diff --git a/defaults/main.yml b/defaults/main.yml
index 8bf5001..4c048ae 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,10 +2,16 @@
 keycloak_major_version: '10'
 keycloak_minor_version: '0'
 keycloak_point_version: '2'
-keycloak_install_dir: '/opt/keycloak'
-keycloak_log_directory: '/var/log/keycloak'
-# domain clustered mode is not supported at this time
 keycloak_wildfly_mode: 'standalone'
+keycloak_install_dir: '/opt/keycloak'
+keycloak_properties_directory: '/opt/keycloak/properties'
+keycloak_distribution_data_directory: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}'
+keycloak_data_directory: '/opt/keycloak_data'
+keycloak_log_directory: '/var/log/keycloak'
+keycloak_startup_properties:
+  - { name: 'jboss.server.data.dir', value: '{{ keycloak_data_directory }}' }
+  - { name: 'jboss.server.log.dir', value: '{{ keycloak_log_directory }}' }
+# domain clustered mode is not supported at this time
 keycloak_wildfly_clustered: False
 keycloak_wildfly_cluster_node_name: '{{ ansible_hostname }}'
 keycloak_wildfly_cluster_private_bind_address: '{{ ansible_default_ipv4.address }}'
@@ -37,3 +43,5 @@ keycloak_admin_user: kadmin
 #keycloak_admin_password: 'define it into a vault file'
 
 keycloak_behind_reverse_proxy: True
+
+keycloak_jcliff_version: '2.12.7'
diff --git a/handlers/main.yml b/handlers/main.yml
index 80714ed..e534e7e 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,3 +1,4 @@
 ---
 - name: Restart Keycloak
-  service: name=keycloak state=restarted
+  #service: name=keycloak state=restarted
+  shell: exit 0
diff --git a/meta/main.yml b/meta/main.yml
index 61c703f..b8d6bce 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -23,6 +23,7 @@ galaxy_info:
 
   galaxy_tags:
     - users
+    - oidc
 
 dependencies:
   - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-openjdk.git
@@ -30,3 +31,5 @@ dependencies:
     name: openjdk
     state: latest
 
+collections:
+  - wildfly.jcliff
diff --git a/tasks/keycloak-configuration.yml b/tasks/keycloak-configuration.yml
new file mode 100644
index 0000000..b419e0c
--- /dev/null
+++ b/tasks/keycloak-configuration.yml
@@ -0,0 +1,18 @@
+---
+- name: Manage the keycloak configuration
+  block:
+  - name: Install the standalone configuration files
+    template: src={{ item }}.j2 dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/standalone/configuration/{{ item }} owner=root group={{ keycloak_user }} mode='0440'
+    with_items:
+      - standalone.xml
+      - standalone-ha.xml
+    notify: Restart Keycloak
+
+  - name: Create the admin user
+    shell: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/bin/add-user-keycloak.sh -u {{ keycloak_admin_user }} -p {{ keycloak_admin_password }} && chown {{ keycloak_user }} {{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json && chmod 600 {{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json'
+    args:
+      creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json'
+    notify: Restart Keycloak
+    tags: [ 'keycloak', 'keycloak_user', 'keycloak_conf' ]
+
+  tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]
diff --git a/tasks/keycloak-install.yml b/tasks/keycloak-install.yml
new file mode 100644
index 0000000..491cc29
--- /dev/null
+++ b/tasks/keycloak-install.yml
@@ -0,0 +1,48 @@
+---
+- name: Install the keycloak distribution
+  block:
+  - name: Create the keycloak user
+    user: name={{ keycloak_user }} home={{ keycloak_install_dir }} createhome=no shell=/usr/sbin/nologin system=yes
+
+  - name: Create the keycloak installation directory, if it does not already exist.
+    file: dest={{ keycloak_install_dir }} owner=root group=root state=directory recurse=yes
+
+  - name: Create the {{ keycloak_properties_directory }}
+    file: dest={{ keycloak_properties_directory }} owner=root group=root state=directory
+    tags: [ keycloak, keycloak_data_dir ]
+
+  - name: Create the {{ keycloak_data_directory }}
+    file: dest={{ keycloak_data_directory }}/{{ item  }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755'
+    loop: '{{ keycloak_data_subdirs }}'
+    when: keycloak_data_directory != keycloak_distribution_data_directory
+    tags: [ keycloak, keycloak_data_dir ]
+
+  - name: Download the keycloak distribution
+    unarchive: remote_src=yes src={{ keycloak_download_url }} dest={{ keycloak_install_dir }} owner=root group=root
+    args:
+      creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
+
+  - name: Create the keycloak log directory
+    file: dest={{ keycloak_log_directory }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755'
+
+  - name: Create some log files with the correct permissions
+    file: dest={{ keycloak_log_directory }}/{{ item }} owner={{ keycloak_user }} group={{ keycloak_user }} mode='0644' state=touch
+    with_items:
+      - 'server.log'
+      - 'audit.log'
+
+  - name: Fix the permissions of some keycloak directories
+    file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/{{ item }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0750' recurse=yes
+    with_items: '{{ keycloak_owned_directories }}'
+    when: keycloak_data_directory == keycloak_distribution_data_directory
+
+  - name: Remove the log directory inside the keycloak distribution
+    file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=absent
+
+  - name: Remove the log directory inside the keycloak distribution
+    file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=absent
+
+  - name: Link to the external log directory
+    file: src={{ keycloak_log_directory }} dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=link
+
+  tags: keycloak
diff --git a/tasks/keycloak-jdbc.yml b/tasks/keycloak-jdbc.yml
new file mode 100644
index 0000000..65004d1
--- /dev/null
+++ b/tasks/keycloak-jdbc.yml
@@ -0,0 +1,16 @@
+---
+- name: Manage the keycloak external DB driver
+  block:
+  - name: Create the path to the DB driver
+    file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main state=directory
+
+  - name: Get the JDBC driver {{ keycloack_jdbc_driver }}
+    get_url: url={{ keycloak_jdbc_driver_url }} dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/{{ keycloak_jdbc_driver }} owner=root group=root mode=0444
+    notify: Restart Keycloak
+
+  - name: Install the JDBC module configuration
+    template: src=jdbc-module.xml.j2 dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/module.xml owner=root group=root mode=0444
+    notify: Restart Keycloak
+
+  when: keycloak_use_external_db
+  tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]
diff --git a/tasks/main.yml b/tasks/main.yml
index 3e640f5..ecdfd90 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,77 +1,57 @@
 ---
-- name: Install the keycloak distribution
+- name: Manage the JCliff installation on Ubuntu/Debian
   block:
-  - name: Create the keycloak user
-    user: name={{ keycloak_user }} home={{ keycloak_install_dir }} createhome=no shell=/usr/sbin/nologin system=yes
+    - name: Download the jcliff distribution
+      unarchive:
+        remote_src: yes
+        src: 'https://github.com/bserdar/jcliff/releases/download/v{{ keycloak_jcliff_version }}/jcliff-{{ keycloak_jcliff_version }}-dist.tar.gz'
+        dest: '/opt'
+        owner: root
+        group: root
 
-  - name: Create the keycloak installation directory, if it does not already exist.
-    file: dest={{ keycloak_install_dir }} owner=root group=root state=directory recurse=yes
+    - name: Fix the jcliff executable permissions
+      file:
+        dest: '/opt/jcliff-{{ keycloak_jcliff_version }}/jcliff'
+        mode: '0755'
 
-  - name: Download the keycloak distribution
-    unarchive: remote_src=yes src={{ keycloak_download_url }} dest={{ keycloak_install_dir }} owner=root group=root
-    args:
-      creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
+    - name: Link to the executable
+      file:
+        src: '/opt/jcliff-{{ keycloak_jcliff_version }}/jcliff'
+        dest: /usr/bin/jcliff
+        state: link
 
-  - name: Create the keycloak log directory
-    file: dest={{ keycloak_log_directory }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0755'
+    - name: Link to the shared resources
+      file:
+        src: '/opt/jcliff-{{ keycloak_jcliff_version }}'
+        dest: /usr/share/jcliff
+        state: link
 
-  - name: Create some log files with the correct permissions
-    file: dest={{ keycloak_log_directory }}/{{ item }} owner={{ keycloak_user }} group={{ keycloak_user }} mode='0644' state=touch
-    with_items:
-      - 'server.log'
-      - 'audit.log'
+    - name: Set the JBOSS_HOME as {{ jboss_home }} in the global environment profile
+      template:
+        src: jboss-env.sh.j2
+        dest: /etc/profile.d/jboss-env.sh
+        owner: root
+        group: root
+        mode: '0444'
 
-  - name: Fix the permissions of some keycloak directories
-    file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/{{ item }} state=directory owner={{ keycloak_user }} group={{ keycloak_user }} mode='0750' recurse=yes
-    with_items: '{{ keycloak_owned_directories }}'
+  when: ansible_distribution_file_variety == "Debian"
+  tags: [ keycloak, jcliff ]
 
-  - name: Remove the log directory inside the keycloak distribution
-    file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=absent
-
-  - name: Remove the log directory inside the keycloak distribution
-    file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=absent
-
-  - name: Link to the external log directory
-    file: src={{ keycloak_log_directory }} dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/log state=link
-
-  tags: keycloak
-
-- name: Manage the keycloak external DB driver
-  block:
-  - name: Create the path to the DB driver
-    file: dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main state=directory
-
-  - name: Get the JDBC driver
-    get_url: url={{ keycloak_jdbc_driver_url }} dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/{{ keycloak_jdbc_driver }} owner=root group=root mode=0444
-    notify: Restart Keycloak
-
-  - name: Install the JDBC module configuration
-    template: src=jdbc-module.xml.j2 dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/modules/system/layers/base/{{ keycloak_db_module_path }}/main/module.xml owner=root group=root mode=0444
-    notify: Restart Keycloak
-
-  when: keycloak_use_external_db
-  tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]
-
-- name: Manage the keycloak configuration
-  block:
-  - name: Install the standalone configuration files
-    template: src={{ item }}.j2 dest={{ keycloak_install_dir }}/{{ keycloak_distribution }}/standalone/configuration/{{ item }} owner=root group={{ keycloak_user }} mode='0440'
-    with_items:
-      - standalone.xml
-      - standalone-ha.xml
-    notify: Restart Keycloak
-
-  - name: Create the admin user
-    shell: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/bin/add-user-keycloak.sh -u {{ keycloak_admin_user }} -p {{ keycloak_admin_password }} && chown {{ keycloak_user }} {{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json && chmod 600 {{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json'
-    args:
-      creates: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}/configuration/keycloak-add-user.json'
-    notify: Restart Keycloak
-    tags: [ 'keycloak', 'keycloak_user', 'keycloak_conf' ]
-
-  tags: [ 'keycloak', 'keycloak_db', 'keycloak_conf' ]
+- import_tasks: keycloak-install.yml
+- import_tasks: keycloak-jdbc.yml
+- import_tasks: keycloak-configuration.yml
 
 - name: Manage the keycloak service
   block:
+  - name: Install the keycloak properties file
+    template:
+      src: wildfly.properties.j2
+      dest: '{{ keycloak_properties_directory }}/wildfly.properties'
+      owner: root
+      group: root
+      mode: '0444'
+    notify: Restart Keycloak
+
   - name: Install the keycloak systemd unit
     template: src=keycloak.service.j2 dest=/etc/systemd/system/keycloak.service owner=root group=root mode=0644
     notify: Restart Keycloak
@@ -82,8 +62,8 @@
         daemon_reload: yes
     when: keycloak_unit is changed
 
-  - name: ensure that the keycloak service is running and enabled
-    service: name=keycloak state=started enabled=yes
+#  - name: ensure that the keycloak service is running and enabled
+#    service: name=keycloak state=started enabled=yes
 
   tags: [ 'keycloak', 'keycloak_service', 'keycloak_conf' ]
 
diff --git a/templates/jboss-env.sh.j2 b/templates/jboss-env.sh.j2
new file mode 100644
index 0000000..e1a81e0
--- /dev/null
+++ b/templates/jboss-env.sh.j2
@@ -0,0 +1 @@
+export JBOSS_HOME={{ jboss_home }}
diff --git a/templates/keycloak.service.j2 b/templates/keycloak.service.j2
index 2099300..f0fe928 100644
--- a/templates/keycloak.service.j2
+++ b/templates/keycloak.service.j2
@@ -9,7 +9,7 @@ Environment=JBOSS_LOG_DIR={{ keycloak_log_directory }}
 Environment="JAVA_OPTS=-Xms{{ keycloak_java_min_heap }} -Xmx{{ keycloak_java_max_heap }}"
 User={{ keycloak_user }}
 Group={{ keycloak_user }}
-ExecStart={{ keycloak_runtime_home }}/bin/standalone.sh -b {{ keycloak_listen }} {% if keycloak_wildfly_clustered %} --server-config=standalone-ha.xml -Djboss.node.name={{ keycloak_wildfly_cluster_node_name }}{% endif %}
+ExecStart={{ keycloak_runtime_home }}/bin/standalone.sh  -P {{ keycloak_properties_directory }}/wildfly.properties -b {{ keycloak_listen }} {% if keycloak_wildfly_clustered %}--server-config=standalone-ha.xml -Djboss.node.name={{ keycloak_wildfly_cluster_node_name }}{% endif %}
 
 TimeoutStartSec=600
 TimeoutStopSec=600
diff --git a/templates/wildfly.properties.j2 b/templates/wildfly.properties.j2
new file mode 100644
index 0000000..602ac7f
--- /dev/null
+++ b/templates/wildfly.properties.j2
@@ -0,0 +1,3 @@
+{% for prop in keycloak_startup_properties %}
+{{ prop.name }}={{ prop.value }}
+{% endfor %}
diff --git a/vars/main.yml b/vars/main.yml
index 46bb22b..0fbad09 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -9,9 +9,15 @@ keycloak_distribution: 'keycloak-{{ keycloak_version }}'
 keycloak_distribution_archive: '{{ keycloak_distribution }}.tar.gz'
 keycloak_download_url: 'https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_distribution_archive }}'
 keycloak_runtime_home: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}'
+jboss_home: '{{ keycloak_runtime_home }}'
 keycloak_owned_directories:
   - data
   - tmp
   - configuration
   - deployments
-
+keycloak_data_subdirs:
+  - avatar
+  - content
+  - kernel
+  - timer-service-data
+  - tx-object-store