diff --git a/pom.xml b/pom.xml
index 58b8c82..92e33ec 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,12 +21,12 @@
     <parent>
         <groupId>de.acosix.alfresco.maven</groupId>
         <artifactId>de.acosix.alfresco.maven.project.parent-6.1.2</artifactId>
-        <version>1.2.0</version>
+        <version>1.2.1-SNAPSHOT</version>
     </parent>
 
     <groupId>de.acosix.alfresco.keycloak</groupId>
     <artifactId>de.acosix.alfresco.keycloak.parent</artifactId>
-    <version>1.0.0</version>
+    <version>1.1.0-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <name>Acosix Alfresco Keycloak - Parent</name>
diff --git a/repository/pom.xml b/repository/pom.xml
index 2037b21..03436e6 100644
--- a/repository/pom.xml
+++ b/repository/pom.xml
@@ -21,7 +21,7 @@
     <parent>
         <groupId>de.acosix.alfresco.keycloak</groupId>
         <artifactId>de.acosix.alfresco.keycloak.parent</artifactId>
-        <version>1.0.0</version>
+        <version>1.1.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>de.acosix.alfresco.keycloak.repo</artifactId>
diff --git a/share/pom.xml b/share/pom.xml
index 8e7cb48..07b5248 100644
--- a/share/pom.xml
+++ b/share/pom.xml
@@ -21,12 +21,26 @@
     <parent>
         <groupId>de.acosix.alfresco.keycloak</groupId>
         <artifactId>de.acosix.alfresco.keycloak.parent</artifactId>
-        <version>1.0.0</version>
+        <version>1.1.0-SNAPSHOT</version>
     </parent>
 
     <artifactId>de.acosix.alfresco.keycloak.share</artifactId>
     <name>Acosix Alfresco Keycloak - Share Module</name>
 
+    <dependencyManagement>
+        <dependencies>
+
+            <dependency>
+                <groupId>${project.groupId}</groupId>
+                <artifactId>de.acosix.alfresco.keycloak.repo</artifactId>
+                <version>${project.version}</version>
+                <classifier>installable</classifier>
+                <scope>test</scope>
+            </dependency>
+
+        </dependencies>
+    </dependencyManagement>
+
     <dependencies>
 
         <dependency>
@@ -69,39 +83,50 @@
         <dependency>
             <groupId>de.acosix.alfresco.utility</groupId>
             <artifactId>de.acosix.alfresco.utility.core.share</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-log4j12</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
             <groupId>de.acosix.alfresco.utility</groupId>
             <artifactId>de.acosix.alfresco.utility.core.share</artifactId>
             <classifier>installable</classifier>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-log4j12</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
             <groupId>${project.groupId}</groupId>
             <artifactId>de.acosix.alfresco.keycloak.repo</artifactId>
-            <version>${project.version}</version>
             <classifier>installable</classifier>
-            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>jcl-over-slf4j</artifactId>
         </dependency>
 
     </dependencies>
 
     <build>
-        <pluginManagement>
-            <plugins>
-                <plugin>
-                    <groupId>de.thetaphi</groupId>
-                    <artifactId>forbiddenapis</artifactId>
-                    <configuration>
-                        <excludes>
-                            <exclude>**/KeycloakAdapterConfigElement.class</exclude>
-                        </excludes>
-                    </configuration>
-                </plugin>
-            </plugins>
-        </pluginManagement>
-
         <plugins>
             <plugin>
                 <groupId>net.alchim31.maven</groupId>
diff --git a/share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakAdapterConfigElement.java b/share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakAdapterConfigElement.java
index 4ae883a..8a8d1f5 100644
--- a/share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakAdapterConfigElement.java
+++ b/share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakAdapterConfigElement.java
@@ -16,12 +16,15 @@
 package de.acosix.alfresco.keycloak.share.config;
 
 import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 
@@ -29,6 +32,8 @@ import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.util.EqualsHelper;
 import org.alfresco.util.ParameterCheck;
 import org.keycloak.representations.adapters.config.AdapterConfig;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.extensions.config.ConfigElement;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
@@ -42,11 +47,13 @@ import de.acosix.alfresco.utility.share.config.ConfigValueHolder;
 public class KeycloakAdapterConfigElement extends BaseCustomConfigElement
 {
 
-    public static final String NAME = "keycloak-adapter-config";
+    public static final String NAME = KeycloakConfigConstants.KEYCLOAK_ADAPTER_CONFIG_NAME;
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(KeycloakAdapterConfigElement.class);
 
     private static final long serialVersionUID = -7211927327179092723L;
 
-    private static final Map<String, Field> FIELD_BY_CONFIG_NAME;
+    private static final Map<String, Method> SETTER_BY_CONFIG_NAME;
 
     private static final Map<String, Class<?>> VALUE_TYPE_BY_CONFIG_NAME;
 
@@ -54,7 +61,7 @@ public class KeycloakAdapterConfigElement extends BaseCustomConfigElement
 
     static
     {
-        final Map<String, Field> fieldByConfigName = new HashMap<>();
+        final Map<String, Method> setterByConfigName = new HashMap<>();
         final Map<String, Class<?>> valueTypeByConfigName = new HashMap<>();
         final List<String> configNames = new ArrayList<>();
 
@@ -81,17 +88,35 @@ public class KeycloakAdapterConfigElement extends BaseCustomConfigElement
                 if (annotation != null)
                 {
                     final String configName = annotation.value();
-                    Class<?> valueType = field.getType();
-                    if (valueType.isPrimitive())
-                    {
-                        valueType = primitiveWrapperTypeMap.get(valueType);
-                    }
 
-                    if (supportedValueTypes.contains(valueType))
+                    final String fieldName = field.getName();
+                    final StringBuilder setterNameBuilder = new StringBuilder(3 + fieldName.length());
+                    setterNameBuilder.append("set");
+                    setterNameBuilder.append(fieldName.substring(0, 1).toUpperCase(Locale.ENGLISH));
+                    setterNameBuilder.append(fieldName.substring(1));
+                    final String setterName = setterNameBuilder.toString();
+
+                    Class<?> valueType = field.getType();
+                    try
                     {
-                        fieldByConfigName.put(configName, field);
-                        valueTypeByConfigName.put(configName, valueType);
-                        configNames.add(configName);
+                        final Method setter = cls.getDeclaredMethod(setterName, valueType);
+
+                        if (valueType.isPrimitive())
+                        {
+                            valueType = primitiveWrapperTypeMap.get(valueType);
+                        }
+
+                        if (supportedValueTypes.contains(valueType))
+                        {
+                            setterByConfigName.put(configName, setter);
+                            valueTypeByConfigName.put(configName, valueType);
+                            configNames.add(configName);
+                        }
+                    }
+                    catch (final NoSuchMethodException nsme)
+                    {
+                        LOGGER.warn("Cannot support Keycloak adapter config field {} as no appropriate setter {} could be found in {}",
+                                fieldName, setterName, cls);
                     }
                 }
             }
@@ -99,7 +124,7 @@ public class KeycloakAdapterConfigElement extends BaseCustomConfigElement
             cls = cls.getSuperclass();
         }
 
-        FIELD_BY_CONFIG_NAME = Collections.unmodifiableMap(fieldByConfigName);
+        SETTER_BY_CONFIG_NAME = Collections.unmodifiableMap(setterByConfigName);
         VALUE_TYPE_BY_CONFIG_NAME = Collections.unmodifiableMap(valueTypeByConfigName);
         CONFIG_NAMES = Collections.unmodifiableList(configNames);
     }
@@ -281,18 +306,16 @@ public class KeycloakAdapterConfigElement extends BaseCustomConfigElement
         {
             for (final String configName : CONFIG_NAMES)
             {
-                final Field field = FIELD_BY_CONFIG_NAME.get(configName);
+                final Method setter = SETTER_BY_CONFIG_NAME.get(configName);
 
                 final Object value = this.configValueByField.get(configName);
                 if (value != null)
                 {
-                    // TODO Refactor towards use of setter to avoid setAccessible
-                    field.setAccessible(true);
-                    field.set(config, value);
+                    setter.invoke(config, value);
                 }
             }
         }
-        catch (final IllegalAccessException ex)
+        catch (final IllegalAccessException | InvocationTargetException ex)
         {
             throw new AlfrescoRuntimeException("Error building adapter configuration", ex);
         }
diff --git a/share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakAuthenticationConfigElement.java b/share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakAuthenticationConfigElement.java
index 258d36a..b89088c 100644
--- a/share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakAuthenticationConfigElement.java
+++ b/share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakAuthenticationConfigElement.java
@@ -29,7 +29,7 @@ public class KeycloakAuthenticationConfigElement extends BaseCustomConfigElement
 
     private static final long serialVersionUID = 8587583775593697136L;
 
-    public static final String NAME = "keycloak-auth-config";
+    public static final String NAME = KeycloakConfigConstants.KEYCLOAK_AUTH_CONFIG_NAME;
 
     protected final ConfigValueHolder<Boolean> enhanceLoginForm = new ConfigValueHolder<>();
 
diff --git a/share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakConfigConstants.java b/share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakConfigConstants.java
new file mode 100644
index 0000000..c77f53c
--- /dev/null
+++ b/share/src/main/java/de/acosix/alfresco/keycloak/share/config/KeycloakConfigConstants.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2019 Acosix GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.acosix.alfresco.keycloak.share.config;
+
+/**
+ * @author Axel Faust
+ */
+public interface KeycloakConfigConstants
+{
+
+    String KEYCLOAK_CONFIG_SECTION_NAME = "Keycloak";
+
+    String KEYCLOAK_ADAPTER_CONFIG_NAME = "keycloak-adapter-config";
+
+    String KEYCLOAK_AUTH_CONFIG_NAME = "keycloak-auth-config";
+
+}
diff --git a/share/src/main/java/de/acosix/alfresco/keycloak/share/web/KeycloakAuthenticationFilter.java b/share/src/main/java/de/acosix/alfresco/keycloak/share/web/KeycloakAuthenticationFilter.java
index 1b3f582..f16dac6 100644
--- a/share/src/main/java/de/acosix/alfresco/keycloak/share/web/KeycloakAuthenticationFilter.java
+++ b/share/src/main/java/de/acosix/alfresco/keycloak/share/web/KeycloakAuthenticationFilter.java
@@ -81,6 +81,7 @@ import org.springframework.extensions.webscripts.servlet.DependencyInjectedFilte
 
 import de.acosix.alfresco.keycloak.share.config.KeycloakAdapterConfigElement;
 import de.acosix.alfresco.keycloak.share.config.KeycloakAuthenticationConfigElement;
+import de.acosix.alfresco.keycloak.share.config.KeycloakConfigConstants;
 import de.acosix.alfresco.keycloak.share.remote.BearerTokenAwareSlingshotAlfrescoConnector;
 
 /**
@@ -229,8 +230,8 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
             LOGGER.error("No remote configuration has been defined for the application");
         }
 
-        final KeycloakAdapterConfigElement keycloakAdapterConfig = (KeycloakAdapterConfigElement) this.configService.getConfig("Keycloak")
-                .getConfigElement(KeycloakAdapterConfigElement.NAME);
+        final KeycloakAdapterConfigElement keycloakAdapterConfig = (KeycloakAdapterConfigElement) this.configService
+                .getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME).getConfigElement(KeycloakAdapterConfigElement.NAME);
         if (keycloakAdapterConfig != null)
         {
             final AdapterConfig adapterConfiguration = keycloakAdapterConfig.buildAdapterConfiguration();
@@ -268,7 +269,7 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
         }
 
         final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) this.configService
-                .getConfig("Keycloak").getConfigElement(KeycloakAuthenticationConfigElement.NAME);
+                .getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME).getConfigElement(KeycloakAuthenticationConfigElement.NAME);
         if (keycloakAuthConfig != null)
         {
             this.filterEnabled = Boolean.TRUE.equals(keycloakAuthConfig.getEnableSsoFilter());
@@ -405,7 +406,8 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
                     currentSession.getId());
 
             final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) this.configService
-                    .getConfig("Keycloak").getConfigElement(KeycloakAuthenticationConfigElement.NAME);
+                    .getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME)
+                    .getConfigElement(KeycloakAuthenticationConfigElement.NAME);
 
             final OIDCServletHttpFacade facade = new OIDCServletHttpFacade(req, res);
             final Integer bodyBufferLimit = keycloakAuthConfig.getBodyBufferLimit();
@@ -445,7 +447,7 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
         LOGGER.debug("Processing Keycloak authentication on request to {}", req.getRequestURL());
 
         final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) this.configService
-                .getConfig("Keycloak").getConfigElement(KeycloakAuthenticationConfigElement.NAME);
+                .getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME).getConfigElement(KeycloakAuthenticationConfigElement.NAME);
 
         final Integer bodyBufferLimit = keycloakAuthConfig.getBodyBufferLimit();
         final Integer sslRedirectPort = keycloakAuthConfig.getSslRedirectPort();
@@ -579,7 +581,7 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
     protected void prepareLoginFormEnhancement(final ServletContext context, final HttpServletRequest req, final HttpServletResponse res)
     {
         final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) this.configService
-                .getConfig("Keycloak").getConfigElement(KeycloakAuthenticationConfigElement.NAME);
+                .getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME).getConfigElement(KeycloakAuthenticationConfigElement.NAME);
 
         final Integer bodyBufferLimit = keycloakAuthConfig.getBodyBufferLimit();
         final Integer sslRedirectPort = keycloakAuthConfig.getSslRedirectPort();
@@ -901,7 +903,7 @@ public class KeycloakAuthenticationFilter implements DependencyInjectedFilter, I
         final OIDCServletHttpFacade facade = new OIDCServletHttpFacade(req, res);
 
         final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) this.configService
-                .getConfig("Keycloak").getConfigElement(KeycloakAuthenticationConfigElement.NAME);
+                .getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME).getConfigElement(KeycloakAuthenticationConfigElement.NAME);
 
         final Integer bodyBufferLimit = keycloakAuthConfig.getBodyBufferLimit();
         final OIDCFilterSessionStore tokenStore = new OIDCFilterSessionStore(req, facade,
diff --git a/share/src/test/java/de/acosix/alfresco/keycloak/share/config/KeycloakAdapterConfigTest.java b/share/src/test/java/de/acosix/alfresco/keycloak/share/config/KeycloakAdapterConfigTest.java
new file mode 100644
index 0000000..b7f421d
--- /dev/null
+++ b/share/src/test/java/de/acosix/alfresco/keycloak/share/config/KeycloakAdapterConfigTest.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2019 Acosix GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.acosix.alfresco.keycloak.share.config;
+
+import java.util.Arrays;
+import java.util.Map;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.keycloak.representations.adapters.config.AdapterConfig;
+import org.springframework.extensions.config.Config;
+import org.springframework.extensions.config.ConfigSource;
+import org.springframework.extensions.config.source.UrlConfigSource;
+import org.springframework.extensions.config.xml.XMLConfigService;
+
+/**
+ * @author Axel Faust
+ */
+public class KeycloakAdapterConfigTest
+{
+
+    @Test
+    public void loadDefaultConfig()
+    {
+        // default-config.xml copied from src/main/config into src/test/resoruces because default resource filtering will not copy into
+        // build / class path
+        final ConfigSource configSource = new UrlConfigSource(Arrays.asList("classpath:default-config.xml"), true);
+        final XMLConfigService configService = new XMLConfigService(configSource);
+        configService.initConfig();
+
+        final Config keycloakConfigSection = configService.getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME);
+
+        final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) keycloakConfigSection
+                .getConfigElement(KeycloakAuthenticationConfigElement.NAME);
+
+        Assert.assertTrue(keycloakAuthConfig.getEnhanceLoginForm());
+        Assert.assertTrue(keycloakAuthConfig.getEnableSsoFilter());
+        Assert.assertFalse(keycloakAuthConfig.getForceKeycloakSso());
+        Assert.assertEquals(Integer.valueOf(8443), keycloakAuthConfig.getSslRedirectPort());
+        Assert.assertEquals(Integer.valueOf(10485760), keycloakAuthConfig.getBodyBufferLimit());
+        Assert.assertEquals(Integer.valueOf(1000), keycloakAuthConfig.getSessionMapperLimit());
+
+        final KeycloakAdapterConfigElement keycloakAdapterConfig = (KeycloakAdapterConfigElement) keycloakConfigSection
+                .getConfigElement(KeycloakAdapterConfigElement.NAME);
+
+        Assert.assertEquals("http://localhost:8180/auth", keycloakAdapterConfig.getFieldValue("auth-server-url"));
+        Assert.assertEquals("alfresco", keycloakAdapterConfig.getFieldValue("realm"));
+        Assert.assertEquals("alfresco", keycloakAdapterConfig.getFieldValue("resource"));
+        Assert.assertEquals("none", keycloakAdapterConfig.getFieldValue("ssl-required"));
+        Assert.assertEquals(Boolean.FALSE, keycloakAdapterConfig.getFieldValue("public-client"));
+
+        Assert.assertTrue(keycloakAdapterConfig.getFieldValue("credentials") instanceof Map<?, ?>);
+        final Map<?, ?> credentials = (Map<?, ?>) keycloakAdapterConfig.getFieldValue("credentials");
+        Assert.assertEquals("secret", credentials.get("provider"));
+
+        final AdapterConfig adapterConfig = keycloakAdapterConfig.buildAdapterConfiguration();
+        Assert.assertEquals("http://localhost:8180/auth", adapterConfig.getAuthServerUrl());
+        Assert.assertEquals("alfresco", adapterConfig.getRealm());
+        Assert.assertEquals("alfresco", adapterConfig.getResource());
+        Assert.assertEquals("none", adapterConfig.getSslRequired());
+        Assert.assertFalse(adapterConfig.isPublicClient());
+
+        Assert.assertNotNull(adapterConfig.getCredentials());
+        Assert.assertEquals("secret", adapterConfig.getCredentials().get("provider"));
+    }
+
+    @Test
+    public void loadMergedConfig()
+    {
+        // default-config.xml copied from src/main/config into src/test/resoruces because default resource filtering will not copy into
+        // build / class path
+        final ConfigSource configSource = new UrlConfigSource(
+                Arrays.asList("classpath:default-config.xml", "classpath:addendum-config.xml"), true);
+        final XMLConfigService configService = new XMLConfigService(configSource);
+        configService.initConfig();
+
+        final Config keycloakConfigSection = configService.getConfig(KeycloakConfigConstants.KEYCLOAK_CONFIG_SECTION_NAME);
+
+        final KeycloakAuthenticationConfigElement keycloakAuthConfig = (KeycloakAuthenticationConfigElement) keycloakConfigSection
+                .getConfigElement(KeycloakAuthenticationConfigElement.NAME);
+
+        Assert.assertFalse(keycloakAuthConfig.getEnhanceLoginForm());
+        Assert.assertFalse(keycloakAuthConfig.getEnableSsoFilter());
+        Assert.assertFalse(keycloakAuthConfig.getForceKeycloakSso());
+        Assert.assertEquals(Integer.valueOf(8443), keycloakAuthConfig.getSslRedirectPort());
+        Assert.assertEquals(Integer.valueOf(10485760), keycloakAuthConfig.getBodyBufferLimit());
+        Assert.assertEquals(Integer.valueOf(2000), keycloakAuthConfig.getSessionMapperLimit());
+
+        final KeycloakAdapterConfigElement keycloakAdapterConfig = (KeycloakAdapterConfigElement) keycloakConfigSection
+                .getConfigElement(KeycloakAdapterConfigElement.NAME);
+
+        Assert.assertEquals("http://localhost:8080/auth", keycloakAdapterConfig.getFieldValue("auth-server-url"));
+        Assert.assertEquals("my-realm", keycloakAdapterConfig.getFieldValue("realm"));
+        Assert.assertEquals("alfresco", keycloakAdapterConfig.getFieldValue("resource"));
+        Assert.assertEquals("none", keycloakAdapterConfig.getFieldValue("ssl-required"));
+        Assert.assertEquals(Boolean.FALSE, keycloakAdapterConfig.getFieldValue("public-client"));
+        Assert.assertEquals(Boolean.TRUE, keycloakAdapterConfig.getFieldValue("always-refresh-token"));
+        Assert.assertEquals(Integer.valueOf(123), keycloakAdapterConfig.getFieldValue("connection-pool-size"));
+
+        Assert.assertTrue(keycloakAdapterConfig.getFieldValue("credentials") instanceof Map<?, ?>);
+        final Map<?, ?> credentials = (Map<?, ?>) keycloakAdapterConfig.getFieldValue("credentials");
+        Assert.assertEquals("differentSecret", credentials.get("provider"));
+
+        final AdapterConfig adapterConfig = keycloakAdapterConfig.buildAdapterConfiguration();
+        Assert.assertEquals("http://localhost:8080/auth", adapterConfig.getAuthServerUrl());
+        Assert.assertEquals("my-realm", adapterConfig.getRealm());
+        Assert.assertEquals("alfresco", adapterConfig.getResource());
+        Assert.assertEquals("none", adapterConfig.getSslRequired());
+        Assert.assertFalse(adapterConfig.isPublicClient());
+        Assert.assertTrue(adapterConfig.isAlwaysRefreshToken());
+        Assert.assertEquals(123, adapterConfig.getConnectionPoolSize());
+
+        Assert.assertNotNull(adapterConfig.getCredentials());
+        Assert.assertEquals("differentSecret", adapterConfig.getCredentials().get("provider"));
+    }
+}
diff --git a/share/src/test/resources/addendum-config.xml b/share/src/test/resources/addendum-config.xml
new file mode 100644
index 0000000..f523672
--- /dev/null
+++ b/share/src/test/resources/addendum-config.xml
@@ -0,0 +1,36 @@
+<?xml version='1.0' encoding='UTF-8' ?>
+<!-- 
+ Copyright 2019 Acosix GmbH
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<alfresco-config>
+
+    <config evaluator="string-compare" condition="Keycloak">
+        <keycloak-auth-config>
+            <enhance-login-form>false</enhance-login-form>
+            <enable-sso-filter>false</enable-sso-filter>
+            <session-mapper-limit>2000</session-mapper-limit>
+        </keycloak-auth-config>
+        <keycloak-adapter-config>
+            <auth-server-url>http://localhost:8080/auth</auth-server-url>
+            <always-refresh-token>true</always-refresh-token>
+            <connection-pool-size>123</connection-pool-size>
+            <realm>my-realm</realm>
+            <credentials>
+                <provider>differentSecret</provider>
+            </credentials>
+        </keycloak-adapter-config>
+    </config>
+
+</alfresco-config>
\ No newline at end of file
diff --git a/share/src/test/resources/default-config.xml b/share/src/test/resources/default-config.xml
new file mode 100644
index 0000000..263d90a
--- /dev/null
+++ b/share/src/test/resources/default-config.xml
@@ -0,0 +1,60 @@
+<?xml version='1.0' encoding='UTF-8' ?>
+<!-- 
+ Copyright 2019 Acosix GmbH
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<alfresco-config>
+
+    <plug-ins>
+        <element-readers>
+            <element-reader element-name="keycloak-auth-config"
+                class="${project.artifactId}.config.KeycloakAuthenticationConfigElementReader" />
+            <element-reader element-name="keycloak-adapter-config"
+                class="${project.artifactId}.config.KeycloakAdapterConfigElementReader" />
+        </element-readers>
+    </plug-ins>
+
+    <!-- sensible default configuration (similar to Repository identity-service-authentication.properties -->
+    <config evaluator="string-compare" condition="Keycloak">
+        <keycloak-auth-config>
+            <enhance-login-form>true</enhance-login-form>
+            <enable-sso-filter>true</enable-sso-filter>
+            <force-keycloak-sso>false</force-keycloak-sso>
+            <!-- use 8443 as default SSL redirect based on Tomcat default server.xml configuration -->
+            <ssl-redirect-port>8443</ssl-redirect-port>
+            <body-buffer-limit>10485760</body-buffer-limit>
+            <session-mapper-limit>1000</session-mapper-limit>
+        </keycloak-auth-config>
+        <keycloak-adapter-config>
+            <auth-server-url>http://localhost:8180/auth</auth-server-url>
+            <realm>alfresco</realm>
+            <resource>alfresco</resource>
+            <ssl-required>none</ssl-required>
+            <!-- other than content-app / Identity Service, Share must/should be a confidential client to exchange code for access token + refresh -->
+            <public-client>false</public-client>
+            <credentials>
+                <provider>secret</provider>
+            </credentials>
+        </keycloak-adapter-config>
+    </config>
+    
+    <!-- add to the global configuration -->
+    <config evaluator="string-compare">
+        <user>
+            <!-- make sure groups of a user are kept up-to-date in at least 60 seconds intervals (lazily refreshed on next request) -->
+            <cached-user-groups-timeout>60000</cached-user-groups-timeout>
+        </user>
+    </config>
+
+</alfresco-config>
\ No newline at end of file