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
             <SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
+
+            <!-- Default asymmetric encryption algorithm that used to encrypt CEK. -->
+            <IDTokenEncryptionAlgorithm>RSA-OAEP</IDTokenEncryptionAlgorithm>
+            <!-- Default symmetric encryption algorithm that used to encrypt JWT claims set. -->
+            <IDTokenEncryptionMethod>A128GCM</IDTokenEncryptionMethod>
+
+            <!-- Supported versions: IS 5.5.0 onwards. -->
+            <SupportedIDTokenEncryptionAlgorithms>
+                <SupportedIDTokenEncryptionAlgorithm>RSA1_5</SupportedIDTokenEncryptionAlgorithm>
+                <SupportedIDTokenEncryptionAlgorithm>RSA-OAEP</SupportedIDTokenEncryptionAlgorithm>
+            </SupportedIDTokenEncryptionAlgorithms>
+            <SupportedIDTokenEncryptionMethods>
+                <SupportedIDTokenEncryptionMethod>A128GCM</SupportedIDTokenEncryptionMethod>
+                <SupportedIDTokenEncryptionMethod>A192GCM</SupportedIDTokenEncryptionMethod>
+                <SupportedIDTokenEncryptionMethod>A256GCM</SupportedIDTokenEncryptionMethod>
+                <SupportedIDTokenEncryptionMethod>A128CBC-HS256</SupportedIDTokenEncryptionMethod>
+                <SupportedIDTokenEncryptionMethod>A128CBC+HS256</SupportedIDTokenEncryptionMethod>
+            </SupportedIDTokenEncryptionMethods>
+
+            <EnableAudiences>true</EnableAudiences>
             <!-- Comment out to add Audience values to the JWT token (id_token)  -->
             <!--Audiences>
                    <Audience>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</Audience>
             </Audiences -->
+
             <!--
                 Default value for IDTokenIssuerID, is OAuth2TokenEPUrl.
                 If that doesn't satisfy uncomment the following config and explicitly configure the value
@@ -255,13 +368,46 @@
             <IDTokenIssuerID>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</IDTokenIssuerID>
             <IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
             <IDTokenExpiration>3600</IDTokenExpiration>
+            <UserInfoJWTSignatureAlgorithm>SHA256withRSA</UserInfoJWTSignatureAlgorithm>
             <UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
             <UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
             <UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
             <UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
             <SkipUserConsent>false</SkipUserConsent>
+            <!-- Sign the ID Token with Service Provider Tenant Private Key-->
+            <SignJWTWithSPKey>false</SignJWTWithSPKey>
+            <!--
+                Expiry period of the logout token used in OIDC Back Channel Logout in seconds.
+                Supported versions: IS 5.5.0 onwards
+            -->
+            <LogoutTokenExpiration>120</LogoutTokenExpiration>
+
+            <!--
+                OIDC Request Object builder implementation.
+                Supported versions: IS 5.4.0 onwards
+            -->
+            <RequestObjectBuilders>
+                <RequestObjectBuilder>
+                    <Type>request_param_value_builder</Type>
+                    <ClassName>org.wso2.carbon.identity.openidconnect.RequestParamRequestObjectBuilder</ClassName>
+                </RequestObjectBuilder>
+            </RequestObjectBuilders>
+
+            <!--
+                OIDC Request Object validator implementation.
+                Supported versions: IS 5.4.0 onwards
+            -->
+            <RequestObjectValidator>org.wso2.carbon.identity.openidconnect.RequestObjectValidatorImpl</RequestObjectValidator>
         </OpenIDConnect>
+
+        <!-- Configs related to OAuth2 token persistence -->
+        <TokenPersistence>
+            <Enable>true</Enable>
+            <PoolSize>0</PoolSize>
+            <RetryCount>5</RetryCount>
+        </TokenPersistence>
     </OAuth>
+
     <MultifactorAuthentication>
         <!--Enable>false</Enable-->
         <XMPPSettings>
@@ -275,9 +421,8 @@
             </XMPPConfig>
         </XMPPSettings>
     </MultifactorAuthentication>
+
     <SSOService>
-        <PersistanceCacheTimeout>157680000</PersistanceCacheTimeout>
-        <SessionIndexCacheTimeout>157680000</SessionIndexCacheTimeout>
         <EntityId>${carbon.host}</EntityId>
         <!--
             Default value for IdentityProviderURL is  built in following format
@@ -298,13 +443,22 @@
         <SAMLSSOSigner>org.wso2.carbon.identity.sso.saml.builders.signature.DefaultSSOSigner</SAMLSSOSigner>
         <SAML2HTTPRedirectSignatureValidator>org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectDeflateSignatureValidator</SAML2HTTPRedirectSignatureValidator>
         <!--SAMLSSOResponseBuilder>org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder</SAMLSSOResponseBuilder-->
+
         <!-- SAML Token validity period in minutes -->
         <SAMLResponseValidityPeriod>5</SAMLResponseValidityPeriod>
         <UseAuthenticatedUserDomainCrypto>false</UseAuthenticatedUserDomainCrypto>
         <SAMLDefaultSigningAlgorithmURI>http://www.w3.org/2000/09/xmldsig#rsa-sha1</SAMLDefaultSigningAlgorithmURI>
         <SAMLDefaultDigestAlgorithmURI>http://www.w3.org/2000/09/xmldsig#sha1</SAMLDefaultDigestAlgorithmURI>
+        <SAMLDefaultAssertionEncryptionAlgorithmURI>http://www.w3.org/2001/04/xmlenc#aes256-cbc</SAMLDefaultAssertionEncryptionAlgorithmURI>
+        <SAMLDefaultKeyEncryptionAlgorithmURI>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</SAMLDefaultKeyEncryptionAlgorithmURI>
         <SLOHostNameVerificationEnabled>true</SLOHostNameVerificationEnabled>
     </SSOService>
+
+    <Consent>
+        <!--Specify whether consent management should be enable during SSO.-->
+        <EnableSSOConsentManagement>false</EnableSSOConsentManagement>
+    </Consent>
+
     <SecurityTokenService>
         <!--
             Default value for IdentityProviderURL is  built in following format
@@ -313,6 +467,7 @@
         -->
         <IdentityProviderURL>${carbon.protocol}://${carbon.host}:${carbon.management.port}/services/wso2carbon-sts</IdentityProviderURL>
     </SecurityTokenService>
+
     <PassiveSTS>
         <!--
             Default value for IdentityProviderURL is  built in following format
@@ -324,6 +479,7 @@
         <TokenStoreClassName>org.wso2.carbon.identity.sts.passive.utils.NoPersistenceTokenStore</TokenStoreClassName>
         <SLOHostNameVerificationEnabled>true</SLOHostNameVerificationEnabled>
     </PassiveSTS>
+
     <EntitlementSettings>
         <ThirftBasedEntitlementConfig>
             <EnableThriftService>false</EnableThriftService>
@@ -337,6 +493,7 @@
             <ThriftHostName>${carbon.host}</ThriftHostName>
         </ThirftBasedEntitlementConfig>
     </EntitlementSettings>
+
     <SCIM>
         <!--
             Default value for UserEPUrl and GroupEPUrl are built in following format
@@ -356,8 +513,25 @@
                 <Property name="UserName">admin</Property>
                 <Property name="Password">admin</Property-->
             </Authenticator>
+
+            <!-- Flag to indicate advanced complex multiValued attributes support enabled or not.
+            Default value : false
+            Supported versions: IS 5.5.0 beta onwards
+            -->
+            <!--<ComplexMultiValuedAttributeSupportEnabled>true</ComplexMultiValuedAttributeSupportEnabled>-->
         </SCIMAuthenticators>
     </SCIM>
+
+    <SCIM2>
+        <!--
+            Default value for UserEPUrl and GroupEPUrl are built in following format
+            https://<HostName>:<MgtTrpProxyPort except 443>/<ProxyContextPath>/<context>/<path>
+            If that doesn't satisfy uncomment the following config and explicitly configure the value
+        -->
+        <!--UserEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/scim2/Users</UserEPUrl-->
+        <!--GroupEPUrl>${carbon.protocol}://${carbon.host}:${carbon.management.port}/scim2/Groups</GroupEPUrl-->
+    </SCIM2>
+
     <!--Recovery>
         <Notification>
             <Password>
@@ -367,8 +541,8 @@
                 <Enable>false</Enable>
             </Username>
             <InternallyManage>true</InternallyManage>
-        </Notification>
-        <Question>
+       </Notification>
+       <Question>
             <Password>
                 <Enable>false</Enable>
                 <NotifyStart>false</NotifyStart>
@@ -380,7 +554,7 @@
                 </ReCaptcha>
             </Password>
         </Question>
-        <ExpiryTime>3</ExpiryTime>
+        <ExpiryTime>1440</ExpiryTime>
         <NotifySuccess>false</NotifySuccess>
         <AdminPasswordReset>
             <Offline>false</Offline>
@@ -391,123 +565,275 @@
 
     <EmailVerification>
         <Enable>false</Enable>
+	    <ExpiryTime>1440</ExpiryTime>
         <LockOnCreation>true</LockOnCreation>
         <Notification>
             <InternallyManage>true</InternallyManage>
         </Notification>
+        <AskPassword>
+	        <ExpiryTime>1440</ExpiryTime>
+	        <PasswordGenerator>org.wso2.carbon.user.mgt.common.DefaultPasswordGenerator</PasswordGenerator>
+        </AskPassword>
     </EmailVerification>
 
     <SelfRegistration>
         <Enable>false</Enable>
-        <LockOnCreation>false</LockOnCreation>
+        <LockOnCreation>true</LockOnCreation>
         <Notification>
             <InternallyManage>true</InternallyManage>
         </Notification>
-        <ReCaptcha>false</ReCaptcha>
+        <ReCaptcha>true</ReCaptcha>
+	<VerificationCode>
+	    <ExpiryTime>1440</ExpiryTime>
+	</VerificationCode>
     </SelfRegistration-->
+
+    <EnableAskPasswordAdminUI>true</EnableAskPasswordAdminUI>
+
+    <EnableRecoveryEndpoint>true</EnableRecoveryEndpoint>
+    <EnableSelfSignUpEndpoint>true</EnableSelfSignUpEndpoint>
+
+    <AuthenticationPolicy>
+        <CheckAccountExist>true</CheckAccountExist>
+    </AuthenticationPolicy>
+
     <EventListeners>
-        <EventListener enable="true"
-            name="org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener"
-            orderId="10" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
-        <EventListener enable="false"
-            name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener"
-            orderId="50" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
-        <EventListener enable="true"
-            name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener"
-            orderId="95" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
-        <EventListener enable="true"
-            name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener"
-            orderId="90" type="org.wso2.carbon.user.core.listener.UserOperationEventListener"/>
-        <EventListener enable="true"
-            name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener"
-            orderId="97" type="org.wso2.carbon.user.core.listener.UserOperationEventListener">
+        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
+                       name="org.wso2.carbon.user.mgt.workflow.userstore.UserStoreActionListener"
+                       orderId="10" enable="true"/>
+        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
+                       name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener"
+                       orderId="50" enable="false"/>
+        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
+                       name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener"
+                       orderId="90" enable="true"/>
+        <!-- Enable the following SCIM2 event listener and disable the above SCIM event listener if SCIM2 is used. -->
+        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
+                       name="org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener"
+                       orderId="93" enable="false"/>
+        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
+                       name="org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener"
+                       orderId="95" enable="true"/>
+        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener"
+                       orderId="97" enable="true">
             <Property name="Data.Store">org.wso2.carbon.identity.governance.store.JDBCIdentityDataStore</Property>
         </EventListener>
-        <EventListener enable="false"
-            name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl"
-            orderId="10" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/>
-        <EventListener enable="false"
-            name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl"
-            orderId="11" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/>
-        <EventListener enable="true"
-            name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy"
-            orderId="11" type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"/>
+        <EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
+                       name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl"
+                       orderId="10" enable="false"/>
+        <EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
+                       name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl"
+                       orderId="11" enable="false"/>
+        <EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
+                       name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy"
+                       orderId="11" enable="true"/>
+
+        <!-- Enable this listener to call DeleteEventRecorders. -->
+        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
+                       name="org.wso2.carbon.user.mgt.listeners.UserDeletionEventListener"
+                       orderId="98" enable="false"/>
+        <EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
+                       name="org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.consent.ConsentMgtPostAuthnHandler"
+                       orderId="110" enable="true"/>
     </EventListeners>
+
+    <!-- These recorders are used to write user delete information to specific sources. Default event recorder is CSV
+     file recorder. This recorder is disabled by default. Enable it by setting enable="true". To run these recorders,
+     EventListener "rg.wso2.carbon.user.mgt.listeners.UserDeletionEventListener" also should be enabled. Which is
+     also disabled by default. -->
+    <UserDeleteEventRecorders>
+        <UserDeleteEventRecorder name="org.wso2.carbon.user.mgt.recorder.DefaultUserDeletionEventRecorder" enable="false">
+            <!-- Un comment below line if you need to write entries to a separate .csv file. Otherwise this will be
+            written in to a log file using a separate appender. -->
+            <!--<Property name="path">${carbon.home}/repository/logs/delete-records.csv</Property>-->
+        </UserDeleteEventRecorder>
+    </UserDeleteEventRecorders>
+
     <CacheConfig>
+        <!-- Identity cache configuration.
+             Timeouts are in seconds.
+             Capacity is the maximum cache size.
+             Unless specifically mentioned, you do not need to set the isDistributed flag.
+         -->
         <CacheManager name="IdentityApplicationManagementCacheManager">
-            <Cache capacity="5000" enable="false" isDistributed="false"
-                name="AppAuthFrameworkSessionContextCache" timeout="1"/>
-            <Cache capacity="5000" enable="false" isDistributed="false"
-                name="AuthenticationContextCache" timeout="1"/>
-            <Cache capacity="5000" enable="false" isDistributed="false"
-                name="AuthenticationRequestCache" timeout="1"/>
-            <Cache capacity="5000" enable="false" isDistributed="false"
-                name="AuthenticationResultCache" timeout="1"/>
-            <Cache capacity="5000" enable="true" isDistributed="false"
-                name="AppInfoCache" timeout="1"/>
-            <Cache capacity="5000" enable="false" isDistributed="false"
-                name="AuthorizationGrantCache" timeout="1"/>
-            <Cache capacity="5000" enable="false" isDistributed="false"
-                name="OAuthCache" timeout="1"/>
-            <Cache capacity="5000" enable="false" isDistributed="false"
-                name="OAuthSessionDataCache" timeout="1"/>
-            <Cache capacity="5000" enable="false" isDistributed="false"
-                name="SAMLSSOParticipantCache" timeout="1"/>
-            <Cache capacity="5000" enable="false" isDistributed="false"
-                name="SAMLSSOSessionIndexCache" timeout="1"/>
-            <Cache capacity="5000" enable="false" isDistributed="false"
-                name="SAMLSSOSessionDataCache" timeout="1"/>
-            <Cache capacity="5000" enable="true" isDistributed="false"
-                name="ServiceProviderCache" timeout="1"/>
-            <Cache capacity="5000" enable="true" isDistributed="false"
-                name="ProvisioningConnectorCache" timeout="1"/>
-            <Cache capacity="5000" enable="false" isDistributed="false"
-                name="ProvisioningEntityCache" timeout="1"/>
-            <Cache capacity="5000" enable="true" isDistributed="false"
-                name="ServiceProviderProvisioningConnectorCache" timeout="1"/>
-            <Cache capacity="5000" enable="true" isDistributed="false"
-                name="IdPCacheByAuthProperty" timeout="1"/>
-            <Cache capacity="5000" enable="true" isDistributed="false"
-                name="IdPCacheByHRI" timeout="1"/>
-            <Cache capacity="5000" enable="true" isDistributed="false"
-                name="IdPCacheByName" timeout="1"/>
+            <Cache name="AppAuthFrameworkSessionContextCache"
+                                                     enable="true" timeout="300" capacity="5000" isDistributed="false"/>
+            <Cache name="AuthenticationContextCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
+            <Cache name="AuthenticationRequestCache" enable="true" timeout="300" capacity="5000" isDistributed="false"/>
+            <Cache name="AuthenticationResultCache"  enable="true" timeout="300" capacity="5000" isDistributed="false"/>
+            <Cache name="AppInfoCache"               enable="true"  timeout="900" capacity="5000" isDistributed="false"/>
+            <Cache name="AuthorizationGrantCache"    enable="true" timeout="300" capacity="5000" isDistributed="false"/>
+            <Cache name="OAuthCache"                 enable="true" timeout="300" capacity="5000" isDistributed="false"/>
+            <Cache name="OAuthScopeCache"            enable="true"  timeout="300" capacity="5000" isDistributed="false"/>
+            <Cache name="OAuthSessionDataCache"      enable="true" timeout="300" capacity="5000" isDistributed="false"/>
+            <Cache name="SAMLSSOParticipantCache"    enable="true" timeout="300" capacity="5000" isDistributed="false"/>
+            <Cache name="SAMLSSOSessionIndexCache"   enable="true" timeout="300" capacity="5000" isDistributed="false"/>
+            <Cache name="SAMLSSOSessionDataCache"    enable="true" timeout="300" capacity="5000" isDistributed="false"/>
+            <Cache name="ServiceProviderCache"       enable="true"  timeout="900" capacity="5000" isDistributed="false"/>
+            <Cache name="ProvisioningConnectorCache" enable="true"  timeout="900" capacity="5000" isDistributed="false"/>
+            <Cache name="ProvisioningEntityCache"    enable="true" timeout="900" capacity="5000" isDistributed="false"/>
+            <Cache name="ServiceProviderProvisioningConnectorCache" enable="true"  timeout="900" capacity="5000" isDistributed="false"/>
+            <Cache name="IdPCacheByAuthProperty"     enable="true"  timeout="900" capacity="5000" isDistributed="false"/>
+            <Cache name="IdPCacheByHRI"              enable="true"  timeout="900" capacity="5000" isDistributed="false"/>
+            <Cache name="IdPCacheByName"             enable="true"  timeout="900" capacity="5000" isDistributed="false"/>
         </CacheManager>
     </CacheConfig>
+
     <!--Cookies>
         <Cookie name="commonAuthId" domain="localhost" httpOnly="true" secure="true" />
     </Cookies-->
+
+
     <ResourceAccessControl>
-        <Resource context="(.*)/api/identity/user/(.*)" http-method="all" secured="true"/>
-        <Resource context="(.*)/api/identity/recovery/(.*)" http-method="all" secured="true"/>
-        <Resource context="(.*)/.well-known(.*)" http-method="all" secured="true"/>
-        <Resource context="(.*)/identity/register(.*)" http-method="all" secured="true">
+        <Resource context="(.*)/api/identity/user/v1.0/validate-code" secured="true" http-method="all"/>
+        <Resource context="(.*)/api/identity/user/v1.0/resend-code" secured="true" http-method="all"/>
+        <Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="POST"/>
+        <Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="GET"/>
+        <Resource context="(.*)/api/identity/user/v1.0/pi-info" secured="true" http-method="all">
+            <Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
+        </Resource>
+        <Resource context="(.*)/api/identity/user/v1.0/pi-info/(.*)" secured="true" http-method="all">
+            <Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
+        </Resource>
+
+        <Resource context="(.*)/api/identity/consent-mgt/v1.0/consents" secured="true" http-method="all"/>
+        <Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/receipts/(.*)" secured="true" http-method="all"/>
+
+        <Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes" secured="true" http-method="POST">
+            <Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
+        </Resource>
+        <Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes(.*)" secured="true" http-method="GET"/>
+        <Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes(.+)" secured="true" http-method="DELETE">
+            <Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
+        </Resource>
+
+        <Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories" secured="true" http-method="POST">
+            <Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
+        </Resource>
+        <Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories(.*)" secured="true" http-method="GET"/>
+        <Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories(.+)" secured="true" http-method="DELETE">
+            <Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
+        </Resource>
+
+        <Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories" secured="true" http-method="POST">
+            <Permissions>/permission/admin/manage/identity/consentmgt/add</Permissions>
+        </Resource>
+        <Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories(.*)" secured="true" http-method="GET"/>
+        <Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories(.+)" secured="true" http-method="DELETE">
+            <Permissions>/permission/admin/manage/identity/consentmgt/delete</Permissions>
+        </Resource>
+
+        <Resource context="(.*)/api/identity/recovery/(.*)" secured="true" http-method="all"/>
+        <Resource context="(.*)/.well-known(.*)" secured="true" http-method="all"/>
+        <Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="POST">
+            <Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions>
+        </Resource>
+        <Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="DELETE">
             <Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions>
         </Resource>
-        <Resource context="(.*)/identity/connect/register(.*)" http-method="all" secured="true">
+        <Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="PUT">
+            <Permissions>/permission/admin/manage/identity/applicationmgt/update</Permissions>
+        </Resource>
+        <Resource context="(.*)/api/identity/oauth2/dcr/v1.0/register(.*)" secured="true" http-method="GET">
+            <Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions>
+        </Resource>
+        <Resource context="(.*)/identity/register(.*)" secured="true" http-method="all">
+            <Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions>
+        </Resource>
+        <Resource context="(.*)/identity/connect/register(.*)" secured="true" http-method="all">
             <Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions>
         </Resource>
-        <Resource context="(.*)/oauth2/introspect(.*)" http-method="all" secured="true">
+        <Resource context="(.*)/oauth2/introspect(.*)" secured="true" http-method="all">
             <Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions>
         </Resource>
-        <Resource context="(.*)/api/identity/entitlement/(.*)" http-method="all" secured="true">
+        <Resource context="(.*)/api/identity/entitlement/(.*)" secured="true" http-method="all">
             <Permissions>/permission/admin/manage/identity/pep</Permissions>
         </Resource>
+        <Resource context="(.*)/scim2/Users" secured="true" http-method="POST">
+            <Permissions>/permission/admin/manage/identity/usermgt/create</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Users" secured="true" http-method="GET">
+            <Permissions>/permission/admin/manage/identity/usermgt/list</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Groups" secured="true" http-method="POST">
+            <Permissions>/permission/admin/manage/identity/rolemgt/create</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Groups" secured="true" http-method="GET">
+            <Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="GET">
+            <Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PUT">
+            <Permissions>/permission/admin/manage/identity/usermgt/update</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PATCH">
+            <Permissions>/permission/admin/manage/identity/usermgt/update</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="DELETE">
+            <Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="GET">
+            <Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PUT">
+            <Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PATCH">
+            <Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="DELETE">
+            <Permissions>/permission/admin/manage/identity/rolemgt/delete</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Me" secured="true"    http-method="GET">
+            <Permissions>/permission/admin/login</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Me" secured="true" http-method="DELETE">
+            <Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Me" secured="true"    http-method="PUT">
+            <Permissions>/permission/admin/login</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Me" secured="true"   http-method="PATCH">
+            <Permissions>/permission/admin/login</Permissions>
+        </Resource>
+        <Resource context="(.*)/scim2/Me" secured="true" http-method="POST">
+            <Permissions>/permission/admin/manage/identity/usermgt/create</Permissions>
+        </Resource>
+        <Resource context="/scim2/ServiceProviderConfig" secured="false" http-method="all">
+            <Permissions></Permissions>
+        </Resource>
+        <Resource context="/scim2/ResourceType" secured="false" http-method="all">
+            <Permissions></Permissions>
+        </Resource>
+        <Resource context="/scim2/Bulk" secured="true"  http-method="all">
+            <Permissions>/permission/admin/manage/identity/usermgt</Permissions>
+        </Resource>
+        <Resource context="(.*)/api/identity/oauth2/dcr/(.*)" secured="true" http-method="all">
+            <Permissions>/permission/admin/manage/identity/applicationmgt</Permissions>
+        </Resource>
     </ResourceAccessControl>
+
     <ClientAppAuthentication>
-        <Application
-            hash="66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262" name="dashboard"/>
+        <Application name="dashboard" hash="66cd9688a2ae068244ea01e70f0e230f5623b7fa4cdecb65070a09ec06452262"/>
     </ClientAppAuthentication>
+
     <TenantContextsToRewrite>
         <WebApp>
-            <Context>/api/identity/user/v0.9</Context>
-            <Context>/api/identity/recovery/v0.9</Context>
-            <Context>/oauth2</Context>
-            <Context>/api/identity/entitlement</Context>
+            <Context>/api/identity/user/v1.0/</Context>
+            <Context>/api/identity/consent-mgt/v1.0/</Context>
+            <Context>/api/identity/recovery/v0.9/</Context>
+            <Context>/oauth2/</Context>
+            <Context>/scim2/</Context>
+            <Context>/api/identity/entitlement/</Context>
+            <Context>/api/identity/oauth2/dcr/v1.0/</Context>
         </WebApp>
         <Servlet>
             <Context>/identity/(.*)</Context>
         </Servlet>
     </TenantContextsToRewrite>
+
     <!-- Server Synchronization Tolerance Configuration in seconds -->
     <ClockSkew>300</ClockSkew>
+
 </Server>
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/is-as-km/repository/conf/user-mgt.xml b/docker-compose/APIM-ISasKM-with-Analytics/is-as-km/repository/conf/user-mgt.xml
index 5d4feacf..9a6f0575 100644
--- a/docker-compose/APIM-ISasKM-with-Analytics/is-as-km/repository/conf/user-mgt.xml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/is-as-km/repository/conf/user-mgt.xml
@@ -85,9 +85,9 @@
             <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
             <Property name="MembershipAttribute">member</Property>
             <Property name="BackLinksEnabled">false</Property>
-            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
             <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
-            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
             <Property name="SCIMEnabled">false</Property>
             <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
             <Property name="MultiAttributeSeparator">,</Property>
@@ -134,13 +134,13 @@
             <Property name="MemberOfAttribute">memberOf</Property>
             <Property name="BackLinksEnabled">true</Property>
             <Property name="Referral">follow</Property>
-            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
             <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
             <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
             <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
             <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
             <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
-            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
             <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
             <Property name="SCIMEnabled">false</Property>
             <Property name="IsBulkImportSupported">false</Property>
@@ -151,6 +151,7 @@
             <Property name="userAccountControl">512</Property>
             <Property name="MaxUserNameListLength">100</Property>     
             <Property name="MaxRoleNameListLength">100</Property>                     
+            <Property name="MembershipAttributeRange">1500</Property>
             <Property name="kdcEnabled">false</Property>
             <Property name="defaultRealmName">WSO2.ORG</Property>
             <Property name="UserRolesCacheEnabled">true</Property>
@@ -188,13 +189,13 @@
             <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
             <Property name="MembershipAttribute">member</Property>
             <Property name="BackLinksEnabled">false</Property>
-            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
             <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
             <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
             <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
             <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
             <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
-            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
+            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
             <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
             <Property name="SCIMEnabled">true</Property>
             <Property name="IsBulkImportSupported">false</Property>
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/mysql/scripts/apim_mysql5.7.sql b/docker-compose/APIM-ISasKM-with-Analytics/mysql/scripts/apim_mysql5.7.sql
index 7909e549..c6b4bf44 100644
--- a/docker-compose/APIM-ISasKM-with-Analytics/mysql/scripts/apim_mysql5.7.sql
+++ b/docker-compose/APIM-ISasKM-with-Analytics/mysql/scripts/apim_mysql5.7.sql
@@ -16,7 +16,7 @@ INSERT INTO IDN_BASE_TABLE values ('WSO2 Identity Server');
 CREATE TABLE IF NOT EXISTS IDN_OAUTH_CONSUMER_APPS (
             ID INTEGER NOT NULL AUTO_INCREMENT,
             CONSUMER_KEY VARCHAR(255),
-            CONSUMER_SECRET VARCHAR(512),
+            CONSUMER_SECRET VARCHAR(2048),
             USERNAME VARCHAR(255),
             TENANT_ID INTEGER DEFAULT 0,
             USER_DOMAIN VARCHAR(50),
@@ -27,10 +27,20 @@ CREATE TABLE IF NOT EXISTS IDN_OAUTH_CONSUMER_APPS (
             PKCE_MANDATORY CHAR(1) DEFAULT '0',
             PKCE_SUPPORT_PLAIN CHAR(1) DEFAULT '0',
             APP_STATE VARCHAR (25) DEFAULT 'ACTIVE',
+            USER_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000,
+            APP_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000,
+            REFRESH_TOKEN_EXPIRE_TIME BIGINT DEFAULT 84600000,
             CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (CONSUMER_KEY),
             PRIMARY KEY (ID)
 )ENGINE INNODB;
 
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_VALIDATORS (
+	APP_ID INTEGER NOT NULL,
+	SCOPE_VALIDATOR VARCHAR (128) NOT NULL,
+	PRIMARY KEY (APP_ID,SCOPE_VALIDATOR),
+	FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
 CREATE TABLE IF NOT EXISTS IDN_OAUTH1A_REQUEST_TOKEN (
             REQUEST_TOKEN VARCHAR(255),
             REQUEST_TOKEN_SECRET VARCHAR(512),
@@ -58,8 +68,8 @@ CREATE TABLE IF NOT EXISTS IDN_OAUTH1A_ACCESS_TOKEN (
 
 CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN (
             TOKEN_ID VARCHAR (255),
-            ACCESS_TOKEN VARCHAR(255),
-            REFRESH_TOKEN VARCHAR(255),
+            ACCESS_TOKEN VARCHAR(2048),
+            REFRESH_TOKEN VARCHAR(2048),
             CONSUMER_KEY_ID INTEGER,
             AUTHZ_USER VARCHAR (100),
             TENANT_ID INTEGER,
@@ -74,6 +84,8 @@ CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN (
             TOKEN_STATE VARCHAR(25) DEFAULT 'ACTIVE',
             TOKEN_STATE_ID VARCHAR (128) DEFAULT 'NONE',
             SUBJECT_IDENTIFIER VARCHAR(255),
+            ACCESS_TOKEN_HASH VARCHAR(512),
+            REFRESH_TOKEN_HASH VARCHAR(512),
             PRIMARY KEY (TOKEN_ID),
             FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
             CONSTRAINT CON_APP_KEY UNIQUE (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,
@@ -84,11 +96,11 @@ CREATE INDEX IDX_AT_CK_AU ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER
 
 CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED);
 
-CREATE INDEX IDX_AT ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN);
+CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH);
 
 CREATE TABLE IF NOT EXISTS IDN_OAUTH2_AUTHORIZATION_CODE (
             CODE_ID VARCHAR (255),
-            AUTHORIZATION_CODE VARCHAR(512),
+            AUTHORIZATION_CODE VARCHAR(2048),
             CONSUMER_KEY_ID INTEGER,
             CALLBACK_URL VARCHAR(1024),
             SCOPE VARCHAR(2048),
@@ -102,11 +114,12 @@ CREATE TABLE IF NOT EXISTS IDN_OAUTH2_AUTHORIZATION_CODE (
             SUBJECT_IDENTIFIER VARCHAR(255),
             PKCE_CODE_CHALLENGE VARCHAR(255),
             PKCE_CODE_CHALLENGE_METHOD VARCHAR(128),
+            AUTHORIZATION_CODE_HASH VARCHAR(512),
             PRIMARY KEY (CODE_ID),
             FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
 )ENGINE INNODB;
 
-CREATE INDEX IDX_AUTHORIZATION_CODE ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE,CONSUMER_KEY_ID);
+CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH,CONSUMER_KEY_ID);
 
 CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
             TOKEN_ID VARCHAR (255),
@@ -117,21 +130,26 @@ CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
 )ENGINE INNODB;
 
 CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE (
-            SCOPE_ID INT(11) NOT NULL AUTO_INCREMENT,
-            SCOPE_KEY VARCHAR(100) NOT NULL,
-            NAME VARCHAR(255) NULL,
-            DESCRIPTION VARCHAR(512) NULL,
-            TENANT_ID INT(11) NOT NULL DEFAULT 0,
-            ROLES VARCHAR (500) NULL,
+            SCOPE_ID INTEGER NOT NULL AUTO_INCREMENT,
+            NAME VARCHAR(255) NOT NULL,
+            DISPLAY_NAME VARCHAR(255) NOT NULL,
+            DESCRIPTION VARCHAR(512),
+            TENANT_ID INTEGER NOT NULL DEFAULT -1,
             PRIMARY KEY (SCOPE_ID)
 )ENGINE INNODB;
 
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_BINDING (
+            SCOPE_ID INTEGER NOT NULL,
+            SCOPE_BINDING VARCHAR(255),
+            FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
 CREATE TABLE IF NOT EXISTS IDN_OAUTH2_RESOURCE_SCOPE (
             RESOURCE_PATH VARCHAR(255) NOT NULL,
-            SCOPE_ID INTEGER (11) NOT NULL,
+            SCOPE_ID INTEGER NOT NULL,
             TENANT_ID INTEGER DEFAULT -1,
             PRIMARY KEY (RESOURCE_PATH),
-            FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE (SCOPE_ID)
+            FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE (SCOPE_ID) ON DELETE CASCADE
 )ENGINE INNODB;
 
 CREATE TABLE IF NOT EXISTS IDN_SCIM_GROUP (
@@ -186,7 +204,7 @@ CREATE TABLE IF NOT EXISTS IDN_IDENTITY_USER_DATA (
             TENANT_ID INTEGER DEFAULT -1234,
             USER_NAME VARCHAR(255) NOT NULL,
             DATA_KEY VARCHAR(255) NOT NULL,
-            DATA_VALUE VARCHAR(255),
+            DATA_VALUE VARCHAR(2048),
             PRIMARY KEY (TENANT_ID, USER_NAME, DATA_KEY)
 )ENGINE INNODB;
 
@@ -221,22 +239,22 @@ CREATE TABLE IF NOT EXISTS IDN_AUTH_SESSION_STORE (
 CREATE TABLE IF NOT EXISTS SP_APP (
         ID INTEGER NOT NULL AUTO_INCREMENT,
         TENANT_ID INTEGER NOT NULL,
-            APP_NAME VARCHAR (255) NOT NULL ,
-            USER_STORE VARCHAR (255) NOT NULL,
+	    	APP_NAME VARCHAR (255) NOT NULL ,
+	    	USER_STORE VARCHAR (255) NOT NULL,
         USERNAME VARCHAR (255) NOT NULL ,
         DESCRIPTION VARCHAR (1024),
-            ROLE_CLAIM VARCHAR (512),
+	    	ROLE_CLAIM VARCHAR (512),
         AUTH_TYPE VARCHAR (255) NOT NULL,
-            PROVISIONING_USERSTORE_DOMAIN VARCHAR (512),
-            IS_LOCAL_CLAIM_DIALECT CHAR(1) DEFAULT '1',
-            IS_SEND_LOCAL_SUBJECT_ID CHAR(1) DEFAULT '0',
-            IS_SEND_AUTH_LIST_OF_IDPS CHAR(1) DEFAULT '0',
+	    	PROVISIONING_USERSTORE_DOMAIN VARCHAR (512),
+	    	IS_LOCAL_CLAIM_DIALECT CHAR(1) DEFAULT '1',
+	    	IS_SEND_LOCAL_SUBJECT_ID CHAR(1) DEFAULT '0',
+	    	IS_SEND_AUTH_LIST_OF_IDPS CHAR(1) DEFAULT '0',
         IS_USE_TENANT_DOMAIN_SUBJECT CHAR(1) DEFAULT '1',
         IS_USE_USER_DOMAIN_SUBJECT CHAR(1) DEFAULT '1',
         ENABLE_AUTHORIZATION CHAR(1) DEFAULT '0',
-            SUBJECT_CLAIM_URI VARCHAR (512),
-            IS_SAAS_APP CHAR(1) DEFAULT '0',
-            IS_DUMB_MODE CHAR(1) DEFAULT '0',
+	    	SUBJECT_CLAIM_URI VARCHAR (512),
+	    	IS_SAAS_APP CHAR(1) DEFAULT '0',
+	    	IS_DUMB_MODE CHAR(1) DEFAULT '0',
         PRIMARY KEY (ID)
 )ENGINE INNODB;
 
@@ -296,7 +314,7 @@ CREATE TABLE IF NOT EXISTS SP_CLAIM_MAPPING (
             SP_CLAIM VARCHAR (512) NOT NULL ,
             APP_ID INTEGER NOT NULL,
             IS_REQUESTED VARCHAR(128) DEFAULT '0',
-          IS_MANDATORY VARCHAR(128) DEFAULT '0',
+	    IS_MANDATORY VARCHAR(128) DEFAULT '0',
             DEFAULT_VALUE VARCHAR(255),
             PRIMARY KEY (ID)
 )ENGINE INNODB;
@@ -338,60 +356,69 @@ CREATE TABLE IF NOT EXISTS SP_PROVISIONING_CONNECTOR (
 
 ALTER TABLE SP_PROVISIONING_CONNECTOR ADD CONSTRAINT PRO_CONNECTOR_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE;
 
+CREATE TABLE SP_AUTH_SCRIPT (
+  ID         INTEGER AUTO_INCREMENT NOT NULL,
+  TENANT_ID  INTEGER                NOT NULL,
+  APP_ID     INTEGER                NOT NULL,
+  TYPE       VARCHAR(255)           NOT NULL,
+  CONTENT    BLOB    DEFAULT NULL,
+  IS_ENABLED CHAR(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (ID));
+
 CREATE TABLE IF NOT EXISTS IDP (
-                  ID INTEGER AUTO_INCREMENT,
-                  TENANT_ID INTEGER,
-                  NAME VARCHAR(254) NOT NULL,
-                  IS_ENABLED CHAR(1) NOT NULL DEFAULT '1',
-                  IS_PRIMARY CHAR(1) NOT NULL DEFAULT '0',
-                  HOME_REALM_ID VARCHAR(254),
-                  IMAGE MEDIUMBLOB,
-                  CERTIFICATE BLOB,
-                  ALIAS VARCHAR(254),
-                  INBOUND_PROV_ENABLED CHAR (1) NOT NULL DEFAULT '0',
-                  INBOUND_PROV_USER_STORE_ID VARCHAR(254),
-                  USER_CLAIM_URI VARCHAR(254),
-                  ROLE_CLAIM_URI VARCHAR(254),
-                  DESCRIPTION VARCHAR (1024),
-                  DEFAULT_AUTHENTICATOR_NAME VARCHAR(254),
-                  DEFAULT_PRO_CONNECTOR_NAME VARCHAR(254),
-                  PROVISIONING_ROLE VARCHAR(128),
-                  IS_FEDERATION_HUB CHAR(1) NOT NULL DEFAULT '0',
-                  IS_LOCAL_CLAIM_DIALECT CHAR(1) NOT NULL DEFAULT '0',
+			ID INTEGER AUTO_INCREMENT,
+			TENANT_ID INTEGER,
+			NAME VARCHAR(254) NOT NULL,
+			IS_ENABLED CHAR(1) NOT NULL DEFAULT '1',
+			IS_PRIMARY CHAR(1) NOT NULL DEFAULT '0',
+			HOME_REALM_ID VARCHAR(254),
+			IMAGE MEDIUMBLOB,
+			CERTIFICATE BLOB,
+			ALIAS VARCHAR(254),
+			INBOUND_PROV_ENABLED CHAR (1) NOT NULL DEFAULT '0',
+			INBOUND_PROV_USER_STORE_ID VARCHAR(254),
+ 			USER_CLAIM_URI VARCHAR(254),
+ 			ROLE_CLAIM_URI VARCHAR(254),
+  			DESCRIPTION VARCHAR (1024),
+ 			DEFAULT_AUTHENTICATOR_NAME VARCHAR(254),
+ 			DEFAULT_PRO_CONNECTOR_NAME VARCHAR(254),
+ 			PROVISIONING_ROLE VARCHAR(128),
+ 			IS_FEDERATION_HUB CHAR(1) NOT NULL DEFAULT '0',
+ 			IS_LOCAL_CLAIM_DIALECT CHAR(1) NOT NULL DEFAULT '0',
             DISPLAY_NAME VARCHAR(255),
-                  PRIMARY KEY (ID),
-                  UNIQUE (TENANT_ID, NAME)
+			PRIMARY KEY (ID),
+			UNIQUE (TENANT_ID, NAME)
 )ENGINE INNODB;
 
 CREATE TABLE IF NOT EXISTS IDP_ROLE (
-                  ID INTEGER AUTO_INCREMENT,
-                  IDP_ID INTEGER,
-                  TENANT_ID INTEGER,
-                  ROLE VARCHAR(254),
-                  PRIMARY KEY (ID),
-                  UNIQUE (IDP_ID, ROLE),
-                  FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE
+			ID INTEGER AUTO_INCREMENT,
+			IDP_ID INTEGER,
+			TENANT_ID INTEGER,
+			ROLE VARCHAR(254),
+			PRIMARY KEY (ID),
+			UNIQUE (IDP_ID, ROLE),
+			FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE
 )ENGINE INNODB;
 
 CREATE TABLE IF NOT EXISTS IDP_ROLE_MAPPING (
-                  ID INTEGER AUTO_INCREMENT,
-                  IDP_ROLE_ID INTEGER,
-                  TENANT_ID INTEGER,
-                  USER_STORE_ID VARCHAR (253),
-                  LOCAL_ROLE VARCHAR(253),
-                  PRIMARY KEY (ID),
-                  UNIQUE (IDP_ROLE_ID, TENANT_ID, USER_STORE_ID, LOCAL_ROLE),
-                  FOREIGN KEY (IDP_ROLE_ID) REFERENCES IDP_ROLE(ID) ON DELETE CASCADE
+			ID INTEGER AUTO_INCREMENT,
+			IDP_ROLE_ID INTEGER,
+			TENANT_ID INTEGER,
+			USER_STORE_ID VARCHAR (253),
+			LOCAL_ROLE VARCHAR(253),
+			PRIMARY KEY (ID),
+			UNIQUE (IDP_ROLE_ID, TENANT_ID, USER_STORE_ID, LOCAL_ROLE),
+			FOREIGN KEY (IDP_ROLE_ID) REFERENCES IDP_ROLE(ID) ON DELETE CASCADE
 )ENGINE INNODB;
 
 CREATE TABLE IF NOT EXISTS IDP_CLAIM (
-                  ID INTEGER AUTO_INCREMENT,
-                  IDP_ID INTEGER,
-                  TENANT_ID INTEGER,
-                  CLAIM VARCHAR(254),
-                  PRIMARY KEY (ID),
-                  UNIQUE (IDP_ID, CLAIM),
-                  FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE
+			ID INTEGER AUTO_INCREMENT,
+			IDP_ID INTEGER,
+			TENANT_ID INTEGER,
+			CLAIM VARCHAR(254),
+			PRIMARY KEY (ID),
+			UNIQUE (IDP_ID, CLAIM),
+			FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE
 )ENGINE INNODB;
 
 CREATE TABLE IF NOT EXISTS IDP_CLAIM_MAPPING (
@@ -525,7 +552,7 @@ CREATE TABLE IF NOT EXISTS FIDO_DEVICE_STORE (
             DEVICE_DATA VARCHAR(2048) NOT NULL,
             PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME, KEY_HANDLE)
         )ENGINE INNODB;
-              
+
 CREATE TABLE IF NOT EXISTS WF_REQUEST (
     UUID VARCHAR (45),
     CREATED_BY VARCHAR (255),
@@ -607,11 +634,11 @@ CREATE TABLE IF NOT EXISTS WF_WORKFLOW_REQUEST_RELATION(
 
 CREATE TABLE IF NOT EXISTS IDN_RECOVERY_DATA (
   USER_NAME VARCHAR(255) NOT NULL,
-  USER_DOMAIN VARCHAR(255) NOT NULL,
+  USER_DOMAIN VARCHAR(127) NOT NULL,
   TENANT_ID INTEGER DEFAULT -1,
   CODE VARCHAR(255) NOT NULL,
   SCENARIO VARCHAR(255) NOT NULL,
-  STEP VARCHAR(255) NOT NULL,
+  STEP VARCHAR(127) NOT NULL,
   TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
   REMAINING_SETS VARCHAR(2500) DEFAULT NULL,
   PRIMARY KEY(USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO,STEP),
@@ -692,8 +719,192 @@ CREATE TABLE IF NOT EXISTS  IDN_SAML2_ASSERTION_STORE (
   PRIMARY KEY (ID)
 )ENGINE INNODB;
 
+CREATE TABLE IF NOT EXISTS IDN_OIDC_JTI (
+  JWT_ID VARCHAR(255) NOT NULL,
+  EXP_TIME TIMESTAMP NOT NULL ,
+  TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
+  PRIMARY KEY (JWT_ID)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS  IDN_OIDC_PROPERTY (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  TENANT_ID  INTEGER,
+  CONSUMER_KEY  VARCHAR(255) ,
+  PROPERTY_KEY  VARCHAR(255) NOT NULL,
+  PROPERTY_VALUE  VARCHAR(2047) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_REFERENCE (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  CONSUMER_KEY_ID INTEGER ,
+  CODE_ID VARCHAR(255) ,
+  TOKEN_ID VARCHAR(255) ,
+  SESSION_DATA_KEY VARCHAR(255),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
+  FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE,
+  FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE(CODE_ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_CLAIMS (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  REQ_OBJECT_ID INTEGER,
+  CLAIM_ATTRIBUTE VARCHAR(255) ,
+  ESSENTIAL CHAR(1) NOT NULL DEFAULT '0' ,
+  VALUE VARCHAR(255) ,
+  IS_USERINFO CHAR(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_ID) REFERENCES IDN_OIDC_REQ_OBJECT_REFERENCE (ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJ_CLAIM_VALUES (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  REQ_OBJECT_CLAIMS_ID INTEGER ,
+  CLAIM_VALUES VARCHAR(255) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_CLAIMS_ID) REFERENCES  IDN_OIDC_REQ_OBJECT_CLAIMS(ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CERTIFICATE (
+             ID INTEGER NOT NULL AUTO_INCREMENT,
+             NAME VARCHAR(100),
+             CERTIFICATE_IN_PEM BLOB,
+             TENANT_ID INTEGER DEFAULT 0,
+             PRIMARY KEY(ID),
+             CONSTRAINT CERTIFICATE_UNIQUE_KEY UNIQUE (NAME, TENANT_ID)
+)ENGINE INNODB;
+
+
 -- End of IDENTITY Tables--
 
+-- Start of CONSENT-MGT Tables --
+
+CREATE TABLE CM_PII_CATEGORY (
+  ID           INTEGER AUTO_INCREMENT,
+  NAME         VARCHAR(255) NOT NULL,
+  DESCRIPTION  VARCHAR(1023),
+  DISPLAY_NAME VARCHAR(255),
+  IS_SENSITIVE INTEGER      NOT NULL,
+  TENANT_ID    INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_RECEIPT (
+  CONSENT_RECEIPT_ID  VARCHAR(255) NOT NULL,
+  VERSION             VARCHAR(255) NOT NULL,
+  JURISDICTION        VARCHAR(255) NOT NULL,
+  CONSENT_TIMESTAMP   TIMESTAMP    NOT NULL,
+  COLLECTION_METHOD   VARCHAR(255) NOT NULL,
+  LANGUAGE            VARCHAR(255) NOT NULL,
+  PII_PRINCIPAL_ID    VARCHAR(255) NOT NULL,
+  PRINCIPAL_TENANT_ID INTEGER DEFAULT '-1234',
+  POLICY_URL          VARCHAR(255) NOT NULL,
+  STATE               VARCHAR(255) NOT NULL,
+  PII_CONTROLLER      VARCHAR(2048) NOT NULL,
+  PRIMARY KEY (CONSENT_RECEIPT_ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_PURPOSE (
+  ID          INTEGER AUTO_INCREMENT,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_PURPOSE_CATEGORY (
+  ID          INTEGER AUTO_INCREMENT,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_RECEIPT_SP_ASSOC (
+  ID                 INTEGER AUTO_INCREMENT,
+  CONSENT_RECEIPT_ID VARCHAR(255) NOT NULL,
+  SP_NAME            VARCHAR(255) NOT NULL,
+  SP_DISPLAY_NAME    VARCHAR(255),
+  SP_DESCRIPTION     VARCHAR(255),
+  SP_TENANT_ID       INTEGER DEFAULT '-1234',
+  UNIQUE KEY (CONSENT_RECEIPT_ID, SP_NAME, SP_TENANT_ID),
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_SP_PURPOSE_ASSOC (
+  ID                     INTEGER AUTO_INCREMENT,
+  RECEIPT_SP_ASSOC       INTEGER      NOT NULL,
+  PURPOSE_ID             INTEGER      NOT NULL,
+  CONSENT_TYPE           VARCHAR(255) NOT NULL,
+  IS_PRIMARY_PURPOSE     INTEGER      NOT NULL,
+  TERMINATION            VARCHAR(255) NOT NULL,
+  THIRD_PARTY_DISCLOSURE INTEGER      NOT NULL,
+  THIRD_PARTY_NAME       VARCHAR(255),
+  UNIQUE KEY (RECEIPT_SP_ASSOC, PURPOSE_ID),
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PURPOSE_CATEGORY_ID INTEGER NOT NULL,
+  UNIQUE KEY (SP_PURPOSE_ASSOC_ID, PURPOSE_CATEGORY_ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_PURPOSE_PII_CAT_ASSOC (
+  PURPOSE_ID         INTEGER NOT NULL,
+  CM_PII_CATEGORY_ID INTEGER NOT NULL,
+  UNIQUE KEY (PURPOSE_ID, CM_PII_CATEGORY_ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_SP_PURPOSE_PII_CAT_ASSOC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PII_CATEGORY_ID     INTEGER NOT NULL,
+  VALIDITY            VARCHAR(1023),
+  UNIQUE KEY (SP_PURPOSE_ASSOC_ID, PII_CATEGORY_ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_CONSENT_RECEIPT_PROPERTY (
+  CONSENT_RECEIPT_ID VARCHAR(255)  NOT NULL,
+  NAME               VARCHAR(255)  NOT NULL,
+  VALUE              VARCHAR(1023) NOT NULL,
+  UNIQUE KEY (CONSENT_RECEIPT_ID, NAME)
+)ENGINE INNODB;
+
+ALTER TABLE CM_RECEIPT_SP_ASSOC
+  ADD CONSTRAINT CM_RECEIPT_SP_ASSOC_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID);
+
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk0 FOREIGN KEY (RECEIPT_SP_ASSOC) REFERENCES CM_RECEIPT_SP_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk1 FOREIGN KEY (PURPOSE_ID) REFERENCES CM_PURPOSE (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk1 FOREIGN KEY (PURPOSE_CATEGORY_ID) REFERENCES CM_PURPOSE_CATEGORY (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk1 FOREIGN KEY (PII_CATEGORY_ID) REFERENCES CM_PII_CATEGORY (ID);
+
+ALTER TABLE CM_CONSENT_RECEIPT_PROPERTY
+  ADD CONSTRAINT CM_CONSENT_RECEIPT_PRT_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID);
+
+INSERT INTO CM_PURPOSE (NAME, DESCRIPTION, TENANT_ID) values ('DEFAULT', 'For core functionalities of the product', '-1234');
+
+INSERT INTO CM_PURPOSE_CATEGORY (NAME, DESCRIPTION, TENANT_ID) VALUES ('DEFAULT','For core functionalities of the product', '-1234');
+
+-- End of CONSENT-MGT Tables --
+
 -- Start of API-MGT Tables --
 CREATE TABLE IF NOT EXISTS AM_SUBSCRIBER (
     SUBSCRIBER_ID INTEGER AUTO_INCREMENT,
@@ -777,7 +988,7 @@ CREATE TABLE IF NOT EXISTS AM_SUBSCRIPTION (
 
 CREATE TABLE IF NOT EXISTS AM_SUBSCRIPTION_KEY_MAPPING (
     SUBSCRIPTION_ID INTEGER,
-    ACCESS_TOKEN VARCHAR(255),
+    ACCESS_TOKEN VARCHAR(512),
     KEY_TYPE VARCHAR(512) NOT NULL,
     FOREIGN KEY(SUBSCRIPTION_ID) REFERENCES AM_SUBSCRIPTION(SUBSCRIPTION_ID) ON UPDATE CASCADE ON DELETE RESTRICT,
     PRIMARY KEY(SUBSCRIPTION_ID,ACCESS_TOKEN)
@@ -872,7 +1083,7 @@ CREATE TABLE IF NOT EXISTS AM_APPLICATION_REGISTRATION (
     WF_REF VARCHAR(255) NOT NULL,
     APP_ID INT,
     TOKEN_TYPE VARCHAR(30),
-    TOKEN_SCOPE VARCHAR(256) DEFAULT 'default',
+    TOKEN_SCOPE VARCHAR(1500) DEFAULT 'default',
     INPUTS VARCHAR(1000),
     ALLOWED_DOMAINS VARCHAR(256),
     VALIDITY_PERIOD BIGINT,
@@ -890,10 +1101,10 @@ CREATE TABLE IF NOT EXISTS AM_API_SCOPES (
 )ENGINE = INNODB;
 
 CREATE TABLE IF NOT EXISTS AM_API_DEFAULT_VERSION (
-            DEFAULT_VERSION_ID INT AUTO_INCREMENT, 
+            DEFAULT_VERSION_ID INT AUTO_INCREMENT,
             API_NAME VARCHAR(256) NOT NULL ,
-            API_PROVIDER VARCHAR(256) NOT NULL , 
-            DEFAULT_API_VERSION VARCHAR(30) , 
+            API_PROVIDER VARCHAR(256) NOT NULL ,
+            DEFAULT_API_VERSION VARCHAR(30) ,
             PUBLISHED_DEFAULT_API_VERSION VARCHAR(30) ,
             PRIMARY KEY (DEFAULT_VERSION_ID)
 )ENGINE = INNODB;
@@ -902,29 +1113,29 @@ CREATE INDEX IDX_SUB_APP_ID ON AM_SUBSCRIPTION (APPLICATION_ID, SUBSCRIPTION_ID)
 
 
 CREATE TABLE IF NOT EXISTS AM_ALERT_TYPES (
-            ALERT_TYPE_ID INTEGER AUTO_INCREMENT, 
+            ALERT_TYPE_ID INTEGER AUTO_INCREMENT,
             ALERT_TYPE_NAME VARCHAR(255) NOT NULL ,
 	    STAKE_HOLDER VARCHAR(100) NOT NULL,
             PRIMARY KEY (ALERT_TYPE_ID)
 )ENGINE = INNODB;
 
 CREATE TABLE IF NOT EXISTS AM_ALERT_TYPES_VALUES (
-            ALERT_TYPE_ID INTEGER, 
+            ALERT_TYPE_ID INTEGER,
             USER_NAME VARCHAR(255) NOT NULL ,
 	    STAKE_HOLDER VARCHAR(100) NOT NULL ,
             PRIMARY KEY (ALERT_TYPE_ID,USER_NAME,STAKE_HOLDER)
 )ENGINE = INNODB;
 
-CREATE TABLE IF NOT EXISTS AM_ALERT_EMAILLIST (  
-	    EMAIL_LIST_ID INTEGER AUTO_INCREMENT,         
-            USER_NAME VARCHAR(255) NOT NULL ,	    
+CREATE TABLE IF NOT EXISTS AM_ALERT_EMAILLIST (
+	    EMAIL_LIST_ID INTEGER AUTO_INCREMENT,
+            USER_NAME VARCHAR(255) NOT NULL ,
 	    STAKE_HOLDER VARCHAR(100) NOT NULL ,
             PRIMARY KEY (EMAIL_LIST_ID,USER_NAME,STAKE_HOLDER)
 )ENGINE = INNODB;
 
-CREATE TABLE IF NOT EXISTS  AM_ALERT_EMAILLIST_DETAILS (             
+CREATE TABLE IF NOT EXISTS  AM_ALERT_EMAILLIST_DETAILS (
             EMAIL_LIST_ID INTEGER,
-	    EMAIL VARCHAR(255),	    
+	    EMAIL VARCHAR(255),
             PRIMARY KEY (EMAIL_LIST_ID,EMAIL)
 )ENGINE = INNODB;
 
@@ -1108,12 +1319,43 @@ CREATE TABLE `AM_BLOCK_CONDITIONS` (
   UNIQUE (`UUID`)
 ) ENGINE=InnoDB;
 
+CREATE TABLE IF NOT EXISTS `AM_CERTIFICATE_METADATA` (
+  `TENANT_ID` INT(11) NOT NULL,
+  `ALIAS` VARCHAR(45) NOT NULL,
+  `END_POINT` VARCHAR(100) NOT NULL,
+  CONSTRAINT PK_ALIAS PRIMARY KEY (`ALIAS`),
+  CONSTRAINT END_POINT_CONSTRAINT UNIQUE (`END_POINT`)
+) ENGINE=InnoDB;
+
+CREATE TABLE IF NOT EXISTS AM_APPLICATION_GROUP_MAPPING (
+    APPLICATION_ID INTEGER NOT NULL,
+    GROUP_ID VARCHAR(512) NOT NULL,
+    TENANT VARCHAR(255),
+    PRIMARY KEY (APPLICATION_ID,GROUP_ID,TENANT),
+    FOREIGN KEY (APPLICATION_ID) REFERENCES AM_APPLICATION(APPLICATION_ID) ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB;
+
+CREATE TABLE IF NOT EXISTS AM_USAGE_UPLOADED_FILES (
+  TENANT_DOMAIN varchar(255) NOT NULL,
+  FILE_NAME varchar(255) NOT NULL,
+  FILE_TIMESTAMP TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  FILE_PROCESSED tinyint(1) DEFAULT FALSE,
+  FILE_CONTENT MEDIUMBLOB DEFAULT NULL,
+  PRIMARY KEY (TENANT_DOMAIN, FILE_NAME, FILE_TIMESTAMP)
+) ENGINE=InnoDB;
+
+CREATE TABLE IF NOT EXISTS AM_API_LC_PUBLISH_EVENTS (
+    ID INTEGER(11) NOT NULL AUTO_INCREMENT,
+    TENANT_DOMAIN VARCHAR(500) NOT NULL,
+    API_ID VARCHAR(500) NOT NULL,
+    EVENT_TIME TIMESTAMP NOT NULL,
+    PRIMARY KEY (ID)
+) ENGINE=InnoDB;
 -- End of API-MGT Tables --
 
 -- Performance indexes start--
 
 create index IDX_ITS_LMT on IDN_THRIFT_SESSION (LAST_MODIFIED_TIME);
-create index IDX_IOAT_AT on IDN_OAUTH2_ACCESS_TOKEN (ACCESS_TOKEN);
 create index IDX_IOAT_UT on IDN_OAUTH2_ACCESS_TOKEN (USER_TYPE);
 create index IDX_AAI_CTX on AM_API (CONTEXT);
 create index IDX_AAKM_CK on AM_APPLICATION_KEY_MAPPING (CONSUMER_KEY);
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/mysql/scripts/carbon_mysql5.7.sql b/docker-compose/APIM-ISasKM-with-Analytics/mysql/scripts/carbon_mysql5.7.sql
index 5378702f..614c1a55 100644
--- a/docker-compose/APIM-ISasKM-with-Analytics/mysql/scripts/carbon_mysql5.7.sql
+++ b/docker-compose/APIM-ISasKM-with-Analytics/mysql/scripts/carbon_mysql5.7.sql
@@ -306,6 +306,7 @@ CREATE TABLE UM_PERMISSION (
              UM_ACTION VARCHAR(255) NOT NULL,
              UM_TENANT_ID INTEGER DEFAULT 0,
 		UM_MODULE_ID INTEGER DEFAULT 0,
+			       UNIQUE(UM_RESOURCE_ID,UM_ACTION, UM_TENANT_ID),
              PRIMARY KEY (UM_ID, UM_TENANT_ID)
 )ENGINE INNODB;
 
@@ -420,6 +421,16 @@ CREATE TABLE UM_PROFILE_CONFIG(
             PRIMARY KEY (UM_ID, UM_TENANT_ID)
 )ENGINE INNODB;
 
+CREATE TABLE IF NOT EXISTS UM_CLAIM_BEHAVIOR(
+    UM_ID INTEGER NOT NULL AUTO_INCREMENT,
+    UM_PROFILE_ID INTEGER,
+    UM_CLAIM_ID INTEGER,
+    UM_BEHAVIOUR SMALLINT,
+    UM_TENANT_ID INTEGER DEFAULT 0,
+    FOREIGN KEY(UM_PROFILE_ID, UM_TENANT_ID) REFERENCES UM_PROFILE_CONFIG(UM_ID,UM_TENANT_ID),
+    FOREIGN KEY(UM_CLAIM_ID, UM_TENANT_ID) REFERENCES UM_CLAIM(UM_ID,UM_TENANT_ID),
+    PRIMARY KEY(UM_ID, UM_TENANT_ID)
+)ENGINE INNODB;
 
 CREATE TABLE UM_HYBRID_ROLE(
             UM_ID INTEGER NOT NULL AUTO_INCREMENT,
@@ -447,6 +458,8 @@ CREATE TABLE UM_SYSTEM_ROLE(
             PRIMARY KEY (UM_ID, UM_TENANT_ID)
 )ENGINE INNODB;
 
+CREATE INDEX SYSTEM_ROLE_IND_BY_RN_TI ON UM_SYSTEM_ROLE(UM_ROLE_NAME, UM_TENANT_ID);
+
 CREATE TABLE UM_SYSTEM_USER_ROLE(
             UM_ID INTEGER NOT NULL AUTO_INCREMENT,
             UM_USER_NAME VARCHAR(255),
diff --git a/dockerfiles/apim-analytics/Dockerfile b/dockerfiles/apim-analytics/Dockerfile
index 6ee59b00..582c9606 100644
--- a/dockerfiles/apim-analytics/Dockerfile
+++ b/dockerfiles/apim-analytics/Dockerfile
@@ -33,7 +33,7 @@ ARG JDK=jdk1.8.0*
 ARG JAVA_HOME=${USER_HOME}/java
 # set wso2 product configurations
 ARG WSO2_SERVER=wso2am-analytics
-ARG WSO2_SERVER_VERSION=2.1.0
+ARG WSO2_SERVER_VERSION=2.2.0
 ARG WSO2_SERVER_DIST=${WSO2_SERVER}-${WSO2_SERVER_VERSION}
 ARG WSO2_SERVER_HOME=${USER_HOME}/${WSO2_SERVER}-${WSO2_SERVER_VERSION}
 
diff --git a/dockerfiles/apim-analytics/README.md b/dockerfiles/apim-analytics/README.md
index a20e4562..deb78849 100644
--- a/dockerfiles/apim-analytics/README.md
+++ b/dockerfiles/apim-analytics/README.md
@@ -1,5 +1,5 @@
 # Dockerfile for WSO2 API Manager Analytics #
-The section defines the step-by-step instructions to build the Docker image for WSO2 API Manager Analytics 2.1.0.
+The section defines the step-by-step instructions to build the Docker image for WSO2 API Manager Analytics 2.2.0.
 
 ## Prerequisites
 
@@ -16,13 +16,13 @@ git clone https://github.com/wso2/docker-apim.git
 ##### 2. Add JDK, WSO2 API Manager Analytics distributions and MySQL Connector to `<ANALYTICS_DOCKERFILE_HOME>/files`
 - Download [JDK 1.8](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html) 
 and extract that to `<ANALYTICS_DOCKERFILE_HOME>/files`.
-- Download the WSO2 API Manager Analytics 2.1.0 distribution (http://wso2.com/api-management/try-it/)
+- Download the WSO2 API Manager Analytics 2.2.0 distribution (http://wso2.com/api-management/try-it/)
 and extract that to `<ANALYTICS_DOCKERFILE_HOME>/files`. <br>
 - Once both JDK and WSO2 API Manager distributions are extracted the folder structure should be as follows;
 
   ```bash
   <ANALYTICS_DOCKERFILE_HOME>/files/jdk<version>/
-  <ANALYTICS_DOCKERFILE_HOME>/files/wso2am-analytics-2.1.0/
+  <ANALYTICS_DOCKERFILE_HOME>/files/wso2am-analytics-2.2.0/
   ```
 - Download [MySQL Connector/J](https://dev.mysql.com/downloads/connector/j/) v5.1.45 and then copy that to `<ANALYTICS_DOCKERFILE_HOME>/files` folder
 
@@ -32,10 +32,10 @@ in order to obtain latest bug fixes and updates for the product.
 ##### 3. Build the Docker image.
 - Navigate to `<ANALYTICS_DOCKERFILE_HOME>` directory. <br>
   Execute `docker build` command as shown below.
-    + `docker build -t wso2am-analytics:2.1.0 .`
+    + `docker build -t wso2am-analytics:2.2.0 .`
     
 ##### 4. Running the Docker image.
-- `docker run -it -p 9444:9444 wso2am-analytics:2.1.0`
+- `docker run -it -p 9444:9444 wso2am-analytics:2.2.0`
 >Here, only port 9444 (HTTPS servlet transport) has been mapped to a Docker host port.
 You may map other container service ports, which have been exposed to Docker host ports, as desired.
 
@@ -51,7 +51,7 @@ Configurations would lie on the Docker host machine and they can be volume mount
 As an example, steps required to change the port offset using `carbon.xml` is as follows.
 
 ##### 1. Stop the API Manager container if it's already running.
-In WSO2 API Manager Analytics 2.1.0 product distribution, `carbon.xml` configuration file <br>
+In WSO2 API Manager Analytics 2.2.0 product distribution, `carbon.xml` configuration file <br>
 can be found at `<DISTRIBUTION_HOME>/conf`. Copy the file to some suitable location of the host machine, <br>
 referred to as `<SOURCE_CONFIGS>/carbon.xml` and change the offset value under ports to 1.
 
@@ -65,10 +65,10 @@ chmod o+r <SOURCE_CONFIGS>/carbon.xml
 docker run 
 -p 9445:9445
 --volume <SOURCE_CONFIGS>/carbon.xml:<TARGET_CONFIGS>/carbon.xml
-wso2am-analytics:2.1.0
+wso2am-analytics:2.2.0
 ```
 
->In here, <TARGET_CONFIGS> refers to /home/wso2carbon/wso2am-analytics-2.1.0/repository/conf folder of the container.
+>In here, <TARGET_CONFIGS> refers to /home/wso2carbon/wso2am-analytics-2.2.0/repository/conf folder of the container.
 
 
 ## Docker command usage references
diff --git a/dockerfiles/apim/Dockerfile b/dockerfiles/apim/Dockerfile
index 24e16fcc..ef5f5e33 100644
--- a/dockerfiles/apim/Dockerfile
+++ b/dockerfiles/apim/Dockerfile
@@ -33,7 +33,7 @@ ARG JDK=jdk1.8.0*
 ARG JAVA_HOME=${USER_HOME}/java
 # set wso2 product configurations
 ARG WSO2_SERVER=wso2am
-ARG WSO2_SERVER_VERSION=2.1.0
+ARG WSO2_SERVER_VERSION=2.2.0
 ARG WSO2_SERVER_DIST=${WSO2_SERVER}-${WSO2_SERVER_VERSION}
 ARG WSO2_SERVER_HOME=${USER_HOME}/${WSO2_SERVER}-${WSO2_SERVER_VERSION}
 
diff --git a/dockerfiles/apim/README.md b/dockerfiles/apim/README.md
index 4ca7ab76..83d7c15f 100644
--- a/dockerfiles/apim/README.md
+++ b/dockerfiles/apim/README.md
@@ -1,5 +1,5 @@
 # Dockerfile for WSO2 API Manager #
-The section defines the step-by-step instructions to build the Docker image for WSO2 API Manager 2.1.0.
+The section defines the step-by-step instructions to build the Docker image for WSO2 API Manager 2.2.0.
 
 ## Prerequisites
 
@@ -17,13 +17,13 @@ git clone https://github.com/wso2/docker-apim.git
 ##### 2. Add JDK, WSO2 API Manager distributions and MySQL connector to `<AM_DOCKERFILE_HOME>/files`
 - Download [JDK 1.8](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html) 
 and extract that in `<AM_DOCKERFILE_HOME>/files` folder.
-- Download the WSO2 API Manager 2.1.0 distribution (http://wso2.com/api-management/try-it/)
+- Download the WSO2 API Manager 2.2.0 distribution (http://wso2.com/api-management/try-it/)
 and extract that in `<AM_DOCKERFILE_HOME>/files` folder.
 - Once both JDK and WSO2 API Manager distributions are extracted the folder structure should be as follows;
 
   ```bash
   <AM_DOCKERFILE_HOME>/files/jdk<version>/
-  <AM_DOCKERFILE_HOME>/files/wso2am-2.1.0/
+  <AM_DOCKERFILE_HOME>/files/wso2am-2.2.0/
   ```
 - Download [MySQL Connector/J](https://dev.mysql.com/downloads/connector/j/) v5.1.45 and then copy that to `<AM_DOCKERFILE_HOME>/files` folder
 
@@ -34,10 +34,10 @@ in order to obtain latest bug fixes and updates for the product.
 ##### 3. Build the Docker image.
 - Navigate to `<AM_DOCKERFILE_HOME>` directory. <br>
   Execute `docker build` command as shown below.
-    + `docker build -t wso2am:2.1.0 .`
+    + `docker build -t wso2am:2.2.0 .`
     
 ##### 4. Running the Docker image.
-- `docker run -it -p 9443:9443 wso2am:2.1.0`
+- `docker run -it -p 9443:9443 wso2am:2.2.0`
 
 ##### 6. Accessing management console.
 - To access the management console, use the docker host IP and port 9443.
@@ -51,7 +51,7 @@ Configurations would lie on the Docker host machine and they can be volume mount
 As an example, steps required to change the port offset using `carbon.xml` is as follows.
 
 ##### 1. Stop the API Manager container if it's already running.
-In WSO2 API Manager 2.1.0 product distribution, `carbon.xml` configuration file <br>
+In WSO2 API Manager 2.2.0 product distribution, `carbon.xml` configuration file <br>
 can be found at `<DISTRIBUTION_HOME>/repository/conf`. Copy the file to some suitable location of the host machine, <br>
 referred to as `<SOURCE_CONFIGS>/carbon.xml` and change the offset value under ports to 1.
 
@@ -65,10 +65,10 @@ chmod o+r <SOURCE_CONFIGS>/carbon.xml
 docker run \
 -p 9444:9444 \
 --volume <SOURCE_CONFIGS>/carbon.xml:<TARGET_CONFIGS>/carbon.xml \
-wso2am:2.1.0
+wso2am:2.2.0
 ```
 
->In here, <TARGET_CONFIGS> refers to /home/wso2carbon/wso2am-2.1.0/repository/conf folder of the container.
+>In here, <TARGET_CONFIGS> refers to /home/wso2carbon/wso2am-2.2.0/repository/conf folder of the container.
 
 
 ## Docker command usage references
diff --git a/dockerfiles/is-as-km/Dockerfile b/dockerfiles/is-as-km/Dockerfile
index 3a412725..8f143b33 100644
--- a/dockerfiles/is-as-km/Dockerfile
+++ b/dockerfiles/is-as-km/Dockerfile
@@ -33,7 +33,7 @@ ARG JDK=jdk1.8.0*
 ARG JAVA_HOME=${USER_HOME}/java
 # set wso2 product configurations
 ARG WSO2_SERVER=wso2is-km
-ARG WSO2_SERVER_VERSION=5.3.0
+ARG WSO2_SERVER_VERSION=5.5.0
 ARG WSO2_SERVER_DIST=${WSO2_SERVER}-${WSO2_SERVER_VERSION}
 ARG WSO2_SERVER_HOME=${USER_HOME}/${WSO2_SERVER}-${WSO2_SERVER_VERSION}
 
diff --git a/dockerfiles/is-as-km/README.md b/dockerfiles/is-as-km/README.md
index 1dcb8c02..55d3a988 100644
--- a/dockerfiles/is-as-km/README.md
+++ b/dockerfiles/is-as-km/README.md
@@ -16,13 +16,13 @@ git clone https://github.com/wso2/docker-apim.git
 ##### 2. Add JDK, WSO2 API Manager distributions and MySQL connector to `<IS_KM_DOCKERFILE_HOME>/files`
 - Download [JDK 1.8](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html) 
 and extract that to `<IS_KM_DOCKERFILE_HOME>/files`.
-- Download the WSO2 Identity Server as Key Manager 5.3.0 distribution (http://wso2.com/api-management/try-it/)
+- Download the WSO2 Identity Server as Key Manager 5.5.0 distribution (http://wso2.com/api-management/try-it/)
 and extract that to `<IS_KM_DOCKERFILE_HOME>/files`. <br>
 - Once both JDK and WSO2 API Manager distributions are extracted the folder structure should be as follows;
 
     ```bash
     <IS_KM_DOCKERFILE_HOME>/files/jdk<version>/
-    <IS_KM_DOCKERFILE_HOME>/files/wso2is-km-5.3.0/
+    <IS_KM_DOCKERFILE_HOME>/files/wso2is-km-5.5.0/
     ```
 - Download [MySQL Connector/J](https://dev.mysql.com/downloads/connector/j/) v5.1.45 and then copy that to `<IS_KM_DOCKERFILE_HOME>/files` folder
 
@@ -32,10 +32,10 @@ in order to obtain latest bug fixes and updates for the product.
 ##### 3. Build the Docker image.
 - Navigate to `<IS_KM_DOCKERFILE_HOME>` directory. <br>
   Execute `docker build` command as shown below.
-    + `docker build -t wso2is-km:5.3.0 .`
+    + `docker build -t wso2is-km:5.5.0 .`
     
 ##### 4. Running the Docker image.
-- `docker run -it -p 9443:9443 wso2is-km:5.3.0`
+- `docker run -it -p 9443:9443 wso2is-km:5.5.0`
 
 ##### 5. Accessing management console.
 - To access the management console, use the docker host IP and port 9443.
@@ -49,7 +49,7 @@ Configurations would lie on the Docker host machine and they can be volume mount
 As an example, steps required to change the port offset using `carbon.xml` is as follows.
 
 ##### 1. Stop the API Manager container if it's already running.
-In WSO2 API Manager 2.1.0 product distribution, `carbon.xml` configuration file <br>
+In WSO2 API Manager 2.2.0 product distribution, `carbon.xml` configuration file <br>
 can be found at `<DISTRIBUTION_HOME>/repository/conf`. Copy the file to some suitable location of the host machine, <br>
 referred to as `<SOURCE_CONFIGS>/carbon.xml` and change the offset value under ports to 1.
 
@@ -63,10 +63,10 @@ chmod o+r <SOURCE_CONFIGS>/carbon.xml
 docker run \
 -p 9444:9444 \
 --volume <SOURCE_CONFIGS>/carbon.xml:<TARGET_CONFIGS>/carbon.xml \
-wso2is-km:5.3.0
+wso2is-km:5.5.0
 ```
 
->In here, <TARGET_CONFIGS> refers to /home/wso2carbon/wso2is-km-5.3.0/repository/conf folder of the container.
+>In here, <TARGET_CONFIGS> refers to /home/wso2carbon/wso2is-km-5.5.0/repository/conf folder of the container.
 
 
 ## Docker command usage references
diff --git a/dockerfiles/microgateway/Dockerfile b/dockerfiles/microgateway/Dockerfile
new file mode 100644
index 00000000..5f776c70
--- /dev/null
+++ b/dockerfiles/microgateway/Dockerfile
@@ -0,0 +1,66 @@
+# ------------------------------------------------------------------------
+#
+# Copyright 2017 WSO2, Inc. (http://wso2.com)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+#
+# ------------------------------------------------------------------------
+
+# set to latest Ubuntu LTS
+FROM ubuntu:16.04
+MAINTAINER WSO2 Docker Maintainers "dev@wso2.org"
+
+# set user configurations
+ARG USER=wso2carbon
+ARG USER_ID=802
+ARG USER_GROUP=wso2
+ARG USER_GROUP_ID=802
+ARG USER_HOME=/home/${USER}
+# set dependant files directory
+ARG FILES=./files
+# set jdk configurations
+ARG JDK=jdk1.8.0*
+ARG JAVA_HOME=${USER_HOME}/java
+# set wso2 product configurations
+ARG WSO2_SERVER=wso2am-micro-gw
+ARG WSO2_SERVER_VERSION=2.2.0
+ARG WSO2_SERVER_DIST=${WSO2_SERVER}-${WSO2_SERVER_VERSION}
+ARG WSO2_SERVER_HOME=${USER_HOME}/${WSO2_SERVER}-${WSO2_SERVER_VERSION}
+
+# install required packages
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
+    curl && \
+    rm -rf /var/lib/apt/lists/*
+
+# create a user group and a user
+RUN groupadd --system -g ${USER_GROUP_ID} ${USER_GROUP} && \
+    useradd --system --create-home --home-dir ${USER_HOME} --no-log-init -g ${USER_GROUP_ID} -u ${USER_ID} ${USER}
+
+# copy the jdk and wso2 product distributions to user's home directory and copy the mysql connector jar to server distribution
+COPY --chown=wso2carbon:wso2 ${FILES}/${JDK} ${USER_HOME}/java/
+COPY --chown=wso2carbon:wso2 ${FILES}/${WSO2_SERVER_DIST} ${USER_HOME}/${WSO2_SERVER_DIST}
+
+# set the user and work directory
+USER ${USER_ID}
+WORKDIR ${USER_HOME}
+
+# set environment variables
+ENV JAVA_HOME=${JAVA_HOME} \
+    PATH=$JAVA_HOME/bin:$PATH \
+    WSO2_SERVER_HOME=${WSO2_SERVER_HOME}
+
+# expose ports
+EXPOSE 8243
+
+ENTRYPOINT ${WSO2_SERVER_HOME}/bin/wso2server.sh
diff --git a/dockerfiles/microgateway/README.md b/dockerfiles/microgateway/README.md
new file mode 100644
index 00000000..ee06d110
--- /dev/null
+++ b/dockerfiles/microgateway/README.md
@@ -0,0 +1,79 @@
+# Dockerfile for WSO2 API Manager #
+The section defines the step-by-step instructions to build the Docker image for WSO2 API Manager 2.2.0.
+
+## Prerequisites
+
+* [Docker](https://www.docker.com/get-docker) v17.09.0 or above
+
+
+## How to build an image and run
+##### 1. Checkout this repository into your local machine using the following git command.
+```
+git clone https://github.com/wso2/docker-apim.git
+```
+
+>The local copy of the `dockerfile/apim` directory will be referred to as `AM_DOCKERFILE_HOME` from this point onwards.
+
+##### 2. Add JDK, WSO2 API Manager distributions and MySQL connector to `<AM_DOCKERFILE_HOME>/files`
+- Download [JDK 1.8](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html) 
+and extract that in `<AM_DOCKERFILE_HOME>/files` folder.
+- Download the WSO2 API Manager 2.2.0 distribution (https://wso2.com/api-management/api-microgateway/#download-micro-api-gateway)
+and extract that in `<AM_DOCKERFILE_HOME>/files` folder.
+- Once both JDK and WSO2 API Manager distributions are extracted the folder structure should be as follows;
+
+  ```bash
+  <AM_DOCKERFILE_HOME>/files/jdk<version>/
+  <AM_DOCKERFILE_HOME>/files/wso2am-2.2.0/
+  ```
+- Download [MySQL Connector/J](https://dev.mysql.com/downloads/connector/j/) v5.1.45 and then copy that to `<AM_DOCKERFILE_HOME>/files` folder
+
+
+>Please refer to [WSO2 Update Manager documentation](https://docs.wso2.com/display/ADMIN44x/Updating+WSO2+Products)
+in order to obtain latest bug fixes and updates for the product.
+
+##### 3. Build the Docker image.
+- Navigate to `<AM_DOCKERFILE_HOME>` directory. <br>
+  Execute `docker build` command as shown below.
+    + `docker build -t wso2am:2.2.0 .`
+    
+##### 4. Running the Docker image.
+- `docker run -it -p 8243:8243 wso2am:2.2.0`
+
+##### 6. Accessing management console.
+- To access the management console, use the docker host IP and port 9443.
+    + `https:<DOCKER_HOST>:9443/carbon`
+    
+>In here, <DOCKER_HOST> refers to hostname or IP of the host machine on top of which containers are spawned.
+
+
+## How to update configurations
+Configurations would lie on the Docker host machine and they can be volume mounted to the container. <br>
+As an example, steps required to change the port offset using `carbon.xml` is as follows.
+
+##### 1. Stop the API Manager container if it's already running.
+In WSO2 API Manager 2.2.0 product distribution, `carbon.xml` configuration file <br>
+can be found at `<DISTRIBUTION_HOME>/repository/conf`. Copy the file to some suitable location of the host machine, <br>
+referred to as `<SOURCE_CONFIGS>/carbon.xml` and change the offset value under ports to 1.
+
+##### 2. Grant read permission to `other` users for `<SOURCE_CONFIGS>/carbon.xml`
+```
+chmod o+r <SOURCE_CONFIGS>/carbon.xml
+```
+
+##### 3. Run the image by mounting the file to container as follows.
+```
+docker run \
+-p 8244:8244 \
+--volume <SOURCE_CONFIGS>/carbon.xml:<TARGET_CONFIGS>/carbon.xml \
+wso2am:2.2.0
+```
+
+>In here, <TARGET_CONFIGS> refers to /home/wso2carbon/wso2am-2.2.0/repository/conf folder of the container.
+
+
+## Docker command usage references
+
+* [Docker build command reference](https://docs.docker.com/engine/reference/commandline/build/)
+* [Docker run command reference](https://docs.docker.com/engine/reference/run/)
+* [Dockerfile reference](https://docs.docker.com/engine/reference/builder/)
+#TODO fix READme
\ No newline at end of file

From 6152c889576c687aa8f8ef76651e381a69e00f8f Mon Sep 17 00:00:00 2001
From: ThilinaManamgoda <maanafunedu@gmail.com>
Date: Thu, 5 Apr 2018 17:31:05 +0530
Subject: [PATCH 2/4] remove deployment json

---
 .../apim/repository/conf/api-manager.xml      |  2 +-
 .../apim/repository/conf/axis2/axis2.xml      |  2 +-
 .../jaggeryapps/portal/configs/designer.json  | 66 -------------------
 .../docker-compose.yml                        |  7 +-
 4 files changed, 5 insertions(+), 72 deletions(-)
 delete mode 100644 docker-compose/APIM-ISasKM-with-Analytics/apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json

diff --git a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/api-manager.xml b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/api-manager.xml
index 674a7358..90a66ef2 100755
--- a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/api-manager.xml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/api-manager.xml
@@ -223,7 +223,7 @@
              -If you need to start two API Manager instances in the same machine, you need to give different ports to "ThriftServerPort" value in two nodes.
              -ThriftServerHost - Allows to configure a hostname for the thrift server. It uses the carbon hostname by default.
 	         -The Gateway uses this parameter to connect to the key validation thrift service. -->
-        <KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
+        <KeyValidatorClientType>WSClient</KeyValidatorClientType>
         <ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
         <!--ThriftClientPort>10397</ThriftClientPort-->
 
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/axis2/axis2.xml b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/axis2/axis2.xml
index 4cbe17c0..80da46de 100644
--- a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/axis2/axis2.xml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/axis2/axis2.xml
@@ -556,7 +556,7 @@
             <filePath>repository/resources/security/sslprofiles.xml</filePath>
             <fileReadInterval>600000</fileReadInterval>
         </parameter>
-        <!--<parameter name="HostnameVerifier">AllowAll</parameter>-->
+        <parameter name="HostnameVerifier">AllowAll</parameter>
             <!--supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
     </transportSender>
 
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json
deleted file mode 100644
index a76a0c62..00000000
--- a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json
+++ /dev/null
@@ -1,66 +0,0 @@
-{
-  "store": {
-    "types": ["fs"]
-  },
-  "gadgetGeneration" :{
-    "isCreateGadgetEnable": false,
-    "ignoreProviders": ["rt"]
-  },
-  "authentication": {
-    "activeMethod": "basic",
-    "methods": {
-      "sso": {
-        "attributes": {
-          "issuer": "portal",
-          "identityProviderURL": "https://localhost:9443/samlsso",
-          "responseSigningEnabled": "false",
-          "acs": "https://localhost:9444/portal/acs",
-          "identityAlias": "wso2carbon",
-          "useTenantKey": false
-        }
-      },
-      "basic": {
-        "attributes": {}
-      }
-    }
-  },
-  "authorization": {
-    "activeMethod": "",
-    "methods": {
-      "oauth": {
-        "attributes": {
-          "idPServer": "%https.ip%/oauth2/token",
-          "dynamicClientProperties": {
-            "callbackUrl": "%https.ip%/portal",
-            "clientName": "portal",
-            "owner": "admin",
-            "applicationType": "JaggeryApp",
-            "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer",
-            "saasApp": false,
-            "dynamicClientRegistrationEndPoint": "%https.ip%/dynamic-client-web/register/",
-            "tokenScope": "Production"
-          }
-        }
-      }
-    }
-  },
-  "designers": [
-    "Internal/everyone"
-  ],
-  "tenantPrefix": "/t",
-  "shareStore": false,
-  "theme": "basic",
-  "cacheTimeoutSeconds": "5",
-  "cacheSizeBytes": "1073741824",
-  "defaultDashboardRedirect": false,
-  "isCreateGadgetEnable": true,
-  "oauth": {
-    "username": "admin",
-    "password": "admin"
-  },
-  "host": {
-    "hostname": "am-analytics",
-    "port": "",
-    "protocol": ""
-  }
-}
\ No newline at end of file
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/docker-compose.yml b/docker-compose/APIM-ISasKM-with-Analytics/docker-compose.yml
index ac90fd57..4b28bd57 100755
--- a/docker-compose/APIM-ISasKM-with-Analytics/docker-compose.yml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/docker-compose.yml
@@ -15,7 +15,7 @@ services:
       timeout: 60s
       retries: 5
   am-analytics:
-    image: wso2am-analytics:2.2.0
+    image: docker.wso2.com/wso2am-analytics:2.2.0
     ports:
       - "9444:9444"
       - "9764:9764"
@@ -34,7 +34,7 @@ services:
     links:
       - mysql
   is-as-km:
-    image: wso2is-km:5.5.0
+    image: docker.wso2.com/wso2is-km:5.5.0
     healthcheck:
       test: ["CMD", "curl", "-k", "-f", "https://localhost:9443/carbon/admin/login.jsp"]
       interval: 10s
@@ -58,7 +58,7 @@ services:
       - mysql
       - am-analytics
   api-manager:
-    image: wso2am:2.2.0
+    image: docker.wso2.com/wso2am:2.2.0
     healthcheck:
       test: ["CMD", "curl", "-k", "-f", "https://localhost:9443/carbon/admin/login.jsp"]
       interval: 10s
@@ -80,7 +80,6 @@ services:
       - ./apim/repository/conf/tomcat/catalina-server.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/tomcat/catalina-server.xml
       - ./apim/repository/conf/axis2/axis2.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/axis2/axis2.xml
       - ./apim/bin/wso2server.sh:/home/wso2carbon/wso2am-2.2.0/bin/wso2server.sh
-      - ./apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json:/home/wso2carbon/wso2am-2.2.0/repository/deployment/server/jaggeryapps/portal/configs/designer.json
     ports:
       - "9763:9763"
       - "9443:9443"

From f76a0c348d40cdcb155f2c3a9ba6b3924f2e9269 Mon Sep 17 00:00:00 2001
From: ThilinaManamgoda <maanafunedu@gmail.com>
Date: Thu, 5 Apr 2018 18:13:29 +0530
Subject: [PATCH 3/4] Analytics with APIM pattern

---
 .../APIM-ISasKM-with-Analytics/README.md      |   4 +-
 .../apim/repository/conf/axis2/axis2.xml      |   4 +-
 docker-compose/APIM-with-Analytics/README.md  |   4 +-
 .../apim/repository/conf/api-manager.xml      | 112 ++---
 .../apim/repository/conf/carbon.xml           |  14 +-
 .../apim/repository/conf/log4j.properties     | 220 ----------
 .../jaggeryapps/portal/configs/designer.json  |  66 ---
 .../APIM-with-Analytics/docker-compose.yml    |  20 +-
 .../mysql/scripts/apim_mysql5.7.sql           | 412 ++++++++++++++----
 .../mysql/scripts/carbon_mysql5.7.sql         |  13 +
 10 files changed, 393 insertions(+), 476 deletions(-)
 delete mode 100644 docker-compose/APIM-with-Analytics/apim/repository/conf/log4j.properties
 delete mode 100644 docker-compose/APIM-with-Analytics/apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json

diff --git a/docker-compose/APIM-ISasKM-with-Analytics/README.md b/docker-compose/APIM-ISasKM-with-Analytics/README.md
index cce7a7d2..e7c13a6a 100755
--- a/docker-compose/APIM-ISasKM-with-Analytics/README.md
+++ b/docker-compose/APIM-ISasKM-with-Analytics/README.md
@@ -7,10 +7,10 @@
    in order to run the steps provided in following Quick start guide. <br><br>
  * In order to run this Docker Compose setup, you will need an active [Free Trial Subscription](https://wso2.com/free-trial-subscription) 
    from WSO2 since the referring Docker images hosted at docker.wso2.com contains the latest updates and fixes for WSO2 API Manager <br>and
-   API Manager Analytics 2.1.0 and WSO2 Identity Server as KM 5.3.0. You can sign up for a Free Trial Subscription [here](https://wso2.com/free-trial-subscription). <br><br>
+   API Manager Analytics 2.2.0 and WSO2 Identity Server as KM 5.3.0. You can sign up for a Free Trial Subscription [here](https://wso2.com/free-trial-subscription). <br><br>
  * If you wish to run the Docker Compose setup using Docker images built locally, build Docker images using <br> [WSO2 API Manager Dockerfile](../../dockerfiles/apim/README.md), [API Manager Analytics Dockerfile](../../dockerfiles/apim-analytics/README.md) and 
   [WSO2 Identity Server as KM Dockerfile](../../dockerfiles/is-as-km/README.md) and remove the `docker.wso2.com/` prefix 
-  from the `image` name In the `docker-compose.yml`. For example, change the line <br> `image: docker.wso2.com/wso2am:2.1.0` to `image: wso2am:2.1.0` . <br><br>
+  from the `image` name In the `docker-compose.yml`. For example, change the line <br> `image: docker.wso2.com/wso2am:2.2.0` to `image: wso2am:2.2.0` . <br><br>
 ## Quick Start Guide
 
 1. Clone WSO2 API Manager Docker git repository.
diff --git a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/axis2/axis2.xml b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/axis2/axis2.xml
index 80da46de..c8146eb2 100644
--- a/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/axis2/axis2.xml
+++ b/docker-compose/APIM-ISasKM-with-Analytics/apim/repository/conf/axis2/axis2.xml
@@ -58,8 +58,8 @@
     <parameter name="ModulesDirectory">axis2modules</parameter>
 
     <!-- User agent and the server details to be used in the http communication -->
-    <parameter name="userAgent" locked="true">WSO2 AM 2.1.0</parameter>
-    <parameter name="server" locked="true">WSO2 AM 2.1.0</parameter>
+    <parameter name="userAgent" locked="true">WSO2 AM 2.2.0</parameter>
+    <parameter name="server" locked="true">WSO2 AM 2.2.0</parameter>
 
     <!-- During a fault, stacktrace can be sent with the fault message. The following flag -->
     <!-- will control that behaviour -->
diff --git a/docker-compose/APIM-with-Analytics/README.md b/docker-compose/APIM-with-Analytics/README.md
index 88bc0e47..387ee19a 100755
--- a/docker-compose/APIM-with-Analytics/README.md
+++ b/docker-compose/APIM-with-Analytics/README.md
@@ -8,9 +8,9 @@
    in order to run the steps provided in following Quick start guide. <br><br>
  * In order to run this Docker Compose setup, you will need an active [Free Trial Subscription](https://wso2.com/free-trial-subscription) 
    from WSO2 since the referring Docker images hosted at docker.wso2.com contains the latest updates and fixes for WSO2 API Manager <br>and 
-   API Manager Analytics 2.1.0 products. You can sign up for a Free Trial Subscription [here](https://wso2.com/free-trial-subscription). <br><br>
+   API Manager Analytics 2.2.0 products. You can sign up for a Free Trial Subscription [here](https://wso2.com/free-trial-subscription). <br><br>
  * If you wish to run the Docker Compose setup using Docker images built locally, build Docker images using <br> [WSO2 API Manager Dockerfile](../../dockerfiles/apim/README.md) and [WSO2 API Manager Analytics Dockerfile](../../dockerfiles/apim-analytics/README.md) and remove `docker.wso2.com/` prefix from the `image` name in `docker-compose.yml`.
-   For example, change the line `image: docker.wso2.com/wso2am:2.1.0` to `image: wso2am:2.1.0`. <br>
+   For example, change the line `image: docker.wso2.com/wso2am:2.2.0` to `image: wso2am:2.2.0`. <br>
   
 <br>
 
diff --git a/docker-compose/APIM-with-Analytics/apim/repository/conf/api-manager.xml b/docker-compose/APIM-with-Analytics/apim/repository/conf/api-manager.xml
index 70bc8569..f7170bc2 100755
--- a/docker-compose/APIM-with-Analytics/apim/repository/conf/api-manager.xml
+++ b/docker-compose/APIM-with-Analytics/apim/repository/conf/api-manager.xml
@@ -56,8 +56,6 @@
              Token generation the implementation is provided in URLSafeJWTGenerator -->
         <!--<JWTGeneratorImpl>org.wso2.carbon.apimgt.keymgt.token.URLSafeJWTGenerator</JWTGeneratorImpl>-->
 
-        <!-- Remove UserName from JWT Token -->
-        <!-- <RemoveUserNameFromJWTForApplicationToken>true</RemoveUserNameFromJWTForApplicationToken>-->
     </JWTConfiguration>
 
     <!-- Primary/secondary login configuration for APIstore. If user likes to keep two login attributes in a distributed setup, to login the APIstore,
@@ -93,7 +91,7 @@
                 <!-- Admin password for the API gateway.-->
                 <Password>${admin.password}</Password>
                 <!-- Endpoint URLs for the APIs hosted in this API gateway.-->
-                <GatewayEndpoint>http://api-manager:${http.nio.port},https://api-manager:${https.nio.port}</GatewayEndpoint>
+                <GatewayEndpoint>http://localhost:${http.nio.port},https://localhost:${https.nio.port}</GatewayEndpoint>
             </Environment>
         </Environments>
     </APIGateway>
@@ -108,6 +106,15 @@
         <!-- This parameter specifies whether Recently Added APIs will be loaded from the cache or not.
              If there are multiple API modification during a short time period, better to disable cache. -->
         <EnableRecentlyAddedAPICache>false</EnableRecentlyAddedAPICache>
+        <!-- This parameter specifies whether scopes are taken from cache or not. If you are modifying application
+        subscriptions frequently, modifying the user roles frequently or updating the subscribed APIs frequently, it
+        is better to turn-off this cache-->
+        <EnableScopeCache>true</EnableScopeCache>
+        <!-- This indicates whether the role cache need to enabled in the publisher. If this is disabled, there will
+        be a call to key manager to all the calls to API publisher APIs. It is highly recommended to enable this
+        cache. However, if the system is in a state, where the role addition and deletion happens seamlessly, the
+        cache will be in in-valid state.-->
+        <EnablePublisherRoleCache>true</EnablePublisherRoleCache>
 	    <!-- JWT claims Cache expiry in seconds -->
         <!--JWTClaimCacheExpiry>900</JWTClaimCacheExpiry-->
         <!-- Expiry time for the apim key mgt validation info cache -->
@@ -190,7 +197,7 @@
             </ExecutionTime>
 	    <AlertTypes>
                 <Name>org.wso2.analytics.apim.alertStakeholderInfo</Name>
-                <Version>1.0.0</Version>
+                <Version>1.0.1</Version>
             </AlertTypes>
         </Streams>
 
@@ -216,11 +223,11 @@
              -If you need to start two API Manager instances in the same machine, you need to give different ports to "ThriftServerPort" value in two nodes.
              -ThriftServerHost - Allows to configure a hostname for the thrift server. It uses the carbon hostname by default.
 	         -The Gateway uses this parameter to connect to the key validation thrift service. -->
-        <KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
+        <KeyValidatorClientType>WSClient</KeyValidatorClientType>
         <ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
         <!--ThriftClientPort>10397</ThriftClientPort-->
 
-        <EnableThriftServer>true</EnableThriftServer>
+        <EnableThriftServer>false</EnableThriftServer>
         <ThriftServerHost>localhost</ThriftServerHost>
         <!--ThriftServerPort>10397</ThriftServerPort-->
 
@@ -249,6 +256,8 @@
     <OAuthConfigurations>
         <!-- Remove OAuth headers from outgoing message. -->
         <!--RemoveOAuthHeadersFromOutMessage>true</RemoveOAuthHeadersFromOutMessage-->
+        <!--Authorization header-->
+        <!--AuthorizationHeader>Authorization</AuthorizationHeader-->
         <!-- Scope used for marking Application Tokens. If a token is generated with this scope, they will be treated as Application Access Tokens -->
         <ApplicationTokenScope>am_application_scope</ApplicationTokenScope>
         <!-- All  scopes under the ScopeWhitelist element are not validating against roles that has assigned to it.
@@ -280,14 +289,15 @@
 
     <!-- API Store Related Configurations -->
     <APIStore>
+        <EnableMultipleGroupId>false</EnableMultipleGroupId>
         <!--GroupingExtractor>org.wso2.carbon.apimgt.impl.DefaultGroupIDExtractorImpl</GroupingExtractor-->
         <!--This property is used to indicate how we do user name comparision for token generation https://wso2.org/jira/browse/APIMANAGER-2225-->
         <CompareCaseInsensitively>true</CompareCaseInsensitively>
         <DisplayURL>false</DisplayURL>
-        <URL>https://api-manager/store</URL>
+        <URL>https://localhost:${mgt.transport.https.port}/store</URL>
 
         <!-- Server URL of the API Store. -->
-        <ServerURL>https://api-manager:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
+        <ServerURL>https://localhost:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
         <!-- Admin username for API Store. -->
         <Username>${admin.username}</Username>
 
@@ -317,7 +327,7 @@
 
     <APIPublisher>
         <DisplayURL>false</DisplayURL>
-        <URL>https://api-manager/publisher</URL>
+        <URL>https://localhost:${mgt.transport.https.port}/publisher</URL>
         <!-- This parameter specifies enabling the capability of setting API documentation level granular visibility levels.
              By default any document associate with an API will have the same permissions set as the API.With enabling below
              property,it will show two additional permission levels as visible only to all registered users in a particular
@@ -325,6 +335,8 @@
         <!--EnableAPIDocVisibilityLevels>true</EnableAPIDocVisibilityLevels-->
         <!-- Uncomment this to limit the number of APIs in api the API Publisher -->
         <!--APIsPerPage>30</APIsPerPage-->
+        <!-- This property need to be enabled to enable the publisher access control support -->
+        <EnableAccessControl>true</EnableAccessControl>
     </APIPublisher>
 
     <!-- Status observers can be registered against the API Publisher to listen for
@@ -336,46 +348,6 @@
         <Observer>org.wso2.carbon.apimgt.impl.observers.SimpleLoggingObserver</Observer>
     </StatusObservers-->
 
-    <!-- Use this configuration Create APIs at the Server startup -->
-    <StartupAPIPublisher>
-        <!-- Enable/Disable the API Startup Publisher -->
-        <Enabled>false</Enabled>
-
-        <!-- Configuration to create APIs for local endpoints.
-             Endpoint will be computed as http://${carbon.local.ip}:${mgt.transport.http.port}/Context.
-             Define many LocalAPI elements as below to create many APIs
-             for local Endpoints.
-             IconPath should be relative to CARBON_HOME. -->
-        <LocalAPIs>
-            <LocalAPI>
-                <Context>/resource</Context>
-                <Provider>admin</Provider>
-                <Version>1.0.0</Version>
-                <IconPath>none</IconPath>
-                <DocumentURL>none</DocumentURL>
-                <AuthType>Any</AuthType>
-            </LocalAPI>
-        </LocalAPIs>
-
-        <!-- Configuration to create APIs for remote endpoints.
-             When Endpoint need to be defined use this configuration.
-             Define many API elements as below to create many APIs
-             for external Endpoints.
-             If you do not need to add Icon or Documentation set
-             'none' as the value for IconPath & DocumentURL. -->
-        <!--APIs>
-            <API>
-                <Context>/resource</Context>
-                <Endpoint>http://localhost:9764/resource</Endpoint>
-                <Provider>admin</Provider>
-                <Version>1.0.0</Version>
-                <IconPath>none</IconPath>
-                <DocumentURL>none</DocumentURL>
-                <AuthType>Any</AuthType>
-            </API>
-        </APIs-->
-    </StartupAPIPublisher>
-
     <!-- Configuration to enable/disable sending CORS headers in the Gateway response
          and define the Access-Control-Allow-Origin header value.-->
     <CORSConfiguration>
@@ -571,13 +543,15 @@
     </RESTAPI>
     <ThrottlingConfigurations>
         <EnableAdvanceThrottling>true</EnableAdvanceThrottling>
-        <DataPublisher>
-            <Enabled>true</Enabled>
+        <TrafficManager>
             <Type>Binary</Type>
             <ReceiverUrlGroup>tcp://${carbon.local.ip}:${receiver.url.port}</ReceiverUrlGroup>
             <AuthUrlGroup>ssl://${carbon.local.ip}:${auth.url.port}</AuthUrlGroup>
             <Username>${admin.username}</Username>
             <Password>${admin.password}</Password>
+        </TrafficManager>
+        <DataPublisher>
+            <Enabled>true</Enabled>
             <DataPublisherPool>
                 <MaxIdle>1000</MaxIdle>
                 <InitIdleCapacity>200</InitIdleCapacity>
@@ -589,6 +563,7 @@
             </DataPublisherThreadPool>
         </DataPublisher>
         <PolicyDeployer>
+            <Enabled>true</Enabled>
             <ServiceURL>https://localhost:${mgt.transport.https.port}${carbon.context}services/</ServiceURL>
             <Username>${admin.username}</Username>
             <Password>${admin.password}</Password>
@@ -600,32 +575,16 @@
         </BlockCondition>
         <JMSConnectionDetails>
             <Enabled>true</Enabled>
-            <ServiceURL>tcp://${carbon.local.ip}:${jms.port}</ServiceURL>
-            <Username>${admin.username}</Username>
-            <Password>${admin.password}</Password>
             <Destination>throttleData</Destination>
             <!--InitDelay>300000</InitDelay-->
             <JMSConnectionParameters>
                 <transport.jms.ConnectionFactoryJNDIName>TopicConnectionFactory</transport.jms.ConnectionFactoryJNDIName>
                 <transport.jms.DestinationType>topic</transport.jms.DestinationType>
                 <java.naming.factory.initial>org.wso2.andes.jndi.PropertiesFileInitialContextFactory</java.naming.factory.initial>
-                <connectionfactory.TopicConnectionFactory>amqp://${jms.username}:${jms.password}@clientid/carbon?brokerlist='${jms.url}'</connectionfactory.TopicConnectionFactory>
+                <connectionfactory.TopicConnectionFactory>amqp://${admin.username}:${admin.password}@clientid/carbon?brokerlist='tcp://${carbon.local.ip}:${jms.port}'</connectionfactory.TopicConnectionFactory>
             </JMSConnectionParameters>
-            <JMSTaskManager>
-                <MinThreadPoolSize>20</MinThreadPoolSize>
-                <MaxThreadPoolSize>100</MaxThreadPoolSize>
-                <KeepAliveTimeInMillis>1000</KeepAliveTimeInMillis>
-                <JobQueueSize>10</JobQueueSize>
-            </JMSTaskManager>
         </JMSConnectionDetails>
-        <JMSEventPublisherParameters>
-                <java.naming.factory.initial>org.wso2.andes.jndi.PropertiesFileInitialContextFactory</java.naming.factory.initial>
-                <java.naming.provider.url>repository/conf/jndi.properties</java.naming.provider.url>
-                <transport.jms.DestinationType>topic</transport.jms.DestinationType>
-                <transport.jms.Destination>throttleData</transport.jms.Destination>
-                <transport.jms.ConcurrentPublishers>allow</transport.jms.ConcurrentPublishers>
-                <transport.jms.ConnectionFactoryJNDIName>TopicConnectionFactory</transport.jms.ConnectionFactoryJNDIName>
-        </JMSEventPublisherParameters>
+
         <!--DefaultLimits>
             <SubscriptionTierLimits>
                 <Gold>5000</Gold>
@@ -649,14 +608,15 @@
         <EnableJWTClaimConditions>false</EnableJWTClaimConditions>
         <EnableQueryParamConditions>false</EnableQueryParamConditions>
     </ThrottlingConfigurations>
+    
     <WorkflowConfigurations>
         <Enabled>false</Enabled>
-        <ServerUrl>https://localhost:9445/bpmn</ServerUrl>
-        <ServerUser>${admin.username}</ServerUser>
-        <ServerPassword>${admin.password}</ServerPassword>
-        <WorkflowCallbackAPI>https://localhost:${mgt.transport.https.port}/api/am/publisher/v0.10/workflows/update-workflow-status</WorkflowCallbackAPI>
+    	<ServerUrl>https://localhost:9445/bpmn</ServerUrl>   		
+    	<ServerUser>${admin.username}</ServerUser>
+    	<ServerPassword>${admin.password}</ServerPassword>
+    	<WorkflowCallbackAPI>https://localhost:${mgt.transport.https.port}/api/am/publisher/v0.12/workflows/update-workflow-status</WorkflowCallbackAPI>
         <TokenEndPoint>https://localhost:${https.nio.port}/token</TokenEndPoint>
-        <DCREndPoint>https://localhost:${mgt.transport.https.port}/client-registration/v0.10/register</DCREndPoint>
+        <DCREndPoint>https://localhost:${mgt.transport.https.port}/client-registration/v0.12/register</DCREndPoint>
         <DCREndPointUser>${admin.username}</DCREndPointUser>
         <DCREndPointPassword>${admin.password}</DCREndPointPassword>
     </WorkflowConfigurations>
@@ -668,8 +628,8 @@
             <ModelPackage>org.wso2.client.model.</ModelPackage>
             <ApiPackage>org.wso2.client.api.</ApiPackage>
             <!-- Configure supported languages/Frameworks as comma separated values,
-             Supported Languages/Frameworks : android, java, scala, csharp, cpp, dart, flash, go, groovy, javascript, jmeter,
-             nodejs, perl, php, python, ruby, swift, clojure, aspNet5, asyncScala, spring, csharpDotNet2, haskell-->
+             Supported Languages/Frameworks : android, java, scala, csharp, dart, flash, groovy, javascript, jmeter,
+             nodejs, perl, php, python, ruby, swift, clojure, asyncScala, csharpDotNet2-->
             <SupportedLanguages>java,android</SupportedLanguages>
         </ClientGeneration>
     </SwaggerCodegen>
diff --git a/docker-compose/APIM-with-Analytics/apim/repository/conf/carbon.xml b/docker-compose/APIM-with-Analytics/apim/repository/conf/carbon.xml
index 2e369a33..f0f9ba3a 100755
--- a/docker-compose/APIM-with-Analytics/apim/repository/conf/carbon.xml
+++ b/docker-compose/APIM-with-Analytics/apim/repository/conf/carbon.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <!--
- Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@
     <!--
        Product Version
     -->
-    <Version>2.1.0</Version>
+    <Version>2.2.0</Version>
 
     <!--
        Host name or IP address of the machine hosting this server
@@ -574,16 +574,6 @@
         <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
     </DeploymentSynchronizer>
 
-    <!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync.
-        In master nodes you need to set both AutoCommit and AutoCheckout to true
-        and in  worker nodes set only AutoCheckout to true.
-    -->
-    <!--<DeploymentSynchronizer>
-        <Enabled>true</Enabled>
-        <AutoCommit>false</AutoCommit>
-        <AutoCheckout>true</AutoCheckout>
-    </DeploymentSynchronizer>-->
-
     <!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB -->
     <!--<MediationConfig>
         <LoadFromRegistry>false</LoadFromRegistry>
diff --git a/docker-compose/APIM-with-Analytics/apim/repository/conf/log4j.properties b/docker-compose/APIM-with-Analytics/apim/repository/conf/log4j.properties
deleted file mode 100644
index 3119b407..00000000
--- a/docker-compose/APIM-with-Analytics/apim/repository/conf/log4j.properties
+++ /dev/null
@@ -1,220 +0,0 @@
-#
-#  Copyright (c) 2005-2015, WSO2 Inc. (http://wso2.com) All Rights Reserved.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#        http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-#
-
-##
-# This is the log4j configuration file used by WSO2 AM
-# =====================================================
-#
-# IMPORTANT : Please do not remove or change the names of any of the Appenders defined here.
-# The layout pattern & log file can be changed using the WSO2 AM Management Console, and those
-# settings will override the settings in this file.
-##
-
-
-# the root category is ERROR (applies for all 3rd party JARs etc) and will be logged to the
-# LOG_APPENDER and the CONSOLE_APPENDER
-
-log4j.rootLogger=ERROR, CARBON_CONSOLE, CARBON_LOGFILE, CARBON_MEMORY, CARBON_SYS_LOG, ERROR_LOGFILE, DAS_AGENT
-
-log4j.logger.AUDIT_LOG=INFO, AUDIT_LOGFILE
-
-log4j.category.org.apache.synapse=INFO
-log4j.category.org.apache.synapse.transport=INFO
-log4j.category.org.apache.axis2=INFO
-log4j.category.org.apache.axis2.transport=INFO
-log4j.logger.com.atomikos=INFO,ATOMIKOS
-log4j.logger.org.quartz=WARN
-log4j.logger.org.wso2=INFO
-log4j.logger.org.wso2.carbon=INFO
-#log4j.category.org.apache.synapse.transport.nhttp.util=DEBUG
-#log4j.category.org.apache.http.impl.nio.reactor=DEBUG
-#log4j.logger.org.wso2.carbon.utils.deployment.ComponentBuilder=DEBUG
-#log4j.logger.org.wso2.carbon.utils.deployment.OSGiBundleDeployer=DEBUG
-log4j.logger.org.apache.catalina=WARN
-log4j.logger.org.apache.coyote=WARN
-log4j.logger.org.apache.axis2.enterprise=FATAL
-log4j.logger.de.hunsicker.jalopy.io=FATAL
-
-# uncomment the following logs to see HTTP headers and messages
-#log4j.logger.org.apache.synapse.transport.http.headers=DEBUG
-#log4j.logger.org.apache.synapse.transport.http.wire=DEBUG
-
-# qpid related logs for the message broker
-log4j.logger.qpid=WARN
-log4j.logger.org.apache.qpid=WARN
-log4j.logger.org.apache.qpid.server.Main=INFO
-log4j.logger.qpid.message=WARN
-log4j.logger.qpid.message.broker.listening=INFO
-log4j.logger.org.wso2.carbon.databridge.agent.thrift.AsyncDataPublisher=WARN
-
-# The console appender is used to display general information at console
-log4j.appender.CARBON_CONSOLE=org.wso2.carbon.utils.logging.appenders.CarbonConsoleAppender
-log4j.appender.CARBON_CONSOLE.layout=org.apache.log4j.PatternLayout
-log4j.appender.CARBON_CONSOLE.layout.ConversionPattern=[%d{ISO8601}] %5p - %c{1} %m%n
-
-# Configure the service logger at INFO level. Writes only run-time/mediation-time audit messages
-log4j.category.SERVICE_LOGGER=INFO, SERVICE_APPENDER
-log4j.additivity.SERVICE_LOGGER=false
-log4j.appender.SERVICE_APPENDER=org.apache.log4j.RollingFileAppender
-log4j.appender.SERVICE_APPENDER.File=${carbon.home}/repository/logs/${instance.log}/wso2-apigw-service${instance.log}.log
-log4j.appender.SERVICE_APPENDER.MaxFileSize=1000KB
-log4j.appender.SERVICE_APPENDER.MaxBackupIndex=10
-log4j.appender.SERVICE_APPENDER.layout=org.apache.log4j.PatternLayout
-log4j.appender.SERVICE_APPENDER.layout.ConversionPattern=%d{ISO8601} [%X{ip}-%X{host}] [%t] %5p %c{1} %m%n
-
-# The trace logger dumps enough information @INFO level, but maybe pushed upto TRACE.
-# Writes only run-time/mediation time tracing/debug messages for messages passing through trace
-# enabled sequences, mediators and services. Enabling tracing on these has a performance impact
-log4j.category.TRACE_LOGGER=INFO, TRACE_APPENDER, TRACE_MEMORYAPPENDER
-log4j.additivity.TRACE_LOGGER=false
-log4j.appender.TRACE_APPENDER=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.TRACE_APPENDER.File=${carbon.home}/repository/logs/${instance.log}/wso2-apigw-trace${instance.log}.log
-log4j.appender.TRACE_APPENDER.Append=true
-log4j.appender.TRACE_APPENDER.layout=org.apache.log4j.PatternLayout
-log4j.appender.TRACE_APPENDER.layout.ConversionPattern=%d{HH:mm:ss,SSS} [%X{ip}-%X{host}] [%t] %5p %c{1} %m%n
-
-# The memory appender for trace logger
-log4j.appender.TRACE_MEMORYAPPENDER=org.wso2.carbon.utils.logging.appenders.MemoryAppender
-log4j.appender.TRACE_MEMORYAPPENDER.bufferSize=2000
-log4j.appender.TRACE_MEMORYAPPENDER.layout=org.apache.log4j.PatternLayout
-log4j.appender.TRACE_MEMORYAPPENDER.layout.ConversionPattern=%d{HH:mm:ss,SSS} [%X{ip}-%X{host}] [%t] %5p %m%n
-
-# CARBON_LOGFILE is set to be a DailyRollingFileAppender using a PatternLayout.
-log4j.appender.CARBON_LOGFILE=org.wso2.carbon.utils.logging.appenders.CarbonDailyRollingFileAppender
-# Log file will be overridden by the configuration setting in the DB
-# This path should be relative to WSO2 Carbon Home
-log4j.appender.CARBON_LOGFILE.File=${carbon.home}/repository/logs/${instance.log}/wso2carbon${instance.log}.log
-log4j.appender.CARBON_LOGFILE.Append=true
-log4j.appender.CARBON_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
-# ConversionPattern will be overridden by the configuration setting in the DB
-log4j.appender.CARBON_LOGFILE.layout.ConversionPattern=TID: [%T] [%S] [%d] %P%5p {%c} - %x %m {%c}%n
-log4j.appender.CARBON_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
-log4j.appender.CARBON_LOGFILE.threshold=DEBUG
-
-# The standard error log where all the warnings, errors and fatal errors will be logged
-log4j.appender.ERROR_LOGFILE=org.apache.log4j.FileAppender
-log4j.appender.ERROR_LOGFILE.File=${carbon.home}/repository/logs/${instance.log}/wso2-apigw-errors.log
-log4j.appender.ERROR_LOGFILE.layout=org.apache.log4j.PatternLayout
-log4j.appender.ERROR_LOGFILE.layout.ConversionPattern=%d{ISO8601} [%X{ip}-%X{host}] [%t] %5p %c{1} %m%n
-log4j.appender.ERROR_LOGFILE.threshold=WARN
-
-# The memory appender for logging
-log4j.appender.CARBON_MEMORY=org.wso2.carbon.logging.service.appender.CarbonMemoryAppender
-log4j.appender.CARBON_MEMORY.bufferSize=2000
-log4j.appender.CARBON_MEMORY.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
-# ConversionPattern will be overridden by the configuration setting in the DB
-log4j.appender.CARBON_MEMORY.layout.ConversionPattern=TID: [%T] [%S] [%d] %P%5p {%c} - %x %m {%c}%n
-log4j.appender.CARBON_MEMORY.layout.TenantPattern=%U%@%D [%T] [%S]
-log4j.appender.CARBON_MEMORY.columnList=%T,%S,%A,%d,%c,%p,%m,%H,%I,%Stacktrace
-log4j.appender.CARBON_MEMORY.threshold=DEBUG
-
-# LOGEVENT is set to be a LogEventAppender using a PatternLayout to send logs to LOGEVENT
-log4j.appender.LOGEVENT=org.wso2.carbon.logging.appender.LogEventAppender
-log4j.appender.LOGEVENT.url=tcp://localhost:7611
-log4j.appender.LOGEVENT.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
-log4j.appender.LOGEVENT.columnList=%T,%S,%A,%d,%c,%p,%m,%I,%Stacktrace
-log4j.appender.LOGEVENT.userName=admin
-log4j.appender.LOGEVENT.password=admin
-log4j.appender.LOGEVENT.processingLimit=1000
-log4j.appender.LOGEVENT.maxTolerableConsecutiveFailure=20
-
-
-log4j.appender.CARBON_SYS_LOG = org.apache.log4j.net.SyslogAppender
-log4j.appender.CARBON_SYS_LOG.layout=org.apache.log4j.PatternLayout
-log4j.appender.CARBON_SYS_LOG.layout.ConversionPattern=[%d] %5p - %x %m {%c}%n
-log4j.appender.CARBON_SYS_LOG.SyslogHost=localhost
-log4j.appender.CARBON_SYS_LOG.Facility=USER
-log4j.appender.CARBON_SYS_LOG.threshold=DEBUG
-
-# LOGEVENT is set to be a LogEventAppender using a PatternLayout to send logs to LOGEVENT
-log4j.appender.LOGEVENT=org.wso2.carbon.logging.appender.LogEventAppender
-log4j.appender.LOGEVENT.url=tcp://localhost:7611
-log4j.appender.LOGEVENT.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
-log4j.appender.LOGEVENT.columnList=%T,%S,%A,%d,%c,%p,%m,%H,%I,%Stacktrace
-log4j.appender.LOGEVENT.userName=admin
-log4j.appender.LOGEVENT.password=admin
-
-log4j.logger.org.apache.directory.shared.ldap=WARN, CARBON_CONSOLE
-log4j.logger.org.apache.directory.server.ldap.handlers=WARN, CARBON_CONSOLE
-log4j.logger.org.apache.directory.shared.ldap.entry.DefaultServerAttribute=FATAL, CARBON_CONSOLE
-log4j.logger.org.apache.directory.shared.ldap.ldif.LdifReader=ERROR, CARBON_CONSOLE
-log4j.logger.org.apache.directory.server.ldap.LdapProtocolHandler=ERROR, CARBON_CONSOLE
-
-## Trace Logger configuration which will append to a XMPP chatroom or JID ##
-#log4j.appender.XMPP_APPENDER=org.wso2.carbon.utils.logging.IMAppender
-#log4j.appender.XMPP_APPENDER.host=jabber.org
-#log4j.appender.XMPP_APPENDER.username=wso2esb
-#log4j.appender.XMPP_APPENDER.password=wso2esb
-#log4j.appender.XMPP_APPENDER.recipient=ruwan@jabber.org
-#log4j.appender.XMPP_APPENDER.layout=org.apache.log4j.PatternLayout
-#log4j.appender.XMPP_APPENDER.layout.ConversionPattern=[%X{host}] [%t] %-5p [%d{HH:mm:ss,SSS}] %C{1} - %m%n
-
-# Appender config to AUDIT_LOGFILE
-log4j.appender.AUDIT_LOGFILE=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.AUDIT_LOGFILE.File=${carbon.home}/repository/logs/audit.log
-log4j.appender.AUDIT_LOGFILE.Append=true
-log4j.appender.AUDIT_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
-log4j.appender.AUDIT_LOGFILE.layout.ConversionPattern=[%d] %P%5p - %x %m %n
-log4j.appender.AUDIT_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
-log4j.appender.AUDIT_LOGFILE.threshold=INFO
-log4j.additivity.AUDIT_LOG=false
-
-# Appender config to send Atomikos transaction logs to new log file tm.out.
-log4j.appender.ATOMIKOS = org.apache.log4j.RollingFileAppender
-log4j.appender.ATOMIKOS.File = repository/logs/tm.out
-log4j.appender.ATOMIKOS.Append = true
-log4j.appender.ATOMIKOS.layout = org.apache.log4j.PatternLayout
-log4j.appender.ATOMIKOS.layout.ConversionPattern=%p %t %c - %m%n
-log4j.additivity.com.atomikos=false
-
-# DAS_AGENT is set to be a Custom Log Appender.
-log4j.appender.DAS_AGENT=org.wso2.carbon.analytics.shared.data.agents.log4j.appender.LogEventAppender
-# DAS_AGENT uses PatternLayout.
-log4j.appender.DAS_AGENT.layout=org.wso2.carbon.analytics.shared.data.agents.log4j.util.TenantAwarePatternLayout
-log4j.appender.DAS_AGENT.columnList=%D,%S,%A,%d,%c,%p,%m,%H,%I,%Stacktrace
-log4j.appender.DAS_AGENT.userName=admin
-log4j.appender.DAS_AGENT.password=admin
-log4j.appender.DAS_AGENT.url=tcp://am-analytics:7612
-log4j.appender.DAS_AGENT.maxTolerableConsecutiveFailure=5
-log4j.appender.DAS_AGENT.streamDef=loganalyzer:1.0.0
-log4j.logger.trace.messages=TRACE,CARBON_TRACE_LOGFILE
-
-# Appender config to CARBON_TRACE_LOGFILE
-log4j.appender.CARBON_TRACE_LOGFILE=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.CARBON_TRACE_LOGFILE.File=${carbon.home}/repository/logs/${instance.log}/wso2carbon-trace-messages${instance.log}.log
-log4j.appender.CARBON_TRACE_LOGFILE.Append=true
-log4j.appender.CARBON_TRACE_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
-log4j.appender.CARBON_TRACE_LOGFILE.layout.ConversionPattern=[%d] %P%5p {%c} - %x %m %n
-log4j.appender.CARBON_TRACE_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
-log4j.appender.CARBON_TRACE_LOGFILE.threshold=TRACE
-log4j.additivity.trace.messages=false
-
-
-# The event trace logger dumps enough information @INFO level, but maybe pushed upto TRACE.
-# Writes only run-time/event processing time tracing/debug messages for event passing through trace
-# enabled transport adapters event formatters, builders and processors. Enabling event tracing on these has a performance impact
-log4j.category.EVENT_TRACE_LOGGER=INFO, EVENT_TRACE_APPENDER, EVENT_TRACE_MEMORYAPPENDER
-log4j.additivity.EVENT_TRACE_LOGGER=false
-log4j.appender.EVENT_TRACE_APPENDER=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.EVENT_TRACE_APPENDER.File=${carbon.home}/repository/logs/${instance.log}/wso2-cep-trace${instance.log}.log
-log4j.appender.EVENT_TRACE_APPENDER.Append=true
-log4j.appender.EVENT_TRACE_APPENDER.layout=org.apache.log4j.PatternLayout
-log4j.appender.EVENT_TRACE_APPENDER.layout.ConversionPattern=%d{HH:mm:ss,SSS} [%X{ip}-%X{host}] [%t] %5p %c{1} %m%n
-# The memory appender for trace logger
-log4j.appender.EVENT_TRACE_MEMORYAPPENDER=org.wso2.carbon.utils.logging.appenders.MemoryAppender
-log4j.appender.EVENT_TRACE_MEMORYAPPENDER.bufferSize=2000
-log4j.appender.EVENT_TRACE_MEMORYAPPENDER.layout=org.apache.log4j.PatternLayout
-log4j.appender.EVENT_TRACE_MEMORYAPPENDER.layout.ConversionPattern=%d{HH:mm:ss,SSS} [%X{ip}-%X{host}] [%t] %5p %m%n
\ No newline at end of file
diff --git a/docker-compose/APIM-with-Analytics/apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json b/docker-compose/APIM-with-Analytics/apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json
deleted file mode 100644
index e518e148..00000000
--- a/docker-compose/APIM-with-Analytics/apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json
+++ /dev/null
@@ -1,66 +0,0 @@
-{
-    "store": {
-        "types": ["fs"]
-    },
-    "gadgetGeneration" :{
-        "isCreateGadgetEnable": false,
-        "ignoreProviders": ["rt"]
-    },
-    "authentication": {
-        "activeMethod": "basic",
-        "methods": {
-            "sso": {
-                "attributes": {
-                    "issuer": "portal",
-                    "identityProviderURL": "https://localhost:9443/samlsso",
-                    "responseSigningEnabled": "false",
-                    "acs": "https://localhost:9444/portal/acs",
-                    "identityAlias": "wso2carbon",
-                    "useTenantKey": false
-                }
-            },
-            "basic": {
-                "attributes": {}
-            }
-        }
-    },
-    "authorization": {
-        "activeMethod": "",
-        "methods": {
-            "oauth": {
-                "attributes": {
-                    "idPServer": "%https.ip%/oauth2/token",
-                    "dynamicClientProperties": {
-                        "callbackUrl": "%https.ip%/portal",
-                        "clientName": "portal",
-                        "owner": "admin",
-                        "applicationType": "JaggeryApp",
-                        "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer",
-                        "saasApp": false,
-                        "dynamicClientRegistrationEndPoint": "%https.ip%/dynamic-client-web/register/",
-                        "tokenScope": "Production"
-                    }
-                }
-            }
-        }
-    },
-    "designers": [
-        "Internal/everyone"
-    ],
-    "tenantPrefix": "/t",
-    "shareStore": false,
-    "theme": "basic",
-    "cacheTimeoutSeconds": "5",
-    "cacheSizeBytes": "1073741824",
-    "defaultDashboardRedirect": false,
-    "isCreateGadgetEnable": true,
-    "oauth": {
-        "username": "admin",
-        "password": "admin"
-    },
-    "host": {
-        "hostname": "am-analytics",
-        "port": "",
-        "protocol": ""
-    }
-}
diff --git a/docker-compose/APIM-with-Analytics/docker-compose.yml b/docker-compose/APIM-with-Analytics/docker-compose.yml
index e58b37b6..e879ae14 100755
--- a/docker-compose/APIM-with-Analytics/docker-compose.yml
+++ b/docker-compose/APIM-with-Analytics/docker-compose.yml
@@ -15,7 +15,7 @@ services:
       timeout: 60s
       retries: 5
   am-analytics:
-    image: docker.wso2.com/wso2am-analytics:2.1.0
+    image: docker.wso2.com/wso2am-analytics:2.2.0
     ports:
       - "9444:9444"
       - "9764:9764"
@@ -29,12 +29,12 @@ services:
       mysql:
         condition: service_healthy
     volumes:
-      - ./apim-analytics/repository/conf/datasources/analytics-datasources.xml:/home/wso2carbon/wso2am-analytics-2.1.0/repository/conf/datasources/analytics-datasources.xml
-      - ./apim-analytics/repository/conf/datasources/stats-datasources.xml:/home/wso2carbon/wso2am-analytics-2.1.0/repository/conf/datasources/stats-datasources.xml
+      - ./apim-analytics/repository/conf/datasources/analytics-datasources.xml:/home/wso2carbon/wso2am-analytics-2.2.0/repository/conf/datasources/analytics-datasources.xml
+      - ./apim-analytics/repository/conf/datasources/stats-datasources.xml:/home/wso2carbon/wso2am-analytics-2.2.0/repository/conf/datasources/stats-datasources.xml
     links:
       - mysql
   api-manager:
-    image: docker.wso2.com/wso2am:2.1.0
+    image: docker.wso2.com/wso2am:2.2.0
     healthcheck:
       test: ["CMD", "curl", "-k", "-f", "https://localhost:9443/carbon/admin/login.jsp"]
       interval: 10s
@@ -46,13 +46,11 @@ services:
       mysql:
         condition: service_healthy
     volumes:
-      - ./apim/repository/conf/datasources/master-datasources.xml:/home/wso2carbon/wso2am-2.1.0/repository/conf/datasources/master-datasources.xml
-      - ./apim/repository/conf/api-manager.xml:/home/wso2carbon/wso2am-2.1.0/repository/conf/api-manager.xml
-      - ./apim/repository/conf/carbon.xml:/home/wso2carbon/wso2am-2.1.0/repository/conf/carbon.xml
-      - ./apim/repository/conf/tomcat/catalina-server.xml:/home/wso2carbon/wso2am-2.1.0/repository/conf/tomcat/catalina-server.xml
-      - ./apim/bin/wso2server.sh:/home/wso2carbon/wso2am-2.1.0/bin/wso2server.sh
-      - ./apim/repository/deployment/server/jaggeryapps/portal/configs/designer.json:/home/wso2carbon/wso2am-2.1.0/repository/deployment/server/jaggeryapps/portal/configs/designer.json
-      - ./apim/repository/conf/log4j.properties:/home/wso2carbon/wso2am-2.1.0/repository/conf/log4j.properties
+      - ./apim/repository/conf/datasources/master-datasources.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/datasources/master-datasources.xml
+      - ./apim/repository/conf/api-manager.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/api-manager.xml
+      - ./apim/repository/conf/carbon.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/carbon.xml
+      - ./apim/repository/conf/tomcat/catalina-server.xml:/home/wso2carbon/wso2am-2.2.0/repository/conf/tomcat/catalina-server.xml
+      - ./apim/bin/wso2server.sh:/home/wso2carbon/wso2am-2.2.0/bin/wso2server.sh
     ports:
       - "9763:9763"
       - "9443:9443"
diff --git a/docker-compose/APIM-with-Analytics/mysql/scripts/apim_mysql5.7.sql b/docker-compose/APIM-with-Analytics/mysql/scripts/apim_mysql5.7.sql
index 7909e549..c6b4bf44 100644
--- a/docker-compose/APIM-with-Analytics/mysql/scripts/apim_mysql5.7.sql
+++ b/docker-compose/APIM-with-Analytics/mysql/scripts/apim_mysql5.7.sql
@@ -16,7 +16,7 @@ INSERT INTO IDN_BASE_TABLE values ('WSO2 Identity Server');
 CREATE TABLE IF NOT EXISTS IDN_OAUTH_CONSUMER_APPS (
             ID INTEGER NOT NULL AUTO_INCREMENT,
             CONSUMER_KEY VARCHAR(255),
-            CONSUMER_SECRET VARCHAR(512),
+            CONSUMER_SECRET VARCHAR(2048),
             USERNAME VARCHAR(255),
             TENANT_ID INTEGER DEFAULT 0,
             USER_DOMAIN VARCHAR(50),
@@ -27,10 +27,20 @@ CREATE TABLE IF NOT EXISTS IDN_OAUTH_CONSUMER_APPS (
             PKCE_MANDATORY CHAR(1) DEFAULT '0',
             PKCE_SUPPORT_PLAIN CHAR(1) DEFAULT '0',
             APP_STATE VARCHAR (25) DEFAULT 'ACTIVE',
+            USER_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000,
+            APP_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600000,
+            REFRESH_TOKEN_EXPIRE_TIME BIGINT DEFAULT 84600000,
             CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (CONSUMER_KEY),
             PRIMARY KEY (ID)
 )ENGINE INNODB;
 
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_VALIDATORS (
+	APP_ID INTEGER NOT NULL,
+	SCOPE_VALIDATOR VARCHAR (128) NOT NULL,
+	PRIMARY KEY (APP_ID,SCOPE_VALIDATOR),
+	FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
 CREATE TABLE IF NOT EXISTS IDN_OAUTH1A_REQUEST_TOKEN (
             REQUEST_TOKEN VARCHAR(255),
             REQUEST_TOKEN_SECRET VARCHAR(512),
@@ -58,8 +68,8 @@ CREATE TABLE IF NOT EXISTS IDN_OAUTH1A_ACCESS_TOKEN (
 
 CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN (
             TOKEN_ID VARCHAR (255),
-            ACCESS_TOKEN VARCHAR(255),
-            REFRESH_TOKEN VARCHAR(255),
+            ACCESS_TOKEN VARCHAR(2048),
+            REFRESH_TOKEN VARCHAR(2048),
             CONSUMER_KEY_ID INTEGER,
             AUTHZ_USER VARCHAR (100),
             TENANT_ID INTEGER,
@@ -74,6 +84,8 @@ CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN (
             TOKEN_STATE VARCHAR(25) DEFAULT 'ACTIVE',
             TOKEN_STATE_ID VARCHAR (128) DEFAULT 'NONE',
             SUBJECT_IDENTIFIER VARCHAR(255),
+            ACCESS_TOKEN_HASH VARCHAR(512),
+            REFRESH_TOKEN_HASH VARCHAR(512),
             PRIMARY KEY (TOKEN_ID),
             FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
             CONSTRAINT CON_APP_KEY UNIQUE (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,
@@ -84,11 +96,11 @@ CREATE INDEX IDX_AT_CK_AU ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER
 
 CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED);
 
-CREATE INDEX IDX_AT ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN);
+CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH);
 
 CREATE TABLE IF NOT EXISTS IDN_OAUTH2_AUTHORIZATION_CODE (
             CODE_ID VARCHAR (255),
-            AUTHORIZATION_CODE VARCHAR(512),
+            AUTHORIZATION_CODE VARCHAR(2048),
             CONSUMER_KEY_ID INTEGER,
             CALLBACK_URL VARCHAR(1024),
             SCOPE VARCHAR(2048),
@@ -102,11 +114,12 @@ CREATE TABLE IF NOT EXISTS IDN_OAUTH2_AUTHORIZATION_CODE (
             SUBJECT_IDENTIFIER VARCHAR(255),
             PKCE_CODE_CHALLENGE VARCHAR(255),
             PKCE_CODE_CHALLENGE_METHOD VARCHAR(128),
+            AUTHORIZATION_CODE_HASH VARCHAR(512),
             PRIMARY KEY (CODE_ID),
             FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
 )ENGINE INNODB;
 
-CREATE INDEX IDX_AUTHORIZATION_CODE ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE,CONSUMER_KEY_ID);
+CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH,CONSUMER_KEY_ID);
 
 CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
             TOKEN_ID VARCHAR (255),
@@ -117,21 +130,26 @@ CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
 )ENGINE INNODB;
 
 CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE (
-            SCOPE_ID INT(11) NOT NULL AUTO_INCREMENT,
-            SCOPE_KEY VARCHAR(100) NOT NULL,
-            NAME VARCHAR(255) NULL,
-            DESCRIPTION VARCHAR(512) NULL,
-            TENANT_ID INT(11) NOT NULL DEFAULT 0,
-            ROLES VARCHAR (500) NULL,
+            SCOPE_ID INTEGER NOT NULL AUTO_INCREMENT,
+            NAME VARCHAR(255) NOT NULL,
+            DISPLAY_NAME VARCHAR(255) NOT NULL,
+            DESCRIPTION VARCHAR(512),
+            TENANT_ID INTEGER NOT NULL DEFAULT -1,
             PRIMARY KEY (SCOPE_ID)
 )ENGINE INNODB;
 
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_BINDING (
+            SCOPE_ID INTEGER NOT NULL,
+            SCOPE_BINDING VARCHAR(255),
+            FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
 CREATE TABLE IF NOT EXISTS IDN_OAUTH2_RESOURCE_SCOPE (
             RESOURCE_PATH VARCHAR(255) NOT NULL,
-            SCOPE_ID INTEGER (11) NOT NULL,
+            SCOPE_ID INTEGER NOT NULL,
             TENANT_ID INTEGER DEFAULT -1,
             PRIMARY KEY (RESOURCE_PATH),
-            FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE (SCOPE_ID)
+            FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE (SCOPE_ID) ON DELETE CASCADE
 )ENGINE INNODB;
 
 CREATE TABLE IF NOT EXISTS IDN_SCIM_GROUP (
@@ -186,7 +204,7 @@ CREATE TABLE IF NOT EXISTS IDN_IDENTITY_USER_DATA (
             TENANT_ID INTEGER DEFAULT -1234,
             USER_NAME VARCHAR(255) NOT NULL,
             DATA_KEY VARCHAR(255) NOT NULL,
-            DATA_VALUE VARCHAR(255),
+            DATA_VALUE VARCHAR(2048),
             PRIMARY KEY (TENANT_ID, USER_NAME, DATA_KEY)
 )ENGINE INNODB;
 
@@ -221,22 +239,22 @@ CREATE TABLE IF NOT EXISTS IDN_AUTH_SESSION_STORE (
 CREATE TABLE IF NOT EXISTS SP_APP (
         ID INTEGER NOT NULL AUTO_INCREMENT,
         TENANT_ID INTEGER NOT NULL,
-            APP_NAME VARCHAR (255) NOT NULL ,
-            USER_STORE VARCHAR (255) NOT NULL,
+	    	APP_NAME VARCHAR (255) NOT NULL ,
+	    	USER_STORE VARCHAR (255) NOT NULL,
         USERNAME VARCHAR (255) NOT NULL ,
         DESCRIPTION VARCHAR (1024),
-            ROLE_CLAIM VARCHAR (512),
+	    	ROLE_CLAIM VARCHAR (512),
         AUTH_TYPE VARCHAR (255) NOT NULL,
-            PROVISIONING_USERSTORE_DOMAIN VARCHAR (512),
-            IS_LOCAL_CLAIM_DIALECT CHAR(1) DEFAULT '1',
-            IS_SEND_LOCAL_SUBJECT_ID CHAR(1) DEFAULT '0',
-            IS_SEND_AUTH_LIST_OF_IDPS CHAR(1) DEFAULT '0',
+	    	PROVISIONING_USERSTORE_DOMAIN VARCHAR (512),
+	    	IS_LOCAL_CLAIM_DIALECT CHAR(1) DEFAULT '1',
+	    	IS_SEND_LOCAL_SUBJECT_ID CHAR(1) DEFAULT '0',
+	    	IS_SEND_AUTH_LIST_OF_IDPS CHAR(1) DEFAULT '0',
         IS_USE_TENANT_DOMAIN_SUBJECT CHAR(1) DEFAULT '1',
         IS_USE_USER_DOMAIN_SUBJECT CHAR(1) DEFAULT '1',
         ENABLE_AUTHORIZATION CHAR(1) DEFAULT '0',
-            SUBJECT_CLAIM_URI VARCHAR (512),
-            IS_SAAS_APP CHAR(1) DEFAULT '0',
-            IS_DUMB_MODE CHAR(1) DEFAULT '0',
+	    	SUBJECT_CLAIM_URI VARCHAR (512),
+	    	IS_SAAS_APP CHAR(1) DEFAULT '0',
+	    	IS_DUMB_MODE CHAR(1) DEFAULT '0',
         PRIMARY KEY (ID)
 )ENGINE INNODB;
 
@@ -296,7 +314,7 @@ CREATE TABLE IF NOT EXISTS SP_CLAIM_MAPPING (
             SP_CLAIM VARCHAR (512) NOT NULL ,
             APP_ID INTEGER NOT NULL,
             IS_REQUESTED VARCHAR(128) DEFAULT '0',
-          IS_MANDATORY VARCHAR(128) DEFAULT '0',
+	    IS_MANDATORY VARCHAR(128) DEFAULT '0',
             DEFAULT_VALUE VARCHAR(255),
             PRIMARY KEY (ID)
 )ENGINE INNODB;
@@ -338,60 +356,69 @@ CREATE TABLE IF NOT EXISTS SP_PROVISIONING_CONNECTOR (
 
 ALTER TABLE SP_PROVISIONING_CONNECTOR ADD CONSTRAINT PRO_CONNECTOR_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE;
 
+CREATE TABLE SP_AUTH_SCRIPT (
+  ID         INTEGER AUTO_INCREMENT NOT NULL,
+  TENANT_ID  INTEGER                NOT NULL,
+  APP_ID     INTEGER                NOT NULL,
+  TYPE       VARCHAR(255)           NOT NULL,
+  CONTENT    BLOB    DEFAULT NULL,
+  IS_ENABLED CHAR(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (ID));
+
 CREATE TABLE IF NOT EXISTS IDP (
-                  ID INTEGER AUTO_INCREMENT,
-                  TENANT_ID INTEGER,
-                  NAME VARCHAR(254) NOT NULL,
-                  IS_ENABLED CHAR(1) NOT NULL DEFAULT '1',
-                  IS_PRIMARY CHAR(1) NOT NULL DEFAULT '0',
-                  HOME_REALM_ID VARCHAR(254),
-                  IMAGE MEDIUMBLOB,
-                  CERTIFICATE BLOB,
-                  ALIAS VARCHAR(254),
-                  INBOUND_PROV_ENABLED CHAR (1) NOT NULL DEFAULT '0',
-                  INBOUND_PROV_USER_STORE_ID VARCHAR(254),
-                  USER_CLAIM_URI VARCHAR(254),
-                  ROLE_CLAIM_URI VARCHAR(254),
-                  DESCRIPTION VARCHAR (1024),
-                  DEFAULT_AUTHENTICATOR_NAME VARCHAR(254),
-                  DEFAULT_PRO_CONNECTOR_NAME VARCHAR(254),
-                  PROVISIONING_ROLE VARCHAR(128),
-                  IS_FEDERATION_HUB CHAR(1) NOT NULL DEFAULT '0',
-                  IS_LOCAL_CLAIM_DIALECT CHAR(1) NOT NULL DEFAULT '0',
+			ID INTEGER AUTO_INCREMENT,
+			TENANT_ID INTEGER,
+			NAME VARCHAR(254) NOT NULL,
+			IS_ENABLED CHAR(1) NOT NULL DEFAULT '1',
+			IS_PRIMARY CHAR(1) NOT NULL DEFAULT '0',
+			HOME_REALM_ID VARCHAR(254),
+			IMAGE MEDIUMBLOB,
+			CERTIFICATE BLOB,
+			ALIAS VARCHAR(254),
+			INBOUND_PROV_ENABLED CHAR (1) NOT NULL DEFAULT '0',
+			INBOUND_PROV_USER_STORE_ID VARCHAR(254),
+ 			USER_CLAIM_URI VARCHAR(254),
+ 			ROLE_CLAIM_URI VARCHAR(254),
+  			DESCRIPTION VARCHAR (1024),
+ 			DEFAULT_AUTHENTICATOR_NAME VARCHAR(254),
+ 			DEFAULT_PRO_CONNECTOR_NAME VARCHAR(254),
+ 			PROVISIONING_ROLE VARCHAR(128),
+ 			IS_FEDERATION_HUB CHAR(1) NOT NULL DEFAULT '0',
+ 			IS_LOCAL_CLAIM_DIALECT CHAR(1) NOT NULL DEFAULT '0',
             DISPLAY_NAME VARCHAR(255),
-                  PRIMARY KEY (ID),
-                  UNIQUE (TENANT_ID, NAME)
+			PRIMARY KEY (ID),
+			UNIQUE (TENANT_ID, NAME)
 )ENGINE INNODB;
 
 CREATE TABLE IF NOT EXISTS IDP_ROLE (
-                  ID INTEGER AUTO_INCREMENT,
-                  IDP_ID INTEGER,
-                  TENANT_ID INTEGER,
-                  ROLE VARCHAR(254),
-                  PRIMARY KEY (ID),
-                  UNIQUE (IDP_ID, ROLE),
-                  FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE
+			ID INTEGER AUTO_INCREMENT,
+			IDP_ID INTEGER,
+			TENANT_ID INTEGER,
+			ROLE VARCHAR(254),
+			PRIMARY KEY (ID),
+			UNIQUE (IDP_ID, ROLE),
+			FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE
 )ENGINE INNODB;
 
 CREATE TABLE IF NOT EXISTS IDP_ROLE_MAPPING (
-                  ID INTEGER AUTO_INCREMENT,
-                  IDP_ROLE_ID INTEGER,
-                  TENANT_ID INTEGER,
-                  USER_STORE_ID VARCHAR (253),
-                  LOCAL_ROLE VARCHAR(253),
-                  PRIMARY KEY (ID),
-                  UNIQUE (IDP_ROLE_ID, TENANT_ID, USER_STORE_ID, LOCAL_ROLE),
-                  FOREIGN KEY (IDP_ROLE_ID) REFERENCES IDP_ROLE(ID) ON DELETE CASCADE
+			ID INTEGER AUTO_INCREMENT,
+			IDP_ROLE_ID INTEGER,
+			TENANT_ID INTEGER,
+			USER_STORE_ID VARCHAR (253),
+			LOCAL_ROLE VARCHAR(253),
+			PRIMARY KEY (ID),
+			UNIQUE (IDP_ROLE_ID, TENANT_ID, USER_STORE_ID, LOCAL_ROLE),
+			FOREIGN KEY (IDP_ROLE_ID) REFERENCES IDP_ROLE(ID) ON DELETE CASCADE
 )ENGINE INNODB;
 
 CREATE TABLE IF NOT EXISTS IDP_CLAIM (
-                  ID INTEGER AUTO_INCREMENT,
-                  IDP_ID INTEGER,
-                  TENANT_ID INTEGER,
-                  CLAIM VARCHAR(254),
-                  PRIMARY KEY (ID),
-                  UNIQUE (IDP_ID, CLAIM),
-                  FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE
+			ID INTEGER AUTO_INCREMENT,
+			IDP_ID INTEGER,
+			TENANT_ID INTEGER,
+			CLAIM VARCHAR(254),
+			PRIMARY KEY (ID),
+			UNIQUE (IDP_ID, CLAIM),
+			FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE
 )ENGINE INNODB;
 
 CREATE TABLE IF NOT EXISTS IDP_CLAIM_MAPPING (
@@ -525,7 +552,7 @@ CREATE TABLE IF NOT EXISTS FIDO_DEVICE_STORE (
             DEVICE_DATA VARCHAR(2048) NOT NULL,
             PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME, KEY_HANDLE)
         )ENGINE INNODB;
-              
+
 CREATE TABLE IF NOT EXISTS WF_REQUEST (
     UUID VARCHAR (45),
     CREATED_BY VARCHAR (255),
@@ -607,11 +634,11 @@ CREATE TABLE IF NOT EXISTS WF_WORKFLOW_REQUEST_RELATION(
 
 CREATE TABLE IF NOT EXISTS IDN_RECOVERY_DATA (
   USER_NAME VARCHAR(255) NOT NULL,
-  USER_DOMAIN VARCHAR(255) NOT NULL,
+  USER_DOMAIN VARCHAR(127) NOT NULL,
   TENANT_ID INTEGER DEFAULT -1,
   CODE VARCHAR(255) NOT NULL,
   SCENARIO VARCHAR(255) NOT NULL,
-  STEP VARCHAR(255) NOT NULL,
+  STEP VARCHAR(127) NOT NULL,
   TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
   REMAINING_SETS VARCHAR(2500) DEFAULT NULL,
   PRIMARY KEY(USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO,STEP),
@@ -692,8 +719,192 @@ CREATE TABLE IF NOT EXISTS  IDN_SAML2_ASSERTION_STORE (
   PRIMARY KEY (ID)
 )ENGINE INNODB;
 
+CREATE TABLE IF NOT EXISTS IDN_OIDC_JTI (
+  JWT_ID VARCHAR(255) NOT NULL,
+  EXP_TIME TIMESTAMP NOT NULL ,
+  TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
+  PRIMARY KEY (JWT_ID)
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS  IDN_OIDC_PROPERTY (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  TENANT_ID  INTEGER,
+  CONSUMER_KEY  VARCHAR(255) ,
+  PROPERTY_KEY  VARCHAR(255) NOT NULL,
+  PROPERTY_VALUE  VARCHAR(2047) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(CONSUMER_KEY) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_REFERENCE (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  CONSUMER_KEY_ID INTEGER ,
+  CODE_ID VARCHAR(255) ,
+  TOKEN_ID VARCHAR(255) ,
+  SESSION_DATA_KEY VARCHAR(255),
+  PRIMARY KEY (ID),
+  FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
+  FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE,
+  FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE(CODE_ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_CLAIMS (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  REQ_OBJECT_ID INTEGER,
+  CLAIM_ATTRIBUTE VARCHAR(255) ,
+  ESSENTIAL CHAR(1) NOT NULL DEFAULT '0' ,
+  VALUE VARCHAR(255) ,
+  IS_USERINFO CHAR(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_ID) REFERENCES IDN_OIDC_REQ_OBJECT_REFERENCE (ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJ_CLAIM_VALUES (
+  ID INTEGER NOT NULL AUTO_INCREMENT,
+  REQ_OBJECT_CLAIMS_ID INTEGER ,
+  CLAIM_VALUES VARCHAR(255) ,
+  PRIMARY KEY (ID),
+  FOREIGN KEY (REQ_OBJECT_CLAIMS_ID) REFERENCES  IDN_OIDC_REQ_OBJECT_CLAIMS(ID) ON DELETE CASCADE
+)ENGINE INNODB;
+
+CREATE TABLE IF NOT EXISTS IDN_CERTIFICATE (
+             ID INTEGER NOT NULL AUTO_INCREMENT,
+             NAME VARCHAR(100),
+             CERTIFICATE_IN_PEM BLOB,
+             TENANT_ID INTEGER DEFAULT 0,
+             PRIMARY KEY(ID),
+             CONSTRAINT CERTIFICATE_UNIQUE_KEY UNIQUE (NAME, TENANT_ID)
+)ENGINE INNODB;
+
+
 -- End of IDENTITY Tables--
 
+-- Start of CONSENT-MGT Tables --
+
+CREATE TABLE CM_PII_CATEGORY (
+  ID           INTEGER AUTO_INCREMENT,
+  NAME         VARCHAR(255) NOT NULL,
+  DESCRIPTION  VARCHAR(1023),
+  DISPLAY_NAME VARCHAR(255),
+  IS_SENSITIVE INTEGER      NOT NULL,
+  TENANT_ID    INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_RECEIPT (
+  CONSENT_RECEIPT_ID  VARCHAR(255) NOT NULL,
+  VERSION             VARCHAR(255) NOT NULL,
+  JURISDICTION        VARCHAR(255) NOT NULL,
+  CONSENT_TIMESTAMP   TIMESTAMP    NOT NULL,
+  COLLECTION_METHOD   VARCHAR(255) NOT NULL,
+  LANGUAGE            VARCHAR(255) NOT NULL,
+  PII_PRINCIPAL_ID    VARCHAR(255) NOT NULL,
+  PRINCIPAL_TENANT_ID INTEGER DEFAULT '-1234',
+  POLICY_URL          VARCHAR(255) NOT NULL,
+  STATE               VARCHAR(255) NOT NULL,
+  PII_CONTROLLER      VARCHAR(2048) NOT NULL,
+  PRIMARY KEY (CONSENT_RECEIPT_ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_PURPOSE (
+  ID          INTEGER AUTO_INCREMENT,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_PURPOSE_CATEGORY (
+  ID          INTEGER AUTO_INCREMENT,
+  NAME        VARCHAR(255) NOT NULL,
+  DESCRIPTION VARCHAR(1023),
+  TENANT_ID   INTEGER DEFAULT '-1234',
+  UNIQUE KEY (NAME, TENANT_ID),
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_RECEIPT_SP_ASSOC (
+  ID                 INTEGER AUTO_INCREMENT,
+  CONSENT_RECEIPT_ID VARCHAR(255) NOT NULL,
+  SP_NAME            VARCHAR(255) NOT NULL,
+  SP_DISPLAY_NAME    VARCHAR(255),
+  SP_DESCRIPTION     VARCHAR(255),
+  SP_TENANT_ID       INTEGER DEFAULT '-1234',
+  UNIQUE KEY (CONSENT_RECEIPT_ID, SP_NAME, SP_TENANT_ID),
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_SP_PURPOSE_ASSOC (
+  ID                     INTEGER AUTO_INCREMENT,
+  RECEIPT_SP_ASSOC       INTEGER      NOT NULL,
+  PURPOSE_ID             INTEGER      NOT NULL,
+  CONSENT_TYPE           VARCHAR(255) NOT NULL,
+  IS_PRIMARY_PURPOSE     INTEGER      NOT NULL,
+  TERMINATION            VARCHAR(255) NOT NULL,
+  THIRD_PARTY_DISCLOSURE INTEGER      NOT NULL,
+  THIRD_PARTY_NAME       VARCHAR(255),
+  UNIQUE KEY (RECEIPT_SP_ASSOC, PURPOSE_ID),
+  PRIMARY KEY (ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PURPOSE_CATEGORY_ID INTEGER NOT NULL,
+  UNIQUE KEY (SP_PURPOSE_ASSOC_ID, PURPOSE_CATEGORY_ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_PURPOSE_PII_CAT_ASSOC (
+  PURPOSE_ID         INTEGER NOT NULL,
+  CM_PII_CATEGORY_ID INTEGER NOT NULL,
+  UNIQUE KEY (PURPOSE_ID, CM_PII_CATEGORY_ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_SP_PURPOSE_PII_CAT_ASSOC (
+  SP_PURPOSE_ASSOC_ID INTEGER NOT NULL,
+  PII_CATEGORY_ID     INTEGER NOT NULL,
+  VALIDITY            VARCHAR(1023),
+  UNIQUE KEY (SP_PURPOSE_ASSOC_ID, PII_CATEGORY_ID)
+)ENGINE INNODB;
+
+CREATE TABLE CM_CONSENT_RECEIPT_PROPERTY (
+  CONSENT_RECEIPT_ID VARCHAR(255)  NOT NULL,
+  NAME               VARCHAR(255)  NOT NULL,
+  VALUE              VARCHAR(1023) NOT NULL,
+  UNIQUE KEY (CONSENT_RECEIPT_ID, NAME)
+)ENGINE INNODB;
+
+ALTER TABLE CM_RECEIPT_SP_ASSOC
+  ADD CONSTRAINT CM_RECEIPT_SP_ASSOC_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID);
+
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk0 FOREIGN KEY (RECEIPT_SP_ASSOC) REFERENCES CM_RECEIPT_SP_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_ASSOC
+  ADD CONSTRAINT CM_SP_PURPOSE_ASSOC_fk1 FOREIGN KEY (PURPOSE_ID) REFERENCES CM_PURPOSE (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PURPOSE_CAT_ASSC
+  ADD CONSTRAINT CM_SP_P_P_CAT_ASSOC_fk1 FOREIGN KEY (PURPOSE_CATEGORY_ID) REFERENCES CM_PURPOSE_CATEGORY (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk0 FOREIGN KEY (SP_PURPOSE_ASSOC_ID) REFERENCES CM_SP_PURPOSE_ASSOC (ID);
+
+ALTER TABLE CM_SP_PURPOSE_PII_CAT_ASSOC
+  ADD CONSTRAINT CM_SP_P_PII_CAT_ASSOC_fk1 FOREIGN KEY (PII_CATEGORY_ID) REFERENCES CM_PII_CATEGORY (ID);
+
+ALTER TABLE CM_CONSENT_RECEIPT_PROPERTY
+  ADD CONSTRAINT CM_CONSENT_RECEIPT_PRT_fk0 FOREIGN KEY (CONSENT_RECEIPT_ID) REFERENCES CM_RECEIPT (CONSENT_RECEIPT_ID);
+
+INSERT INTO CM_PURPOSE (NAME, DESCRIPTION, TENANT_ID) values ('DEFAULT', 'For core functionalities of the product', '-1234');
+
+INSERT INTO CM_PURPOSE_CATEGORY (NAME, DESCRIPTION, TENANT_ID) VALUES ('DEFAULT','For core functionalities of the product', '-1234');
+
+-- End of CONSENT-MGT Tables --
+
 -- Start of API-MGT Tables --
 CREATE TABLE IF NOT EXISTS AM_SUBSCRIBER (
     SUBSCRIBER_ID INTEGER AUTO_INCREMENT,
@@ -777,7 +988,7 @@ CREATE TABLE IF NOT EXISTS AM_SUBSCRIPTION (
 
 CREATE TABLE IF NOT EXISTS AM_SUBSCRIPTION_KEY_MAPPING (
     SUBSCRIPTION_ID INTEGER,
-    ACCESS_TOKEN VARCHAR(255),
+    ACCESS_TOKEN VARCHAR(512),
     KEY_TYPE VARCHAR(512) NOT NULL,
     FOREIGN KEY(SUBSCRIPTION_ID) REFERENCES AM_SUBSCRIPTION(SUBSCRIPTION_ID) ON UPDATE CASCADE ON DELETE RESTRICT,
     PRIMARY KEY(SUBSCRIPTION_ID,ACCESS_TOKEN)
@@ -872,7 +1083,7 @@ CREATE TABLE IF NOT EXISTS AM_APPLICATION_REGISTRATION (
     WF_REF VARCHAR(255) NOT NULL,
     APP_ID INT,
     TOKEN_TYPE VARCHAR(30),
-    TOKEN_SCOPE VARCHAR(256) DEFAULT 'default',
+    TOKEN_SCOPE VARCHAR(1500) DEFAULT 'default',
     INPUTS VARCHAR(1000),
     ALLOWED_DOMAINS VARCHAR(256),
     VALIDITY_PERIOD BIGINT,
@@ -890,10 +1101,10 @@ CREATE TABLE IF NOT EXISTS AM_API_SCOPES (
 )ENGINE = INNODB;
 
 CREATE TABLE IF NOT EXISTS AM_API_DEFAULT_VERSION (
-            DEFAULT_VERSION_ID INT AUTO_INCREMENT, 
+            DEFAULT_VERSION_ID INT AUTO_INCREMENT,
             API_NAME VARCHAR(256) NOT NULL ,
-            API_PROVIDER VARCHAR(256) NOT NULL , 
-            DEFAULT_API_VERSION VARCHAR(30) , 
+            API_PROVIDER VARCHAR(256) NOT NULL ,
+            DEFAULT_API_VERSION VARCHAR(30) ,
             PUBLISHED_DEFAULT_API_VERSION VARCHAR(30) ,
             PRIMARY KEY (DEFAULT_VERSION_ID)
 )ENGINE = INNODB;
@@ -902,29 +1113,29 @@ CREATE INDEX IDX_SUB_APP_ID ON AM_SUBSCRIPTION (APPLICATION_ID, SUBSCRIPTION_ID)
 
 
 CREATE TABLE IF NOT EXISTS AM_ALERT_TYPES (
-            ALERT_TYPE_ID INTEGER AUTO_INCREMENT, 
+            ALERT_TYPE_ID INTEGER AUTO_INCREMENT,
             ALERT_TYPE_NAME VARCHAR(255) NOT NULL ,
 	    STAKE_HOLDER VARCHAR(100) NOT NULL,
             PRIMARY KEY (ALERT_TYPE_ID)
 )ENGINE = INNODB;
 
 CREATE TABLE IF NOT EXISTS AM_ALERT_TYPES_VALUES (
-            ALERT_TYPE_ID INTEGER, 
+            ALERT_TYPE_ID INTEGER,
             USER_NAME VARCHAR(255) NOT NULL ,
 	    STAKE_HOLDER VARCHAR(100) NOT NULL ,
             PRIMARY KEY (ALERT_TYPE_ID,USER_NAME,STAKE_HOLDER)
 )ENGINE = INNODB;
 
-CREATE TABLE IF NOT EXISTS AM_ALERT_EMAILLIST (  
-	    EMAIL_LIST_ID INTEGER AUTO_INCREMENT,         
-            USER_NAME VARCHAR(255) NOT NULL ,	    
+CREATE TABLE IF NOT EXISTS AM_ALERT_EMAILLIST (
+	    EMAIL_LIST_ID INTEGER AUTO_INCREMENT,
+            USER_NAME VARCHAR(255) NOT NULL ,
 	    STAKE_HOLDER VARCHAR(100) NOT NULL ,
             PRIMARY KEY (EMAIL_LIST_ID,USER_NAME,STAKE_HOLDER)
 )ENGINE = INNODB;
 
-CREATE TABLE IF NOT EXISTS  AM_ALERT_EMAILLIST_DETAILS (             
+CREATE TABLE IF NOT EXISTS  AM_ALERT_EMAILLIST_DETAILS (
             EMAIL_LIST_ID INTEGER,
-	    EMAIL VARCHAR(255),	    
+	    EMAIL VARCHAR(255),
             PRIMARY KEY (EMAIL_LIST_ID,EMAIL)
 )ENGINE = INNODB;
 
@@ -1108,12 +1319,43 @@ CREATE TABLE `AM_BLOCK_CONDITIONS` (
   UNIQUE (`UUID`)
 ) ENGINE=InnoDB;
 
+CREATE TABLE IF NOT EXISTS `AM_CERTIFICATE_METADATA` (
+  `TENANT_ID` INT(11) NOT NULL,
+  `ALIAS` VARCHAR(45) NOT NULL,
+  `END_POINT` VARCHAR(100) NOT NULL,
+  CONSTRAINT PK_ALIAS PRIMARY KEY (`ALIAS`),
+  CONSTRAINT END_POINT_CONSTRAINT UNIQUE (`END_POINT`)
+) ENGINE=InnoDB;
+
+CREATE TABLE IF NOT EXISTS AM_APPLICATION_GROUP_MAPPING (
+    APPLICATION_ID INTEGER NOT NULL,
+    GROUP_ID VARCHAR(512) NOT NULL,
+    TENANT VARCHAR(255),
+    PRIMARY KEY (APPLICATION_ID,GROUP_ID,TENANT),
+    FOREIGN KEY (APPLICATION_ID) REFERENCES AM_APPLICATION(APPLICATION_ID) ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB;
+
+CREATE TABLE IF NOT EXISTS AM_USAGE_UPLOADED_FILES (
+  TENANT_DOMAIN varchar(255) NOT NULL,
+  FILE_NAME varchar(255) NOT NULL,
+  FILE_TIMESTAMP TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+  FILE_PROCESSED tinyint(1) DEFAULT FALSE,
+  FILE_CONTENT MEDIUMBLOB DEFAULT NULL,
+  PRIMARY KEY (TENANT_DOMAIN, FILE_NAME, FILE_TIMESTAMP)
+) ENGINE=InnoDB;
+
+CREATE TABLE IF NOT EXISTS AM_API_LC_PUBLISH_EVENTS (
+    ID INTEGER(11) NOT NULL AUTO_INCREMENT,
+    TENANT_DOMAIN VARCHAR(500) NOT NULL,
+    API_ID VARCHAR(500) NOT NULL,
+    EVENT_TIME TIMESTAMP NOT NULL,
+    PRIMARY KEY (ID)
+) ENGINE=InnoDB;
 -- End of API-MGT Tables --
 
 -- Performance indexes start--
 
 create index IDX_ITS_LMT on IDN_THRIFT_SESSION (LAST_MODIFIED_TIME);
-create index IDX_IOAT_AT on IDN_OAUTH2_ACCESS_TOKEN (ACCESS_TOKEN);
 create index IDX_IOAT_UT on IDN_OAUTH2_ACCESS_TOKEN (USER_TYPE);
 create index IDX_AAI_CTX on AM_API (CONTEXT);
 create index IDX_AAKM_CK on AM_APPLICATION_KEY_MAPPING (CONSUMER_KEY);
diff --git a/docker-compose/APIM-with-Analytics/mysql/scripts/carbon_mysql5.7.sql b/docker-compose/APIM-with-Analytics/mysql/scripts/carbon_mysql5.7.sql
index 5378702f..614c1a55 100644
--- a/docker-compose/APIM-with-Analytics/mysql/scripts/carbon_mysql5.7.sql
+++ b/docker-compose/APIM-with-Analytics/mysql/scripts/carbon_mysql5.7.sql
@@ -306,6 +306,7 @@ CREATE TABLE UM_PERMISSION (
              UM_ACTION VARCHAR(255) NOT NULL,
              UM_TENANT_ID INTEGER DEFAULT 0,
 		UM_MODULE_ID INTEGER DEFAULT 0,
+			       UNIQUE(UM_RESOURCE_ID,UM_ACTION, UM_TENANT_ID),
              PRIMARY KEY (UM_ID, UM_TENANT_ID)
 )ENGINE INNODB;
 
@@ -420,6 +421,16 @@ CREATE TABLE UM_PROFILE_CONFIG(
             PRIMARY KEY (UM_ID, UM_TENANT_ID)
 )ENGINE INNODB;
 
+CREATE TABLE IF NOT EXISTS UM_CLAIM_BEHAVIOR(
+    UM_ID INTEGER NOT NULL AUTO_INCREMENT,
+    UM_PROFILE_ID INTEGER,
+    UM_CLAIM_ID INTEGER,
+    UM_BEHAVIOUR SMALLINT,
+    UM_TENANT_ID INTEGER DEFAULT 0,
+    FOREIGN KEY(UM_PROFILE_ID, UM_TENANT_ID) REFERENCES UM_PROFILE_CONFIG(UM_ID,UM_TENANT_ID),
+    FOREIGN KEY(UM_CLAIM_ID, UM_TENANT_ID) REFERENCES UM_CLAIM(UM_ID,UM_TENANT_ID),
+    PRIMARY KEY(UM_ID, UM_TENANT_ID)
+)ENGINE INNODB;
 
 CREATE TABLE UM_HYBRID_ROLE(
             UM_ID INTEGER NOT NULL AUTO_INCREMENT,
@@ -447,6 +458,8 @@ CREATE TABLE UM_SYSTEM_ROLE(
             PRIMARY KEY (UM_ID, UM_TENANT_ID)
 )ENGINE INNODB;
 
+CREATE INDEX SYSTEM_ROLE_IND_BY_RN_TI ON UM_SYSTEM_ROLE(UM_ROLE_NAME, UM_TENANT_ID);
+
 CREATE TABLE UM_SYSTEM_USER_ROLE(
             UM_ID INTEGER NOT NULL AUTO_INCREMENT,
             UM_USER_NAME VARCHAR(255),

From b04814f8e177811d28b0a71e2feeb7d1dcb98b72 Mon Sep 17 00:00:00 2001
From: ThilinaManamgoda <maanafunedu@gmail.com>
Date: Thu, 5 Apr 2018 22:29:13 +0530
Subject: [PATCH 4/4] Apim-Anlaytics configs

---
 dockerfiles/microgateway/Dockerfile | 66 ------------------------
 dockerfiles/microgateway/README.md  | 79 -----------------------------
 2 files changed, 145 deletions(-)
 delete mode 100644 dockerfiles/microgateway/Dockerfile
 delete mode 100644 dockerfiles/microgateway/README.md

diff --git a/dockerfiles/microgateway/Dockerfile b/dockerfiles/microgateway/Dockerfile
deleted file mode 100644
index 5f776c70..00000000
--- a/dockerfiles/microgateway/Dockerfile
+++ /dev/null
@@ -1,66 +0,0 @@
-# ------------------------------------------------------------------------
-#
-# Copyright 2017 WSO2, Inc. (http://wso2.com)
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License
-#
-# ------------------------------------------------------------------------
-
-# set to latest Ubuntu LTS
-FROM ubuntu:16.04
-MAINTAINER WSO2 Docker Maintainers "dev@wso2.org"
-
-# set user configurations
-ARG USER=wso2carbon
-ARG USER_ID=802
-ARG USER_GROUP=wso2
-ARG USER_GROUP_ID=802
-ARG USER_HOME=/home/${USER}
-# set dependant files directory
-ARG FILES=./files
-# set jdk configurations
-ARG JDK=jdk1.8.0*
-ARG JAVA_HOME=${USER_HOME}/java
-# set wso2 product configurations
-ARG WSO2_SERVER=wso2am-micro-gw
-ARG WSO2_SERVER_VERSION=2.2.0
-ARG WSO2_SERVER_DIST=${WSO2_SERVER}-${WSO2_SERVER_VERSION}
-ARG WSO2_SERVER_HOME=${USER_HOME}/${WSO2_SERVER}-${WSO2_SERVER_VERSION}
-
-# install required packages
-RUN apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
-    curl && \
-    rm -rf /var/lib/apt/lists/*
-
-# create a user group and a user
-RUN groupadd --system -g ${USER_GROUP_ID} ${USER_GROUP} && \
-    useradd --system --create-home --home-dir ${USER_HOME} --no-log-init -g ${USER_GROUP_ID} -u ${USER_ID} ${USER}
-
-# copy the jdk and wso2 product distributions to user's home directory and copy the mysql connector jar to server distribution
-COPY --chown=wso2carbon:wso2 ${FILES}/${JDK} ${USER_HOME}/java/
-COPY --chown=wso2carbon:wso2 ${FILES}/${WSO2_SERVER_DIST} ${USER_HOME}/${WSO2_SERVER_DIST}
-
-# set the user and work directory
-USER ${USER_ID}
-WORKDIR ${USER_HOME}
-
-# set environment variables
-ENV JAVA_HOME=${JAVA_HOME} \
-    PATH=$JAVA_HOME/bin:$PATH \
-    WSO2_SERVER_HOME=${WSO2_SERVER_HOME}
-
-# expose ports
-EXPOSE 8243
-
-ENTRYPOINT ${WSO2_SERVER_HOME}/bin/wso2server.sh
diff --git a/dockerfiles/microgateway/README.md b/dockerfiles/microgateway/README.md
deleted file mode 100644
index ee06d110..00000000
--- a/dockerfiles/microgateway/README.md
+++ /dev/null
@@ -1,79 +0,0 @@
-# Dockerfile for WSO2 API Manager #
-The section defines the step-by-step instructions to build the Docker image for WSO2 API Manager 2.2.0.
-
-## Prerequisites
-
-* [Docker](https://www.docker.com/get-docker) v17.09.0 or above
-
-
-## How to build an image and run
-##### 1. Checkout this repository into your local machine using the following git command.
-```
-git clone https://github.com/wso2/docker-apim.git
-```
-
->The local copy of the `dockerfile/apim` directory will be referred to as `AM_DOCKERFILE_HOME` from this point onwards.
-
-##### 2. Add JDK, WSO2 API Manager distributions and MySQL connector to `<AM_DOCKERFILE_HOME>/files`
-- Download [JDK 1.8](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html) 
-and extract that in `<AM_DOCKERFILE_HOME>/files` folder.
-- Download the WSO2 API Manager 2.2.0 distribution (https://wso2.com/api-management/api-microgateway/#download-micro-api-gateway)
-and extract that in `<AM_DOCKERFILE_HOME>/files` folder.
-- Once both JDK and WSO2 API Manager distributions are extracted the folder structure should be as follows;
-
-  ```bash
-  <AM_DOCKERFILE_HOME>/files/jdk<version>/
-  <AM_DOCKERFILE_HOME>/files/wso2am-2.2.0/
-  ```
-- Download [MySQL Connector/J](https://dev.mysql.com/downloads/connector/j/) v5.1.45 and then copy that to `<AM_DOCKERFILE_HOME>/files` folder
-
-
->Please refer to [WSO2 Update Manager documentation](https://docs.wso2.com/display/ADMIN44x/Updating+WSO2+Products)
-in order to obtain latest bug fixes and updates for the product.
-
-##### 3. Build the Docker image.
-- Navigate to `<AM_DOCKERFILE_HOME>` directory. <br>
-  Execute `docker build` command as shown below.
-    + `docker build -t wso2am:2.2.0 .`
-    
-##### 4. Running the Docker image.
-- `docker run -it -p 8243:8243 wso2am:2.2.0`
-
-##### 6. Accessing management console.
-- To access the management console, use the docker host IP and port 9443.
-    + `https:<DOCKER_HOST>:9443/carbon`
-    
->In here, <DOCKER_HOST> refers to hostname or IP of the host machine on top of which containers are spawned.
-
-
-## How to update configurations
-Configurations would lie on the Docker host machine and they can be volume mounted to the container. <br>
-As an example, steps required to change the port offset using `carbon.xml` is as follows.
-
-##### 1. Stop the API Manager container if it's already running.
-In WSO2 API Manager 2.2.0 product distribution, `carbon.xml` configuration file <br>
-can be found at `<DISTRIBUTION_HOME>/repository/conf`. Copy the file to some suitable location of the host machine, <br>
-referred to as `<SOURCE_CONFIGS>/carbon.xml` and change the offset value under ports to 1.
-
-##### 2. Grant read permission to `other` users for `<SOURCE_CONFIGS>/carbon.xml`
-```
-chmod o+r <SOURCE_CONFIGS>/carbon.xml
-```
-
-##### 3. Run the image by mounting the file to container as follows.
-```
-docker run \
--p 8244:8244 \
---volume <SOURCE_CONFIGS>/carbon.xml:<TARGET_CONFIGS>/carbon.xml \
-wso2am:2.2.0
-```
-
->In here, <TARGET_CONFIGS> refers to /home/wso2carbon/wso2am-2.2.0/repository/conf folder of the container.
-
-
-## Docker command usage references
-
-* [Docker build command reference](https://docs.docker.com/engine/reference/commandline/build/)
-* [Docker run command reference](https://docs.docker.com/engine/reference/run/)
-* [Dockerfile reference](https://docs.docker.com/engine/reference/builder/)
-#TODO fix READme
\ No newline at end of file