diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md
index 680bcc8..8c367f7 100644
--- a/roles/keycloak/README.md
+++ b/roles/keycloak/README.md
@@ -35,6 +35,8 @@ Role Defaults
 |`keycloak_host`| hostname | `localhost` |
 |`keycloak_http_port`| HTTP port | `8080` |
 |`keycloak_https_port`| TLS HTTP port | `8443` |
+|`keycloak_ajp_port`| AJP port | `8009` |
+|`keycloak_jgroups_port`| jgroups cluster tcp port | `7600` |
 |`keycloak_management_http_port`| Management port | `9990` |
 |`keycloak_management_https_port`| TLS management port | `9993` |
 |`keycloak_java_opts`| Additional JVM options | `-Xms1024m -Xmx2048m` |
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index 248cd4a..a4af3fe 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -35,6 +35,8 @@ keycloak_bind_address: 0.0.0.0
 keycloak_host: localhost
 keycloak_http_port: 8080
 keycloak_https_port: 8443
+keycloak_ajp_port: 8009
+keycloak_jgroups_port: 7600
 keycloak_management_http_port: 9990
 keycloak_management_https_port: 9993
 keycloak_java_opts: "-Xms1024m -Xmx2048m"
diff --git a/roles/keycloak/tasks/firewalld.yml b/roles/keycloak/tasks/firewalld.yml
index 8757678..e05c58f 100644
--- a/roles/keycloak/tasks/firewalld.yml
+++ b/roles/keycloak/tasks/firewalld.yml
@@ -24,5 +24,5 @@
     - "{{ keycloak_https_port }}/tcp"
     - "{{ keycloak_management_http_port }}/tcp"
     - "{{ keycloak_management_https_port }}/tcp"
-    - "7600/tcp"
-    - "8009/tcp"
+    - "{{ keycloak_jgroups_port }}/tcp"
+    - "{{ keycloak_ajp_port }}/tcp"
diff --git a/roles/keycloak/tasks/get_rhsso.yml b/roles/keycloak/tasks/get_rhsso.yml
deleted file mode 100644
index f68ce0b..0000000
--- a/roles/keycloak/tasks/get_rhsso.yml
+++ /dev/null
@@ -1,99 +0,0 @@
----
-- assert:
-    that:
-      - zipfile_dest is defined
-      - keycloak_rhsso_enable
-    quiet: true
-
-- name: "Check zipfile dest directory {{ zipfile_dest }}"
-  stat:
-    path: "{{ zipfile_dest }}"
-  register: archive_path
-
-- name: "Download zipfile from RHN: {{ keycloak_rhsso_download_url }}"
-  redhat_csp_download:
-    url: "{{ keycloak_rhsso_download_url }}"
-    dest: "{{ zipfile_dest }}"
-    username: "{{ rhn_username }}"
-    password: "{{ rhn_password }}"
-  no_log: "{{ omit_rhn_output | default(true) }}"
-  when:
-    - archive_path is defined
-    - archive_path.stat is defined
-    - not archive_path.stat.exists
-    - rhn_username is defined
-    - rhn_password is defined
-    - rhsso_rhn_id is defined
-
-- name: "Copy zipfile from source like Nexus etc : {{ rhsso_source_download_url }}"
-  get_url:
-    url: "{{ rhsso_source_download_url }}"
-    dest: "{{ zipfile_dest }}"
-    owner: "{{ keycloak_service_user }}"
-    group: "{{ keycloak_service_group }}"
-    mode: 0750
-  when:
-    - archive_path is defined
-    - archive_path.stat is defined
-    - not archive_path.stat.exists
-    - rhsso_source_download_url is defined
-
-- name: "Copy zipfile from local source: {{ zip_file_local_path }}"
-  ansible.builtin.copy:
-    src: "{{ zip_file_local_path }}"
-    dest: "{{ zipfile_dest }}"
-    owner: "{{ keycloak_service_user }}"
-    group: "{{ keycloak_service_group }}"
-    mode: 0750
-  when:
-    - archive_path is defined
-    - archive_path.stat is defined
-    - not archive_path.stat.exists
-    - zip_file_local_path is defined
-    
-- name: "Check zipfile dest directory {{ zipfile_dest }}"
-  stat:
-    path: "{{ zipfile_dest }}"
-  register: path_to_downloaded_artifact
-
-- block:
-    - file:
-        path: "{{ work_dir }}"
-        state: directory
-        owner: "{{ keycloak_service_user }}"
-        group: "{{ keycloak_service_group }}"
-        mode: 0750
-
-    - name: "Check directory {{ target_dir }}"
-      stat:
-        path: "{{ target_dir }}"
-      register: target_dir_state
-
-    - assert:
-        that:
-          - target_dir_state is defined
-          - target_dir_state.stat is defined
-        fail_msg: "Directory layout for {{ target_dir }} is invalid."
-        quiet: true
-
-    - name: "Decompress {{ zipfile_dest }} into {{ work_dir }} (results in {{ target_dir }}."
-      unarchive:
-        src: "{{ zipfile_dest }}"
-        dest: "{{ work_dir }}"
-        owner: "{{ keycloak_service_user }}"
-        group: "{{ keycloak_service_user }}"
-        remote_src: yes
-        creates: "{{ target_dir }}"
-      when:
-        - not target_dir_state.stat.exists
-
-    - debug:
-        msg: "{{ target_dir }} already exists, skipping decompressing {{ zipfile_dest }}"
-      when:
-        - target_dir_state.stat.exists
-  when:
-    - path_to_downloaded_artifact is defined
-    - path_to_downloaded_artifact.stat is defined
-    - path_to_downloaded_artifact.stat.exists
-    - target_dir is defined
-    - work_dir is defined
diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2
index d8b3e1a..1097047 100644
--- a/roles/keycloak/templates/standalone-infinispan.xml.j2
+++ b/roles/keycloak/templates/standalone-infinispan.xml.j2
@@ -738,12 +738,12 @@
         </interface>
     </interfaces>
     <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
-        <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
-        <socket-binding name="http" port="${jboss.http.port:8080}"/>
-        <socket-binding name="https" port="${jboss.https.port:8443}"/>
-        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
-        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
-        <socket-binding name="jgroups-tcp" interface="jgroups" port="7600"/>
+        <socket-binding name="ajp" port="{{ keycloak_ajp_port }}"/>
+        <socket-binding name="http" port="{{ keycloak_http_port }}"/>
+        <socket-binding name="https" port="{{ keycloak_https_port }}"/>
+        <socket-binding name="management-http" interface="management" port="{{ keycloak_management_http_port }}"/>
+        <socket-binding name="management-https" interface="management" port="{{ keycloak_management_https_port }}"/>
+        <socket-binding name="jgroups-tcp" interface="jgroups" port="{{ keycloak_jgroups_port }}"/>
         <socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
         <socket-binding name="txn-recovery-environment" port="4712"/>
         <socket-binding name="txn-status-manager" port="4713"/>
diff --git a/roles/keycloak/templates/standalone.xml.j2 b/roles/keycloak/templates/standalone.xml.j2
index 0a601cd..5b57e09 100644
--- a/roles/keycloak/templates/standalone.xml.j2
+++ b/roles/keycloak/templates/standalone.xml.j2
@@ -639,11 +639,11 @@
         </interface>
     </interfaces>
     <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
-        <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
-        <socket-binding name="http" port="${jboss.http.port:8080}"/>
-        <socket-binding name="https" port="${jboss.https.port:8443}"/>
-        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
-        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
+        <socket-binding name="ajp" port="{{ keycloak_ajp_port }}"/>
+        <socket-binding name="http" port="{{ keycloak_http_port }}"/>
+        <socket-binding name="https" port="{{ keycloak_https_port }}"/>
+        <socket-binding name="management-http" interface="management" port="{{ keycloak_management_http_port }}"/>
+        <socket-binding name="management-https" interface="management" port="{{ keycloak_management_https_port }}"/>
         <socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
         <socket-binding name="txn-recovery-environment" port="4712"/>
         <socket-binding name="txn-status-manager" port="4713"/>