diff --git a/modules/analytics/distribution/input-adapter-change.xml b/modules/analytics/distribution/input-adapter-change.xml
index 854702e0..f716cd3e 100644
--- a/modules/analytics/distribution/input-adapter-change.xml
+++ b/modules/analytics/distribution/input-adapter-change.xml
@@ -9,9 +9,12 @@
 	<property key="jobQueueSize">10000</property>
 	<property key="maximumHttpConnectionPerHost">2</property>
 	<property key="maximumTotalHttpConnection">100</property>
-	<property key="keymanagerUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
+	<property key="tokenValidationUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
 	<property key="username">admin</property>
 	<property key="password">admin</property>
+	<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
+	<property key="deviceMgtServerUrl">https://${iot.gateway.host}:${iot.gateway.https.port}</property>
+	<property key="tokenRefreshTimeOffset">100</property>
 </adapterConfig>
 
 <adapterConfig type="oauth-mqtt">
@@ -22,8 +25,9 @@
 	<property key="jobQueueSize">10000</property>
 	<property key="connectionKeepAliveInterval">60</property>
 	<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
-	<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
 	<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
+	<property key="username">admin</property>
+	<property key="password">admin</property>
 </adapterConfig>]]></value>
 	</add>
 </processor>
\ No newline at end of file
diff --git a/modules/analytics/distribution/output-adapter-change.xml b/modules/analytics/distribution/output-adapter-change.xml
index 9f4a0aa4..6db841ef 100644
--- a/modules/analytics/distribution/output-adapter-change.xml
+++ b/modules/analytics/distribution/output-adapter-change.xml
@@ -12,6 +12,8 @@
         <property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
         <property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
         <property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
+        <property key="username">admin</property>
+		<property key="password">admin</property>
     </adapterConfig>
 
     <adapterConfig type="secured-websocket">
@@ -22,7 +24,7 @@
         <property key="jobQueueSize">10000</property>
         <!--Authorizer holds the information of the authorizer that is used authorize a connection.-->
         <property key="authenticator">org.wso2.carbon.device.mgt.output.adapter.websocket.authentication.OAuthAuthenticator</property>
-        <property key="keymanagerUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
+        <property key="tokenValidationUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
         <property key="maximumHttpConnectionPerHost">2</property>
         <property key="maximumTotalHttpConnection">100</property>
         <property key="authorizer">org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.DeviceAuthorizer</property>
diff --git a/modules/analytics/distribution/src/assembly/bin.xml b/modules/analytics/distribution/src/assembly/bin.xml
index 71f18629..532763ce 100644
--- a/modules/analytics/distribution/src/assembly/bin.xml
+++ b/modules/analytics/distribution/src/assembly/bin.xml
@@ -47,6 +47,9 @@
                 <exclude>**/repository/conf/security/cipher-text.properties</exclude>
                 <exclude>**/repository/conf/security/Owasp.CsrfGuard.Carbon.properties</exclude>
                 <exclude>**/repository/conf/security/cipher-tool.properties</exclude>
+				<exclude>**/repository/deployment/server/jaggeryapps/portal/modules/oauth/plugins/token-handler-utils.js</exclude>
+				<exclude>**/repository/deployment/server/jaggeryapps/portal/modules/oauth/plugins/token-handlers.js</exclude>
+				<exclude>**/repository/conf/security/authenticators.xml</exclude>
             </excludes>
         </fileSet>
         <fileSet>
@@ -402,6 +405,15 @@
             <filtered>true</filtered>
             <fileMode>644</fileMode>
         </file>
+		<file>
+			<source>
+				src/repository/conf/security/authenticators.xml
+			</source>
+			<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/security/
+			</outputDirectory>
+			<filtered>true</filtered>
+			<fileMode>644</fileMode>
+		</file>
         <!-- ************* tomcat webapp hosting related files end ********** -->
 
         <!-- Event broker configuration for deployment sync -->
@@ -723,10 +735,6 @@
             <source>src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties</source>
             <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/security</outputDirectory>
         </file>
-        <file>
-            <source>src/repository/conf/etc/jwt.properties</source>
-            <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/etc</outputDirectory>
-        </file>
         <file>
             <source>src/repository/conf/analytics/spark/spark-udf-config.xml</source>
             <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/analytics/spark</outputDirectory>
@@ -798,10 +806,25 @@
             <filtered>true</filtered>
             <fileMode>644</fileMode>
         </file>
+		<file>
+			<source>src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js</source>
+			<outputDirectory>
+				${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth
+			</outputDirectory>
+			<fileMode>755</fileMode>
+		</file>
+		<file>
+			<source>src/repository/jaggeryapps/portal/modules/oauth/token-handlers.js</source>
+			<outputDirectory>
+				${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth
+			</outputDirectory>
+			<fileMode>755</fileMode>
+		</file>
+
         <!-- Adding IoT Analytics Dashboard and gadget CApps -->
         <file>
             <source>
-                ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/carbonapps/org_wso2_carbon_analytics_cdmf-1.0.0.car
+                ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/resources/devicetypes/device_management/org_wso2_carbon_analytics_cdmf-1.0.0.car
             </source>
             <outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/carbonapps/</outputDirectory>
             <fileMode>644</fileMode>
diff --git a/modules/analytics/distribution/src/repository/conf/etc/jwt.properties b/modules/analytics/distribution/src/repository/conf/etc/jwt.properties
deleted file mode 100644
index 3c384655..00000000
--- a/modules/analytics/distribution/src/repository/conf/etc/jwt.properties
+++ /dev/null
@@ -1,57 +0,0 @@
-#
-# Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-#
-# WSO2 Inc. licenses this file to you under the Apache License,
-# Version 2.0 (the "License"); you may not use this file except
-# in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-#issuer of the JWT
-iss=wso2.org/products/iot
-
-TokenEndpoint=https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token
-
-#audience of JWT claim
-#comma seperated values
-aud=devicemgt
-
-#expiration time of JWT (number of minutes from the current time)
-exp=1000
-
-#issued at time of JWT (number of minutes from the current time)
-iat=0
-
-#nbf time of JWT (number of minutes from current time)
-nbf=0
-
-#skew between IDP and issuer(seconds)
-skew=0
-
-# JWT Id
-#jti=token123
-
-#KeyStore to cryptographic credentials
-#KeyStore=repository/resources/security/wso2carbon.jks
-
-#Password of the KeyStore
-#KeyStorePassword=wso2carbon
-
-#Alias of the SP's private key
-#PrivateKeyAlias=wso2carbon
-
-#Private key password to retrieve the private key used to sign
-#AuthnRequest and LogoutRequest messages
-#PrivateKeyPassword=wso2carbon
-
-#this will be used as the default IDP config if there isn't any config available for tenants.
-default-jwt-client=true
diff --git a/modules/analytics/distribution/src/repository/conf/security/authenticators.xml b/modules/analytics/distribution/src/repository/conf/security/authenticators.xml
new file mode 100644
index 00000000..2afca49f
--- /dev/null
+++ b/modules/analytics/distribution/src/repository/conf/security/authenticators.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<!--
+  ~ Copyright 2005-2011 WSO2, Inc. (http://wso2.com)
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!--
+     This is the configuration file for Carbon authenticators. All the authenticator related configurations
+     should go here.
+-->
+<Authenticators xmlns="http://wso2.org/projects/carbon/authenticators.xml">
+
+	<!-- Authenticator Configurations for TokenUIAuthenticator -->
+	<Authenticator name="TokenUIAuthenticator" disabled="true">
+		<Priority>5</Priority>
+	</Authenticator>
+
+	<!-- Authenticator Configurations for SAML2SSOAuthenticator -->
+	<Authenticator name="SAML2SSOAuthenticator" disabled="true">
+		<Priority>10</Priority>
+		<Config>
+			<Parameter name="LoginPage">/carbon/admin/login.jsp</Parameter>
+			<Parameter name="ServiceProviderID">carbonServer</Parameter>
+			<Parameter name="IdentityProviderSSOServiceURL">https://localhost:9443/samlsso</Parameter>
+			<Parameter name="NameIDPolicyFormat">urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</Parameter>
+			<Parameter name="AssertionConsumerServiceURL">https://localhost:9443/acs</Parameter>
+
+			<!-- <Parameter name="IdPCertAlias">wso2carbon</Parameter> -->
+			<!-- <Parameter name="ResponseSignatureValidationEnabled">false</Parameter> -->
+			<!-- <Parameter name="AssertionSignatureValidationEnabled">false</Parameter> -->
+			<!-- <Parameter name="LoginAttributeName"></Parameter> -->
+			<!-- <Parameter name="RoleClaimAttribute"></Parameter> -->
+			<!-- <Parameter name="AttributeValueSeparator">,</Parameter> -->
+
+			<!-- <Parameter name="JITUserProvisioning">true</Parameter> -->
+			<!-- <Parameter name="ProvisioningDefaultUserstore">PRIMARY</Parameter> -->
+			<!-- <Parameter name="ProvisioningDefaultRole">admin</Parameter> -->
+			<!-- <Parameter name="IsSuperAdminRoleRequired">true</Parameter> -->
+		</Config>
+
+		<!-- If this authenticator should skip any URI from authentication, specify it under "SkipAuthentication"
+		<SkipAuthentication>
+				<UrlContains></UrlContains>
+			</SkipAuthentication> -->
+
+		<!-- If this authenticator should skip any URI from session validation, specify it under "SkipAuthentication
+			<SkipSessionValidation>
+				<UrlContains></UrlContains>
+			</SkipSessionValidation> -->
+	</Authenticator>
+
+	<Authenticator name="SignedJWTAuthenticator" disabled="false">
+		<Priority>5</Priority>
+	</Authenticator>
+
+	<!-- Authenticator Configurations for MutualSSLAuthenticator -->
+	<!--Authenticator name="MutualSSLAuthenticator" disabled="false">
+	  <Priority>5</Priority>
+	  <Config>
+		  <Parameter name="UsernameHeader">UserName</Parameter>
+		  <Parameter name="WhiteListEnabled">false</Parameter>
+		  <Parameter name="WhiteList"/>
+	  </Config>
+	</Authenticator-->
+
+</Authenticators>
\ No newline at end of file
diff --git a/modules/analytics/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js b/modules/analytics/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js
new file mode 100644
index 00000000..c6a8aab5
--- /dev/null
+++ b/modules/analytics/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js
@@ -0,0 +1,598 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+var utils = function () {
+    var log = new Log("/modules/oauth/token-handler-utils.js");
+
+    var configs = require('/configs/portal.js').config();
+    var constants = require("/modules/constants.js");
+    var carbon = require("carbon");
+
+    //noinspection JSUnresolvedVariable
+    var Base64 = Packages.org.apache.commons.codec.binary.Base64;
+    //noinspection JSUnresolvedVariable
+    var String = Packages.java.lang.String;
+
+    var publicMethods = {};
+    var privateMethods = {};
+
+    publicMethods["encode"] = function (payload) {
+        return String(Base64.encodeBase64(String(payload).getBytes()));
+    };
+
+    publicMethods["decode"] = function (payload) {
+        return String(Base64.decodeBase64(String(payload).getBytes()));
+    };
+
+    /**
+     * Check whether this application is oauth enable or not
+     * @returns boolean if oauth enable
+     */
+    publicMethods["checkOAuthEnabled"] = function () {
+        if (constants.AUTHORIZATION_TYPE_OAUTH === configs["authorization"]["activeMethod"]) {
+            return true;
+        }
+        return false;
+    };
+
+    /**
+     * Set access token into xml http request header
+     * @param xhr     xml http request
+     * @returns {*}   xhr which has access token it's header
+     */
+    publicMethods["setAccessToken"] = function (xhr, callback) {
+        var accessToken;
+        if (publicMethods.checkOAuthEnabled()) {
+            try {
+                accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
+                xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BEARER_PREFIX + accessToken);
+            } catch (exception) {
+                log.error("Access token hasn't been set yet, " + exception);
+            } finally {
+                callback(xhr);
+            }
+        }
+        callback(xhr);
+    };
+
+    /**
+     * Get access token of current logged user
+     * @param callBack response with access token
+     */
+    publicMethods["getAccessToken"] = function (callBack) {
+        var accessToken = null;
+        if (publicMethods.checkOAuthEnabled()) {
+            try {
+                accessToken =  parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
+            } catch (exception) {
+                log.error("Access token hasn't been set yet, " + exception);
+            } finally {
+                callBack(accessToken);
+            }
+        }
+        callBack(accessToken);
+    };
+
+    /**
+     * Create error message which adhere to xml http response object
+     * @param statusCode       response status code
+     * @param status           response status
+     * @param responseText     response message
+     * @returns {{statusCode: *, status: *, responseText: *}}
+     */
+    publicMethods["createXHRObject"] = function (statusCode, status, responseText) {
+        return {"statusCode": statusCode, "status": status, "responseText": responseText};
+    };
+
+    /**
+     * check whether user already logged to system before invoking any apis
+     * @param callBack
+     */
+    publicMethods["isUserAuthorized"] = function (callBack) {
+        if (session.get("Loged") !== constants.LOGIN_MESSAGE) {
+            callBack(false);
+        } else {
+            callBack(true);
+        }
+    };
+
+    /**
+     * Get identity provider uir
+     * @returns {*}
+     */
+    publicMethods["getIdPServerURL"] = function () {
+        return configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["tokenServiceURL"];
+    };
+
+    /**
+     * Get an Access token pair based on client secret
+     * @param encodedClientKeys  {{clientId:"", clientSecret:""}}
+     * @param scope              eg: PRODUCTION
+     * @param idPServer          identity provider url
+     * @returns {{accessToken: *, refreshToken: *}}
+     */
+    publicMethods["getTokenWithClientSecretType"] = function (encodedClientKeys, scope, idPServer) {
+        var xhr = new XMLHttpRequest();
+        var tokenEndpoint = idPServer;
+        xhr.open(constants.HTTP_POST, tokenEndpoint, false);
+        xhr.setRequestHeader(constants.CONTENT_TYPE_IDENTIFIER, constants.APPLICATION_X_WWW_FOR_URLENCODED);
+        xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BASIC_PREFIX + encodedClientKeys);
+        xhr.send("grant_type=client_credentials&scope=" + scope);
+        var tokenPair = {};
+        if (xhr.status == constants.HTTP_ACCEPTED) {
+            var data = parse(xhr.responseText);
+            tokenPair.refreshToken = data.refresh_token;
+            tokenPair.accessToken = data.access_token;
+        } else if (xhr.status == constants.HTTP_USER_NOT_AUTHENTICATED) {
+            log.error("Error in obtaining token with client secret grant type, You are not authenticated yet");
+            return null;
+        } else {
+            log.error("Error in obtaining token with client secret grant type, This might be a problem with client meta " +
+                "data which required for client secret grant type");
+            return null;
+        }
+        return tokenPair;
+    };
+
+
+    /**
+     * This will create client id and client secret for a given application
+     * @param properties    "callbackUrl": "",
+     *                      "clientName": "",
+     *                      "owner": "",
+     *                      "applicationType": "",
+     *                      "grantType": "",
+     *                      "saasApp" :"",
+     *                      "dynamicClientRegistrationEndPoint" : ""
+     *
+     * @returns {{clientId:*, clientSecret:*}}
+     */
+    publicMethods["getDynamicClientAppCredentials"] = function (username) {
+        // setting up dynamic client application properties
+        var dcAppProperties = {
+            "applicationType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["appType"],
+            "clientName": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["clientName"],
+            "owner": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"],
+            "tokenScope": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["tokenScope"],
+            "grantType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["grantType"],
+            "callbackUrl": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["callbackUrl"],
+            "saasApp" : configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["saasApp"]
+        };
+
+        var tenantDomain = carbon.server.tenantDomain({username: username});
+        if (!tenantDomain) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+                "based client application credentials. Unable to obtain a valid tenant domain for provided username "+
+                username +"- getDynamicClientAppCredentials(x)");
+            return null;
+        } else {
+            var cachedTenantBasedClientAppCredentials = privateMethods.
+            getCachedTenantBasedClientAppCredentials(tenantDomain);
+            if (cachedTenantBasedClientAppCredentials) {
+                return cachedTenantBasedClientAppCredentials;
+            } else {
+                // calling dynamic client app registration service endpoint
+                var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]
+                    ["dynamicClientAppRegistrationServiceURL"];
+                var requestPayload = dcAppProperties;
+                var token = publicMethods.encode(configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+                        ["appRegistration"]["owner"] + ":" + configs["authorization"]["methods"]["oauth"]["attributes"]
+                        ["oauthProvider"]["appRegistration"]["password"]);
+                var xhr = new XMLHttpRequest();
+                xhr.open("POST", requestURL, false);
+                xhr.setRequestHeader("Content-Type", "application/json");
+                xhr.setRequestHeader("Authorization", "Basic "+ token);
+                xhr.send(stringify(requestPayload));
+                var dynamicClientAppCredentials = {};
+                if (xhr["status"] == 201 || xhr["status"] == 200 && xhr["responseText"]) {
+                    var responsePayload = parse(xhr["responseText"]);
+                    var clientId = responsePayload["client_id"];
+                    var clientSecret = responsePayload["client_secret"];
+                    if(typeof clientId == "undefined"){
+                        clientId = responsePayload["clientId"];
+                    }
+                    if(typeof clientSecret == "undefined"){
+                        clientSecret = responsePayload["clientSecret"];
+                    }
+                    dynamicClientAppCredentials["clientId"] = clientId;
+                    dynamicClientAppCredentials["clientSecret"] = clientSecret;
+                    privateMethods.
+                    setCachedTenantBasedClientAppCredentials(tenantDomain, dynamicClientAppCredentials);
+                } else if (xhr["status"] == 400) {
+                    log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
+                        "Bad request. Invalid data provided as dynamic client application properties.");
+                    dynamicClientAppCredentials = null;
+                } else {
+                    log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
+                        "Error in retrieving dynamic client credentials.");
+                    dynamicClientAppCredentials = null;
+                }
+                // returning dynamic client credentials
+                return dynamicClientAppCredentials;
+            }
+        }
+    };
+
+    /**
+     * If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create oauth application
+     * @param username   username of current logged user
+     * @returns {{clientId:*, clientSecret:*}}
+     */
+    publicMethods["getTenantBasedClientAppCredentials"] = function (username) {
+        if (!username) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+                "based client app credentials. No username " +
+                "as input - getTenantBasedClientAppCredentials(x)");
+            return null;
+        } else {
+            //noinspection JSUnresolvedFunction, JSUnresolvedVariable
+            var tenantDomain = carbon.server.tenantDomain({username: username});
+
+            if (!tenantDomain) {
+                log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+                    "based client application credentials. Unable to obtain a valid tenant domain for provided " +
+                    "username - getTenantBasedClientAppCredentials(x, y)");
+                return null;
+            } else {
+                var cachedTenantBasedClientAppCredentials = privateMethods.
+                getCachedTenantBasedClientAppCredentials(tenantDomain);
+                if (cachedTenantBasedClientAppCredentials) {
+                    return cachedTenantBasedClientAppCredentials;
+                } else {
+                    var adminUsername = configs["authorization"]["methods"]["oauth"]["attributes"]["adminUser"];
+                    var adminUserTenantId = configs["authorization"]["methods"]["oauth"]["attributes"]
+                        ["adminUserTenantId"];
+                    //claims required for jwtAuthenticator.
+                    var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
+                        "http://wso2.org/claims/enduser": adminUsername};
+                    var jwtToken = publicMethods.getJwtToken(adminUsername, claims);
+                    // register a tenant based client app at API Manager
+                    var applicationName = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+                            ["appRegistration"]["clientName"] + "_" + tenantDomain;
+                    var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+                            ["appRegistration"]["apiManagerClientAppRegistrationServiceURL"] +
+                        "?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName;
+                    var xhr = new XMLHttpRequest();
+                    xhr.open("POST", requestURL, false);
+                    xhr.setRequestHeader("Content-Type", "application/json");
+                    xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken);
+                    xhr.send();
+                    if ((xhr["status"] == 201 || xhr["status"] == 200) && xhr["responseText"]) {
+                        var responsePayload = parse(xhr["responseText"]);
+                        var tenantBasedClientAppCredentials = {};
+                        var clientId = responsePayload["client_id"];
+                        var clientSecret = responsePayload["client_secret"];
+                        if(typeof clientId == "undefined"){
+                            clientId = responsePayload["clientId"];
+                        }
+                        if(typeof clientSecret == "undefined"){
+                            clientSecret = responsePayload["clientSecret"];
+                        }
+                        tenantBasedClientAppCredentials["clientId"] = clientId;
+                        tenantBasedClientAppCredentials["clientSecret"] = clientSecret;
+                        privateMethods.
+                        setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials);
+                        return tenantBasedClientAppCredentials;
+                    } else {
+                        log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+                            "based client application credentials from API " +
+                            "Manager - getTenantBasedClientAppCredentials(x, y)");
+                        return null;
+                    }
+                }
+            }
+        }
+    };
+
+    /**
+     * Caching oauth application credentials
+     * @param tenantDomain            tenant domain where application is been created
+     * @param clientAppCredentials    {{clientId:*, clientSecret:*}}
+     */
+    privateMethods["setCachedTenantBasedClientAppCredentials"] = function (tenantDomain, clientAppCredentials) {
+        var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
+        if (!cachedTenantBasedClientAppCredentialsMap) {
+            cachedTenantBasedClientAppCredentialsMap = {};
+            cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
+            application.put(constants["CACHED_CREDENTIALS_PORTAL_APP"], cachedTenantBasedClientAppCredentialsMap);
+        } else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
+            cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
+        }
+    };
+
+    /**
+     * Get oauth application credentials from cache
+     * @param tenantDomain    tenant domain where application is been created
+     * @returns {{clientId:*, clientSecret:*}}
+     */
+    privateMethods["getCachedTenantBasedClientAppCredentials"] = function (tenantDomain) {
+        var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
+        if (!cachedTenantBasedClientAppCredentialsMap ||
+            !cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
+            return null;
+        } else {
+            return cachedTenantBasedClientAppCredentialsMap[tenantDomain];
+        }
+    };
+
+    /**
+     * Get access token and refresh token using password grant type
+     * @param username                      username of the logged user
+     * @param password                      password of the logged user
+     * @param encodedClientAppCredentials   {{clientId:*, clientSecret:*}}
+     * @param scopes                         scopes list
+     * @returns {{accessToken: *, refreshToken: *}}
+     */
+    publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password
+        , encodedClientAppCredentials, scopes) {
+        if (!username || !password || !encodedClientAppCredentials || !scopes) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " +
+                "grant type. No username, password, encoded client app credentials or scopes are " +
+                "found - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
+            return null;
+        } else {
+            // calling oauth provider token service endpoint
+            var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+                ["tokenServiceURL"];
+            var requestPayload = "grant_type=password&username=" +
+                username + "&password=" + password + "&scope=" + scopes;
+
+            var xhr = new XMLHttpRequest();
+            xhr.open("POST", requestURL, false);
+            xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+            xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
+            xhr.send(requestPayload);
+
+            if (xhr["status"] == 200 && xhr["responseText"]) {
+                var responsePayload = parse(xhr["responseText"]);
+                var tokenData = {};
+                tokenData["accessToken"] = responsePayload["access_token"];
+                tokenData["refreshToken"] = responsePayload["refresh_token"];
+                tokenData["scopes"] = responsePayload["scope"];
+                return tokenData;
+            } else {
+                log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
+                    "by password grant type - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
+                return null;
+            }
+        }
+    };
+
+	/**
+	 * Get access token and refresh token using SAML grant type
+	 * @param assertion
+	 * @param encodedClientAppCredentials
+	 * @param scopes
+	 * @returns {{accessToken: *, refreshToken: *}}
+	 */
+	publicMethods["getTokenPairAndScopesByJWTGrantType"] = function (username, encodedClientAppCredentials, scopes) {
+		if (!username || !encodedClientAppCredentials || !scopes) {
+			log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token by jwt " +
+			"grant type. No assertion, encoded client app credentials or scopes are " +
+			"found - getTokenPairAndScopesByJWTGrantType(x, y, z)");
+			return null;
+		} else {
+			var JWTClientManagerServicePackagePath =
+				"org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
+			//noinspection JSUnresolvedFunction, JSUnresolvedVariable
+			var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
+			//noinspection JSUnresolvedFunction
+			var jwtClient = JWTClientManagerService.getJWTClient();
+			// returning access token by JWT grant type
+			var tokenInfo = jwtClient.getAccessToken(encodedClientAppCredentials,
+				username, scopes);
+			var tokenData = {};
+			tokenData["accessToken"] = tokenInfo.getAccessToken();
+			tokenData["refreshToken"] = tokenInfo.getRefreshToken();
+			tokenData["scopes"] = tokenInfo.getScopes();
+			return tokenData;
+		}
+	};
+
+    /**
+     * Get access token and refresh token using SAML grant type
+     * @param assertion
+     * @param encodedClientAppCredentials
+     * @param scopes
+     * @returns {{accessToken: *, refreshToken: *}}
+     */
+    publicMethods["getTokenPairAndScopesBySAMLGrantType"] = function (assertion, encodedClientAppCredentials, scopes) {
+        if (!assertion || !encodedClientAppCredentials || !scopes) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml " +
+                "grant type. No assertion, encoded client app credentials or scopes are " +
+                "found - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
+            return null;
+        } else {
+
+            var assertionXML = publicMethods.decode(assertion);
+            /*
+             TODO: make assertion extraction with proper parsing.
+             Since Jaggery XML parser seem to add formatting which causes signature verification to fail.
+             */
+            var assertionStartMarker = "<saml2:Assertion";
+            var assertionEndMarker = "<\/saml2:Assertion>";
+            var assertionStartIndex = assertionXML.indexOf(assertionStartMarker);
+            var assertionEndIndex = assertionXML.indexOf(assertionEndMarker);
+
+            var extractedAssertion;
+            if (assertionStartIndex == -1 || assertionEndIndex == -1) {
+                log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml grant " +
+                    "type. Issue in assertion format - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
+                return null;
+            } else {
+                extractedAssertion = assertionXML.
+                    substring(assertionStartIndex, assertionEndIndex) + assertionEndMarker;
+                var encodedAssertion = publicMethods.encode(extractedAssertion);
+                // calling oauth provider token service endpoint
+                var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+                    ["tokenServiceURL"];
+                var requestPayload = "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&" +
+                    "assertion=" + encodeURIComponent(encodedAssertion) + "&scope=" + scopes;
+                var xhr = new XMLHttpRequest();
+                xhr.open("POST", requestURL, false);
+                xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+                xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
+                xhr.send(requestPayload);
+
+                if (xhr["status"] == 200 && xhr["responseText"]) {
+                    var responsePayload = parse(xhr["responseText"]);
+                    var tokenData = {};
+                    tokenData["accessToken"] = responsePayload["access_token"];
+                    tokenData["refreshToken"] = responsePayload["refresh_token"];
+                    tokenData["scopes"] = responsePayload["scope"];
+                    return tokenData;
+                } else {
+                    log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
+                        "by password grant type - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
+                    return null;
+                }
+            }
+        }
+    };
+
+    /**
+     * If access token is expired, try to refresh it using existing refresh token
+     * @param callback
+     */
+    publicMethods["refreshAccessToken"] = function (callback) {
+        try {
+            if (publicMethods.checkOAuthEnabled()) {
+                var currentTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"]));
+                // currentTokenPair includes current access token as well as current refresh token
+                var encodedClientAppCredentials
+                    = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
+                if (!currentTokenPair || !encodedClientAppCredentials) {
+                    callback(false);
+                    throw new Error("{/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " +
+                        "token pair, encoded client app credentials or both input are not found under " +
+                        "session context - refreshTokenPair()");
+                } else {
+                    var newTokenPair = publicMethods.
+                    getNewTokenPairByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials);
+                    if (!newTokenPair) {
+                        log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " +
+                            "Unable to update session context with new access token pair - refreshTokenPair()");
+                        callback(false);
+                    } else {
+                        session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(newTokenPair));
+                        callback(true);
+                    }
+                }
+            } else {
+                log.error("You have not enable dynamic client yet");
+                callback(false);
+            }
+        } catch (exception) {
+            callback(false);
+            throw "Error while refreshing existing access token, " + exception;
+        }
+    };
+
+    /**
+     * Get access token and refresh token using refresh token grant type
+     * @param refreshToken                  refresh token
+     * @param encodedClientAppCredentials   {{clientId:*, clientSecret:*}}
+     * @param scopes
+     * @returns {{accessToken: *, refreshToken: *}}
+     */
+    publicMethods["getNewTokenPairByRefreshToken"] = function (refreshToken, encodedClientAppCredentials, scopes) {
+        if (!refreshToken || !encodedClientAppCredentials) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token " +
+                "by current refresh token. No refresh token or encoded client app credentials are " +
+                "found - getNewTokenPairByRefreshToken(x, y, z)");
+            return null;
+        } else {
+            var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+                ["tokenServiceURL"];
+            var requestPayload = "grant_type=refresh_token&refresh_token=" + refreshToken;
+            if (scopes) {
+                requestPayload = requestPayload + "&scope=" + scopes;
+            }
+
+            var xhr = new XMLHttpRequest();
+            xhr.open("POST", requestURL, false);
+            xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+            xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
+            xhr.send(requestPayload);
+
+            if (xhr["status"] == 200 && xhr["responseText"]) {
+                var responsePayload = parse(xhr["responseText"]);
+                var tokenPair = {};
+                tokenPair["accessToken"] = responsePayload["access_token"];
+                tokenPair["refreshToken"] = responsePayload["refresh_token"];
+                return tokenPair;
+            } else {
+                log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token by " +
+                    "current refresh token - getNewTokenPairByRefreshToken(x, y, z)");
+                return null;
+            }
+        }
+    };
+
+    /**
+     * Get access token using JWT grant type
+     * @param clientAppCredentials {{clientId:*, clientSecret:*}}
+     * @returns {{accessToken: *, refreshToken: *}}
+     */
+    publicMethods["getAccessTokenByJWTGrantType"] =  function (clientAppCredentials) {
+        if (!clientAppCredentials) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token " +
+                "by current refresh token. No client app credentials are found " +
+                "as input - getAccessTokenByJWTGrantType(x)");
+            return null;
+        } else {
+            var JWTClientManagerServicePackagePath =
+                "org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
+            //noinspection JSUnresolvedFunction, JSUnresolvedVariable
+            var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
+            //noinspection JSUnresolvedFunction
+            var jwtClient = JWTClientManagerService.getJWTClient();
+            // returning access token by JWT grant type
+            return jwtClient.getAccessToken(clientAppCredentials["clientId"], clientAppCredentials["clientSecret"],
+                configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"],
+                null)["accessToken"];
+        }
+    };
+
+    /**
+     * Get jwt token
+     * @param username  username of logged user
+     * @param claims    claims which are required
+     * @returns {"jwtToken"}
+     */
+    publicMethods["getJwtToken"] =  function (username, claims) {
+        if (!username) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new jwt token");
+            return null;
+        } else {
+            var JWTClientManagerServicePackagePath =
+                "org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
+            //noinspection JSUnresolvedFunction, JSUnresolvedVariable
+            var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
+            //noinspection JSUnresolvedFunction
+            var jwtClient = JWTClientManagerService.getJWTClient();
+            // returning access token by JWT grant type
+            if (claims) {
+                return jwtClient.getJwtToken(username, claims);
+            } else {
+                return jwtClient.getJwtToken(username);
+            }
+        }
+    };
+    return publicMethods;
+}();
diff --git a/modules/analytics/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handlers.js b/modules/analytics/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handlers.js
new file mode 100644
index 00000000..2167f7a9
--- /dev/null
+++ b/modules/analytics/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handlers.js
@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * -----------------------------------------------------
+ * Following module includes handlers
+ * at Jaggery Layer for handling OAuth tokens.
+ * -----------------------------------------------------
+ */
+var handlers = function () {
+    var log = new Log("/modules/oauth/token-handlers.js");
+
+    var tokenUtil = require("/modules/oauth/token-handler-utils.js")["utils"];
+    var constants = require("/modules/constants.js");
+    var configs = require('/configs/portal.js').config();
+
+    var publicMethods = {};
+    var privateMethods = {};
+
+    /**
+     * Get an AccessToken pair based on username and password
+     * @param username   username of the logged user
+     * @param password   password of the logged user
+     */
+    publicMethods["setupTokenPairByPasswordGrantType"] = function (username, password) {
+        if (!username || !password) {
+            throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
+                "password grant type. Either username of logged in user, password or both are missing " +
+                    "as input - setupTokenPairByPasswordGrantType(x, y)");
+        } else {
+            privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
+            var encodedClientAppCredentials =
+                session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
+            if (!encodedClientAppCredentials) {
+                throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
+                    "password grant type. Encoded client credentials are " +
+                        "missing - setupTokenPairByPasswordGrantType(x, y)");
+            } else {
+                var tokenData;
+                // tokenPair will include current access token as well as current refresh token
+                var arrayOfScopes = configs["authorization"]["methods"]["oauth"]["attributes"]["scopes"];
+                var stringOfScopes = "";
+                arrayOfScopes.forEach(function (entry) {
+                    stringOfScopes += entry + " ";
+                });
+                tokenData = tokenUtil.
+                    getTokenPairAndScopesByPasswordGrantType(username,
+                        encodeURIComponent(password), encodedClientAppCredentials, stringOfScopes);
+                if (!tokenData) {
+                    throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up " +
+                        "token pair by password grant type. Error in token " +
+                            "retrieval - setupTokenPairByPasswordGrantType(x, y)");
+                } else {
+                    var tokenPair = {};
+                    tokenPair["accessToken"] = tokenData["accessToken"];
+                    tokenPair["refreshToken"] = tokenData["refreshToken"];
+                    // setting up token pair into session context as a string
+                    session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(tokenPair));
+                    var scopes = tokenData.scopes.split(" ");
+                    // adding allowed scopes to the session
+                    session.put(constants["ALLOWED_SCOPES"], scopes);
+                }
+            }
+        }
+    };
+
+    /**
+     * Get an AccessToken pair based on SAML assertion
+     * @param samlToken         SAML assertion
+     * @param username          {{clientId:"", clientSecret:""}}
+     */
+    publicMethods["setupTokenPairBySamlGrantType"] = function (username, samlToken) {
+        if (!username || !samlToken) {
+            throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
+                "saml grant type. Either username of logged in user, samlToken or both are missing " +
+                    "as input - setupTokenPairBySamlGrantType(x, y)");
+        } else {
+            privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
+            var encodedClientAppCredentials =
+                session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
+            if (!encodedClientAppCredentials) {
+                throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " +
+                    "by saml grant type. Encoded client credentials are " +
+                        "missing - setupTokenPairBySamlGrantType(x, y)");
+            } else {
+                var tokenData;
+                // accessTokenPair will include current access token as well as current refresh token
+                tokenData = tokenUtil.
+                    getTokenPairAndScopesByJWTGrantType(username, encodedClientAppCredentials, "PRODUCTION");
+                if (!tokenData) {
+                    throw new Error("{/modules/oauth/token-handlers.js} Could not set up token " +
+                        "pair by saml grant type. Error in token " +
+                            "retrieval - setupTokenPairBySamlGrantType(x, y)");
+                } else {
+                    var tokenPair = {};
+                    tokenPair["accessToken"] = tokenData["accessToken"];
+                    tokenPair["refreshToken"] = tokenData["refreshToken"];
+                    // setting up access token pair into session context as a string
+                    session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(tokenPair));
+
+                    var scopes = tokenData.scopes.split(" ");
+                    // adding allowed scopes to the session
+                    session.put(constants["ALLOWED_SCOPES"], scopes);
+                }
+            }
+        }
+    };
+
+    /**
+     * Set access token and refresh token using refresh token grant type
+     */
+    publicMethods["refreshTokenPair"] = function () {
+        var currentTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"]));
+        // currentTokenPair includes current access token as well as current refresh token
+        var encodedClientAppCredentials
+            = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
+        if (!currentTokenPair || !encodedClientAppCredentials) {
+            throw new Error("{/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " +
+                "token pair, encoded client app credentials or both input are not found under " +
+                    "session context - refreshTokenPair()");
+        } else {
+            var newTokenPair = tokenUtil.
+                getNewTokenPairByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials);
+            if (!newTokenPair) {
+                log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " +
+                    "Unable to update session context with new access token pair - refreshTokenPair()");
+            } else {
+                session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(newTokenPair));
+            }
+        }
+    };
+
+    /**
+     * If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create an oauth application or
+     * else DCR endpoint is used to create an oauth application
+     * @param username   username of current logged user
+     */
+    privateMethods["setUpEncodedTenantBasedClientAppCredentials"] = function (username) {
+        if (!username) {
+            throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
+                "client credentials to session context. No username of logged in user is found as " +
+                    "input - setUpEncodedTenantBasedClientAppCredentials(x)");
+        } else {
+            if (configs["authorization"]["methods"]["oauth"]["attributes"]["apimgt-gateway"]) {
+				var tenantBasedClientAppCredentials = tokenUtil.getTenantBasedClientAppCredentials(username);
+				if (!tenantBasedClientAppCredentials) {
+					throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant " +
+					"based client credentials to session context as the server is unable " +
+					"to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
+				} else {
+					var encodedTenantBasedClientAppCredentials =
+						tokenUtil.encode(tenantBasedClientAppCredentials["clientId"] + ":" +
+						tenantBasedClientAppCredentials["clientSecret"]);
+					// setting up encoded tenant based client credentials to session context.
+					session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"],
+						encodedTenantBasedClientAppCredentials);
+				}
+            } else {
+                var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials(username);
+                if (!dynamicClientAppCredentials) {
+                    throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
+                    "client credentials to session context as the server is unable to obtain " +
+                    "dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
+                }
+                var encodedTenantBasedClientAppCredentials =
+                    tokenUtil.encode(dynamicClientAppCredentials["clientId"] + ":" +
+                    dynamicClientAppCredentials["clientSecret"]);
+                // setting up encoded tenant based client credentials to session context.
+                session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"],
+                    encodedTenantBasedClientAppCredentials);
+            }
+
+        }
+    };
+
+    return publicMethods;
+}();
\ No newline at end of file
diff --git a/modules/analytics/distribution/src/ues/designer.json b/modules/analytics/distribution/src/ues/designer.json
index 477b04eb..c0ec1196 100644
--- a/modules/analytics/distribution/src/ues/designer.json
+++ b/modules/analytics/distribution/src/ues/designer.json
@@ -43,10 +43,11 @@
                             "password":"admin",
                             "dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register",
                             "apiManagerClientAppRegistrationServiceURL": "https://localhost:9443/api-application-registration/register/tenants",
-                            "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer",
+                            "grantType": "urn:ietf:urn:ietf:params:oauth:grant-type:saml2-bearer",
                             "tokenScope": "admin",
                             "callbackUrl": "https://localhost:9445/portal",
                             "saasApp":true
+
                         },
                         "tokenServiceURL": "https://localhost:9443/oauth2/token"
                     },
diff --git a/modules/analytics/p2-profile-gen/pom.xml b/modules/analytics/p2-profile-gen/pom.xml
index 715c17ad..b245368b 100644
--- a/modules/analytics/p2-profile-gen/pom.xml
+++ b/modules/analytics/p2-profile-gen/pom.xml
@@ -395,6 +395,9 @@
                                 <featureArtifactDef>
                                     org.wso2.carbon.devicemgt-plugins:org.wso2.extension.siddhi.execution.json.feature:${carbon.device.mgt.plugin.version}
                                 </featureArtifactDef>
+								<featureArtifactDef>
+									org.wso2.carbon.identity:org.wso2.carbon.identity.authenticator.mutualssl.feature:${identity.carbon.auth.mutual.ssl.version}
+								</featureArtifactDef>
                             </featureArtifacts>
                         </configuration>
                     </execution>
diff --git a/modules/core/distribution/identity_config_change.xml b/modules/core/distribution/identity_config_change.xml
index 2b56094e..ddcc0cef 100644
--- a/modules/core/distribution/identity_config_change.xml
+++ b/modules/core/distribution/identity_config_change.xml
@@ -7,7 +7,7 @@
 	<!-- Add the scope validator config element -->
 	<add>
 		<after>//s:Server/s:OAuth/s:OAuthCallbackHandlers</after>
-		<value><![CDATA[<OAuthScopeValidator class="org.wso2.carbon.device.mgt.oauth.extensions.validators.ExtendedJDBCScopeValidator"/>]]></value>
+		<value><![CDATA[<OAuthScopeValidator class="org.wso2.carbon.device.mgt.oauth.extensions.handlers.ScopeValidationHandler"/>]]></value>
 	</add>
 	<!-- Add the ntlm grant type validator config element -->
 	<add>
@@ -25,7 +25,7 @@
 		<value>
 			<![CDATA[<SupportedGrantType>
 		<GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
-		<GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler</GrantTypeHandlerImplClass>
+		<GrantTypeHandlerImplClass>org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant.ExtendedJWTGrantHandler</GrantTypeHandlerImplClass>
 		<GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
 	</SupportedGrantType>]]></value>
 	</add>
diff --git a/modules/core/distribution/input-adapter-change.xml b/modules/core/distribution/input-adapter-change.xml
index 854702e0..f716cd3e 100644
--- a/modules/core/distribution/input-adapter-change.xml
+++ b/modules/core/distribution/input-adapter-change.xml
@@ -9,9 +9,12 @@
 	<property key="jobQueueSize">10000</property>
 	<property key="maximumHttpConnectionPerHost">2</property>
 	<property key="maximumTotalHttpConnection">100</property>
-	<property key="keymanagerUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
+	<property key="tokenValidationUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
 	<property key="username">admin</property>
 	<property key="password">admin</property>
+	<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
+	<property key="deviceMgtServerUrl">https://${iot.gateway.host}:${iot.gateway.https.port}</property>
+	<property key="tokenRefreshTimeOffset">100</property>
 </adapterConfig>
 
 <adapterConfig type="oauth-mqtt">
@@ -22,8 +25,9 @@
 	<property key="jobQueueSize">10000</property>
 	<property key="connectionKeepAliveInterval">60</property>
 	<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
-	<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
 	<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
+	<property key="username">admin</property>
+	<property key="password">admin</property>
 </adapterConfig>]]></value>
 	</add>
 </processor>
\ No newline at end of file
diff --git a/modules/core/distribution/output-adapter-change.xml b/modules/core/distribution/output-adapter-change.xml
index 9f4a0aa4..6db841ef 100644
--- a/modules/core/distribution/output-adapter-change.xml
+++ b/modules/core/distribution/output-adapter-change.xml
@@ -12,6 +12,8 @@
         <property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
         <property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
         <property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
+        <property key="username">admin</property>
+		<property key="password">admin</property>
     </adapterConfig>
 
     <adapterConfig type="secured-websocket">
@@ -22,7 +24,7 @@
         <property key="jobQueueSize">10000</property>
         <!--Authorizer holds the information of the authorizer that is used authorize a connection.-->
         <property key="authenticator">org.wso2.carbon.device.mgt.output.adapter.websocket.authentication.OAuthAuthenticator</property>
-        <property key="keymanagerUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
+        <property key="tokenValidationUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
         <property key="maximumHttpConnectionPerHost">2</property>
         <property key="maximumTotalHttpConnection">100</property>
         <property key="authorizer">org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.DeviceAuthorizer</property>
diff --git a/modules/core/distribution/pom.xml b/modules/core/distribution/pom.xml
index ecb942e9..6b74d4c3 100644
--- a/modules/core/distribution/pom.xml
+++ b/modules/core/distribution/pom.xml
@@ -140,7 +140,11 @@
 									<token>(org.wso2.carbon.identity.oauth.callback.DefaultCallbackHandler)</token>
 									<value>org.wso2.carbon.apimgt.keymgt.util.APIManagerOAuthCallbackHandler</value>
 								</replacement>
-
+								<replacement>
+									<xpath>/Server/SSOService/UseAuthenticatedUserDomainCrypto</xpath>
+									<token>(false)</token>
+									<value>true</value>
+								</replacement>
 							</replacements>
 						</configuration>
 					</execution>
diff --git a/modules/core/distribution/src/assembly/bin.xml b/modules/core/distribution/src/assembly/bin.xml
index fb448067..47826d10 100644
--- a/modules/core/distribution/src/assembly/bin.xml
+++ b/modules/core/distribution/src/assembly/bin.xml
@@ -73,7 +73,7 @@
                 <exclude>**/lib/httpmime*</exclude>
                 <exclude>**/lib/encoder*</exclude>
                 <exclude>**/plugins/jaxb*</exclude>
-                <exclude>**/security/authenticators.xml</exclude>
+                <exclude>**/repository/conf/security/authenticators.xml</exclude>
 				<exclude>**/user-mgt.xml</exclude>
 
                 <exclude>**/plugins/org.wso2.carbon.localentry.ui*</exclude>
@@ -115,6 +115,11 @@
                 <exclude>**/repository/conf/security/Owasp.CsrfGuard.Carbon.properties</exclude>
                 <exclude>**/repository/components/plugins/httpclient_4.3.2.wso2v1.jar</exclude>
                 <exclude>**/conf/tomcat/carbon/WEB-INF/web.xml</exclude>
+				<exclude>**/repository/components/plugins/org.wso2.carbon.hostobjects.sso_4.5.4.jar</exclude>
+				<exclude>**/bin/wso2server.sh</exclude>
+				<exclude>**/bin/wso2server.bat</exclude>
+				<exclude>**/repository/deployment/server/jaggeryapps/portal/modules/oauth/plugins/token-handler-utils.js</exclude>
+				<exclude>**/repository/deployment/server/jaggeryapps/portal/modules/oauth/plugins/token-handlers.js</exclude>
             </excludes>
         </fileSet>
 
@@ -128,18 +133,6 @@
                 <include>*/**</include>
             </includes>
         </fileSet>
-        <fileSet>
-            <directory>target/wso2carbon-core-${carbon.kernel.version}</directory>
-            <outputDirectory>${pom.artifactId}-${pom.version}</outputDirectory>
-            <includes>
-                <include>**/*.sh</include>
-            </includes>
-            <excludes>
-                <exclude>bin/wso2server.sh</exclude>
-                <exclude>bin/wso2server.bat</exclude>
-            </excludes>
-            <fileMode>755</fileMode>
-        </fileSet>
 
         <!-- Multi-tenancy related file -->
         <fileSet>
@@ -414,7 +407,7 @@
             <outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/carbonapps
             </outputDirectory>
         </fileSet>
-        <fileSet>
+		<fileSet>
             <directory>
                 ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/resources
             </directory>
@@ -755,6 +748,29 @@
                 <include>**/*</include>
             </includes>
         </fileSet>
+
+        <!-- Files required to mobile-qsg -->
+        <fileSet>
+            <directory>../scripts/mobile-qsg/resources</directory>
+            <outputDirectory>
+                ${pom.artifactId}-${pom.version}/samples/mobile-qsg
+            </outputDirectory>
+            <includes>
+                <include>**/**</include>
+            </includes>
+        </fileSet>
+
+        <fileSet>
+            <directory>../scripts/mobile-qsg/target</directory>
+            <outputDirectory>
+                ${pom.artifactId}-${pom.version}/repository/deployment/server/webapps
+            </outputDirectory>
+            <includes>
+                <include>**/**</include>
+            </includes>
+        </fileSet>
+        <!-- Files required to mobile-qsg -->
+
     </fileSets>
 
     <dependencySets>
@@ -797,6 +813,20 @@
             </outputDirectory>
             <fileMode>755</fileMode>
         </file>
+		<file>
+			<source>src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js</source>
+			<outputDirectory>
+				${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth
+			</outputDirectory>
+			<fileMode>755</fileMode>
+		</file>
+		<file>
+			<source>src/repository/jaggeryapps/portal/modules/oauth/token-handlers.js</source>
+			<outputDirectory>
+				${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/modules/oauth
+			</outputDirectory>
+			<fileMode>755</fileMode>
+		</file>
         <!-- End of "portal" app specific modifications -->
 
         <!-- Copying config file for enabling sso in api-store-->
@@ -953,6 +983,14 @@
             <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf</outputDirectory>
             <fileMode>644</fileMode>
         </file>
+		<!-- Copying apim-integration.xml -->
+		<file>
+			<source>
+				../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/apim-integration.xml
+			</source>
+			<outputDirectory>${pom.artifactId}-${pom.version}/repository/conf</outputDirectory>
+			<fileMode>644</fileMode>
+		</file>
         <!-- Copying api-manager.xml -->
         <file>
             <source>src/repository/conf/api-manager.xml</source>
@@ -986,7 +1024,7 @@
         -->
         <file>
             <source>
-                src/repository/conf/cdm-config.xml
+				../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/conf/cdm-config.xml
             </source>
             <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf</outputDirectory>
             <filtered>true</filtered>
@@ -1305,9 +1343,9 @@
         <!-- Adding IoT Analytics Dashboard and gadget CApps -->
         <file>
             <source>
-                ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/carbonapps/org_wso2_carbon_analytics_cdmf-1.0.0.car
+                ../p2-profile-gen/target/wso2carbon-core-${carbon.kernel.version}/repository/resources/devicetypes/device_management/org_wso2_carbon_analytics_cdmf-1.0.0.car
             </source>
-            <outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/carbonapps/</outputDirectory>
+            <outputDirectory>${pom.artifactId}-${pom.version}/repository/resources/devicetypes/device_management/</outputDirectory>
             <fileMode>644</fileMode>
         </file>
         <!-- Copying webapp-publisher-config.xml -->
@@ -1441,5 +1479,43 @@
             </outputDirectory>
             <fileMode>755</fileMode>
         </file>
+        <file>
+            <source>
+                src/repository/cloud/portal/common.css
+            </source>
+            <outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/css
+            </outputDirectory>
+
+        </file>
+        <file>
+            <source>
+                src/repository/cloud/portal/portal.js
+            </source>
+            <outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/js
+            </outputDirectory>
+
+        </file>
+        <file>
+            <source>
+                src/repository/cloud/portal/global-navigation.jag
+            </source>
+            <outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/jaggeryapps/portal/theme/templates
+            </outputDirectory>
+        </file>
+
+        <!-- Copying mobile-qsg jar  -->
+        <file>
+            <source>../scripts/mobile-qsg/target/mobile-qsg.jar</source>
+            <outputDirectory>
+                ${pom.artifactId}-${pom.version}/samples/mobile-qsg
+            </outputDirectory>
+        </file>
+        <file>
+            <source>../scripts/mobile-qsg/target/org.wso2.carbon.appmgt.oauth.core-1.2.5.jar</source>
+            <outputDirectory>
+                ${pom.artifactId}-${pom.version}/repository/components/dropins
+            </outputDirectory>
+        </file>
+
     </files>
 </assembly>
diff --git a/modules/core/distribution/src/repository/bin/wso2server.bat b/modules/core/distribution/src/repository/bin/wso2server.bat
index 17b473c3..6a5b22e8 100644
--- a/modules/core/distribution/src/repository/bin/wso2server.bat
+++ b/modules/core/distribution/src/repository/bin/wso2server.bat
@@ -162,7 +162,7 @@ set CARBON_CLASSPATH=.\lib;%CARBON_CLASSPATH%
 
 set JAVA_ENDORSED=".\lib\endorsed";"%JAVA_HOME%\jre\lib\endorsed";"%JAVA_HOME%\lib\endorsed"
 
-set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof"  -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf"  -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true -Dorg.opensaml.httpclient.https.disableHostnameVerification=true -Diot.analytics.host="localhost" -Diot.analytics.https.port="9445" -Dmqtt.broker.host="localhost" -Dmqtt.broker.port="1886" -Diot.core.host="localhost" -Diot.core.https.port="9443" -Diot.keymanager.host="localhost" -Diot.keymanager.https.port="9443" -Diot.gateway.host="localhost" -Diot.gateway.https.port="8243" -Diot.gateway.http.port="8280"
+set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof"  -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf"  -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true -Dorg.opensaml.httpclient.https.disableHostnameVerification=true -Diot.analytics.host="localhost" -Diot.analytics.https.port="9445" -Diot.manager.host="localhost" -Diot.manager.https.port="9445" -Dmqtt.broker.host="localhost" -Dmqtt.broker.port="1886" -Diot.core.host="localhost" -Diot.core.https.port="9443" -Diot.keymanager.host="localhost" -Diot.keymanager.https.port="9443" -Diot.gateway.host="localhost" -Diot.gateway.https.port="8243" -Diot.gateway.http.port="8280" -Diot.apimpublisher.host="localhost" -Diot.apimpublisher.https.port="9443" -Diot.apimstore.host="localhost" -Diot.apimstore.https.port="8243"
 
 :runJava
 echo JAVA_HOME environment variable is set to %JAVA_HOME%
diff --git a/modules/core/distribution/src/repository/bin/wso2server.sh b/modules/core/distribution/src/repository/bin/wso2server.sh
index 656b52a2..329a6ecf 100755
--- a/modules/core/distribution/src/repository/bin/wso2server.sh
+++ b/modules/core/distribution/src/repository/bin/wso2server.sh
@@ -309,6 +309,8 @@ do
     -Dorg.opensaml.httpclient.https.disableHostnameVerification=true \
     -Diot.analytics.host="localhost" \
     -Diot.analytics.https.port="9445" \
+    -Diot.manager.host="localhost" \
+    -Diot.manager.https.port="9443" \
     -Dmqtt.broker.host="localhost" \
     -Dmqtt.broker.port="1886" \
     -Diot.core.host="localhost" \
@@ -318,6 +320,10 @@ do
     -Diot.gateway.host="localhost" \
     -Diot.gateway.https.port="8243" \
     -Diot.gateway.http.port="8280" \
+    -Diot.apimpublisher.host="localhost" \
+    -Diot.apimpublisher.https.port="9443" \
+    -Diot.apimstore.host="localhost" \
+    -Diot.apimstore.https.port="9443" \
     org.wso2.carbon.bootstrap.Bootstrap $*
     status=$?
 done
diff --git a/modules/core/distribution/src/repository/cloud/portal/common.css b/modules/core/distribution/src/repository/cloud/portal/common.css
new file mode 100644
index 00000000..091a6501
--- /dev/null
+++ b/modules/core/distribution/src/repository/cloud/portal/common.css
@@ -0,0 +1,245 @@
+/*
+ * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+.truncate {
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+}
+
+/**
+ * Validation messages
+ */
+.required {
+    color: #e74c3c;
+}
+
+.required-error {
+    background: #a94442;
+    border: 1px solid #a94442;
+    padding: 6px 12px;
+    color: #fff;
+}
+
+/**
+ * Theme overrides
+ */
+.breadcrumb li .fw-home {
+    float: left;
+    padding-top: 2px;
+    margin-right: 5px;
+}
+
+/**
+ * Auth menu
+ */
+.auth .hidden-xs {
+    line-height: 38px;
+}
+
+.auth-xs {
+    color: #fff;
+}
+
+.auth-xs ul {
+    list-style: none;
+    padding: 0;
+    margin: 0;
+    line-height: 28px;
+    background-color: #2a80b9;
+}
+
+.auth-xs li {
+    color: #ccc;
+}
+
+.auth-xs li a {
+    display: block;
+    color: #fff;
+}
+
+.auth-xs li a:hover {
+    background-color: #499dd5;
+}
+
+ul.dropdown-menu.more-actions-button {
+    list-style-type: none;
+    margin: 0;
+    padding: 0;
+    overflow: hidden;
+    width: 40px;
+    background: #F9F9F9;
+    border-bottom: 1px solid #EFEFEF;
+    min-width: 45px;
+
+}
+
+ul.dropdown-menu.more-actions-button > li {
+    height: 40px;
+    width: 40px;
+    border: 1px;
+}
+
+ul.dropdown-menu.more-actions-button > li > button {
+    border-bottom: 1px solid #e4e4e4;
+    border-top: 1px solid darkred;
+}
+
+.btn-group.open .dropdown-toggle {
+    -webkit-box-shadow: none;
+    box-shadow: none;
+    border: 0px;
+}
+
+.btn-custom {
+    border-width: 1px;
+}
+
+
+.cloud-menu .popover {
+    border-radius: 0px;
+    width: 24em;
+    left: -21.1em !important;
+    max-width: 32em;
+    background-color: #006690
+}
+.cloud-menu .popover-title,.navbar-header .popover-title {
+    background-color: #006690;
+    font-size: 16px;
+    border-bottom: none;
+    font-weight: 400;
+}
+.cloud-menu .popover.bottom>.arrow{
+    margin-left:-2px;
+}
+.cloud-menu .popover.bottom>.arrow:after,.navbar-header .popover.bottom>.arrow:after{
+    border-bottom-color: #006690;
+}
+.cloud-block {
+    float: left;
+    width: 8.2em;
+    height: 8.2em;
+    background-color: #fff;
+    margin: 0.5em 0em 0.5em 0.5em;
+    text-align: center;
+    vertical-align: middle;
+}
+.cloud-name {
+    font-size:14px;
+    margin-top: .5em;
+    font-weight: 400;
+}
+.cloud-menu-popover {
+    position: relative;
+    float: right;
+    padding: 0px 8px;
+    background-color: transparent;
+    background-image: none;
+    border: 1px solid transparent;
+    border-radius: 4px;
+    color: #fff;
+    cursor: pointer;
+}
+#cloud-menu-popover-xs {
+    color: #fff;
+    line-height:24px;
+    border: none;
+    margin-right: 15px!important;
+}
+.navbar-toggle{
+    border:none;
+    border-radius: 0px;
+}
+.navbar-header .popover {
+    border-radius: 0px;
+    width: 21em;
+    max-width:32em;
+    background-color: #006690;
+}
+.navbar-header .popover .popover-content{
+    padding:0px;
+}
+.cloud-menu .popover-content {
+    padding: 0px;
+}
+.cloud-actions {
+    background-color: #005578;
+    float: left;
+    position: absolute;
+    width: 100%;
+    left: 0px;
+    overflow:hidden;
+}
+.cloud-actions h3 {
+    font-size: 16px;
+    font-weight: 400;
+    padding-left: 14px;
+    margin-top: 10px;
+}
+.cloud-block-invert {
+    color: #fff;
+    float: left;
+    width: 8.2em;
+    height: 8.2em;
+    background-color: #1f1f1f;
+    margin: 0.5em 0em 0.5em 0.5em;
+    text-align: center;
+    cursor: pointer;
+}
+
+.cloud-block-default {
+    color: #006690;
+    background-color: #fff;
+    cursor: pointer;
+}
+.cloud-actions a:hover {
+    color: #d7d5d5;
+    background-color: #3d3d3d;
+    text-decoration: none
+}
+.cloud-apps a {
+    text-decoration: none;
+    color: #006690 !important;
+    cursor: pointer
+}
+.cloud-apps a:hover {
+    text-decoration: none;
+    color: #006690;
+    background-color: #c5c5c5;
+}
+.cloud-apps .cloud-actions a {
+    color: #fff
+}
+
+.add-padding-top-3x {
+    padding-top: 15px !important;
+}
+
+.nav li a{
+    color: #fff;
+}
+
+.cloud-menu-content li a{
+    color:inherit;
+}
+
+html{
+    height: 100%;
+}
+
+body{
+    height: calc(100% - 50px);
+}
\ No newline at end of file
diff --git a/modules/core/distribution/src/repository/cloud/portal/global-navigation.jag b/modules/core/distribution/src/repository/cloud/portal/global-navigation.jag
new file mode 100644
index 00000000..84e47f93
--- /dev/null
+++ b/modules/core/distribution/src/repository/cloud/portal/global-navigation.jag
@@ -0,0 +1,329 @@
+<%
+/*
+ * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+%>
+<%
+var query = request.getQueryString();
+var dest = encodeURIComponent(originalURI + (query ? '?' + query : ''));
+var configs = require('/configs/portal.js').config();
+var isCloud = configs.isCloud;
+%>
+<header class="header header-default">
+    <div class="container-fluid">
+        <div class="pull-left brand float-remove-xs text-center-xs">
+            <a href="<%=tenantedUrlPrefix%>./dashboards">
+                <img src="<%=urlPrefix%>libs/theme-wso2_1.0/images/logo-inverse.svg" alt="WSO2" title="WSO2" class="logo">
+                <% if (isCloud) { %>
+                <h1>Cloud</h1>
+                <% } else { %>
+                <h1><%=i18n.localize("dashboard.server.label")%></h1>
+                <% } %>
+            </a>
+        </div>
+        <% if (isCloud) { %>
+            <div class="pull-right auth float-remove-xs text-center-xs">
+            <% if (user) { %>
+
+                <ul class="nav navbar-right float-remove-xs text-center-xs">
+
+                    <li class="visible-inline-block">
+                        <a href="#" target="_self" title="
+                        <%=user.domain%>
+                        ">
+                                        <span class="icon fw-stack fw-lg">
+                                            <i class="fw fw-organization fw-stack-1x" title=" {{@user.domain}}"></i>
+                                        </span>
+                            <span class="hidden-xs">
+                                <%=user.domain%>
+                            </span>
+
+                        </a>
+                    </li>
+
+                    <li class="visible-inline-block">
+
+                        <a href="#" target="_blank" class="dropdown" data-toggle="dropdown" title="Account">
+
+                                    <span class="icon fw-stack fw-lg" style="color: red">
+                                        <i class="fw fw-resource fw-stack-1x" title="Account"></i>
+                                    </span>
+                            <span class="hidden-xs" style="color: red">
+                                        Trial – 14 days to upgrade
+                                    </span>
+
+                            <span class="caret"></span>
+                        </a>
+
+                        <ul class="dropdown-menu dropdown-menu-right float-remove-xs position-static-xs text-center-xs remove-margin-xs slideInDown"
+                            role="menu">
+
+                            <li>
+                                <a title="Upgrade Now"
+                                   href="https://cloudmgt.clouddev.wso2.com/cloudmgt/site/pages/payment-plans.jag?cloud-type=device_cloud"
+                                   target="_self">
+                                    <i class="fw fw-export" title="Upgrade Now"></i> Upgrade Now
+                                </a>
+                            </li>
+
+                            <li>
+                                <a title="Monetization"
+                                   href="https://cloudmgt.clouddev.wso2.com/cloudmgt/site/pages/monetization-dashboard.jag"
+                                   target="_self">
+                                    <i class="fa fa-money fa-lg" title="Monetization"></i> Monetization
+                                </a>
+                            </li>
+
+                            <li>
+                                <a title="Request Extension"
+                                   href="https://cloudmgt.clouddev.wso2.com/cloudmgt/site/pages/contact-us.jag?cloud-type=device_cloud&amp;request-extension=true"
+                                   target="_blank">
+                                    <i class="fw fw-mail" title="Request Extension"></i> Request Extension
+                                </a>
+                            </li>
+
+                        </ul>
+                    </li>
+
+                    <li class="visible-inline-block">
+
+                        <a href="#" target="null" class="dropdown" data-toggle="dropdown" title="App Management">
+                                    <span class="icon fw-stack fw-lg">
+                                        <i class="fw fw-settings fw-stack-1x" title="App Management"></i>
+                                    </span>
+                            <span class="hidden-xs">
+                                        App Management
+                            </span>
+                            <span class="caret"></span>
+                        </a>
+
+                        <ul class="dropdown-menu dropdown-menu-right float-remove-xs position-static-xs text-center-xs remove-margin-xs slideInDown"
+                            role="menu">
+                            <li class="visible-inline-block">
+                                <a title="Mobile App Publisher" href="https://devicemgt.clouddev.wso2.com/publisher"
+                                   target="_self">
+                                    <i class="fw fw-user" title="Mobilr App Publisher"></i> App Publisher
+                                </a>
+                            </li>
+
+                            <li class="visible-inline-block">
+                                <a title="App Store " href="https://devicemgt.clouddev.wso2.com/store"
+                                   target="_self">
+                                    <i class="fw fw-store" title="App Store"></i> App Store
+                                </a>
+                            </li>
+
+                        </ul>
+                    </li>
+
+                    <li class="visible-inline-block">
+                        <a href="https://cloudmgt.clouddev.wso2.com/cloudmgt/site/pages/contact-us.jag" target="_self"
+                           title="Support">
+
+
+                                    <span class="icon fw-stack fw-lg" style="color: #ff8c27;">
+                                        <i class="fw fw-mail fw-stack-1x" title="Support"></i>
+                                    </span>
+                            <span class="hidden-xs" style="color: #ff8c27;">
+                                        Support
+                                    </span>
+
+                        </a>
+                    </li>
+
+                    <li class="visible-inline-block">
+
+                        <a href="#" target="null" class="dropdown" data-toggle="dropdown" title="Documentation">
+                                    <span class="icon fw-stack fw-lg">
+                                        <i class="fw fw-document fw-stack-1x" title="Documentation"></i>
+                                    </span>
+                            <span class="hidden-xs">
+                                        Documentation
+                                    </span>
+                            <span class="caret"></span>
+                        </a>
+
+                        <ul class="dropdown-menu dropdown-menu-right float-remove-xs position-static-xs text-center-xs remove-margin-xs slideInDown"
+                            role="menu">
+
+                            <li>
+                                <a title="API Cloud"
+                                   href="https://docs.wso2.com/display/APICloud/WSO2+API+Cloud+Documentation"
+                                   target="_blank">
+                                    <i class="fw fw-api" title="API Cloud"></i> API Cloud
+                                </a>
+                            </li>
+
+                            <li>
+                                <a title="App Cloud"
+                                   href="https://docs.wso2.com/display/AppCloud/WSO2+App+Cloud+Documentation"
+                                   target="_blank">
+                                    <i class="fw fw-application" title="App Cloud"></i> App Cloud
+                                </a>
+                            </li>
+
+                            <li>
+                                <a title="App Cloud"
+                                   href="https://docs.wso2.com/display/AppCloud/WSO2+Device+Cloud+Documentation"
+                                   target="_blank">
+                                    <i class="fw fw-application" title="App Cloud"></i> Device Cloud
+                                </a>
+                            </li>
+
+                            <li>
+                                <a title="API Cloud Walkthrough"
+                                   href="https://api.clouddev.wso2.com/publisher?interactiveTutorial=true"
+                                   target="_self">
+                                    <i class="fw fw-document" title="API Cloud Walkthrough"></i> API Cloud Walkthrough
+                                </a>
+                            </li>
+
+                        </ul>
+                    </li>
+
+                    <li class="visible-inline-block">
+                        <a href="#" class="dropdown" data-toggle="dropdown" title="user">
+                                    <span class="icon fw-stack fw-lg">
+                                        <i class="fw fw-circle-outline fw-stack-2x" title="User"></i>
+                                        <i class="fw fw-user fw-stack-1x" title="User"></i>
+                                    </span>
+                        <span class="hidden-xs">
+                               <%=user.username%></span><span class="caret"></span>
+                        </a>
+                        <ul class="dropdown-menu dropdown-menu-right float-remove-xs position-static-xs text-center-xs remove-margin-xs slideInDown"
+                            role="menu">
+
+                            <li>
+                                <a title="Profile"
+                                   href="https://cloudmgt.clouddev.wso2.com/cloudmgt/site/pages/user-profile.jag"
+                                   target="_self">
+                                    <i class="fw fw-user" title="Profile"></i> Profile
+                                </a>
+                            </li>
+
+                            <li>
+                                <a title="Change Password"
+                                   href="https://cloudmgt.clouddev.wso2.com/cloudmgt/site/pages/change-password.jag"
+                                   target="_self">
+                                    <i class="fw fw-lock" title="Change Password"></i> Change Password
+                                </a>
+                            </li>
+
+                            <li>
+                                <a title="Logout" href="https://api.clouddev.wso2.com/publisher/site/pages/logout.jag"
+                                   target="_self">
+                                    <i class="fw fw-sign-out" title="Logout"></i> Logout
+                                </a>
+                            </li>
+
+                        </ul>
+                    </li>
+                    <li class="visible-inline-block cloud-menu">
+                        <a href="#" id="cloud-menu-popover">
+                                    <span class="icon fw-stack fw-lg">
+                                        <i class="fw fw-tiles fw-stack-1x" data-toggle="popover" data-placement="bottom"
+                                           data-original-title="" title=""></i>
+                                    </span>
+                            <span class="hidden-xs">
+
+                                    </span>
+                        </a>
+                    </li>
+                </ul>
+            </div>
+            <% } else { %>
+            <a href="<%=urlPrefix%>login?destination=<%=dest%>" class="dropdown" data-toggle="dropdown">
+                <%= i18n.localize("login.label")%>
+            </a>
+            <% } %>
+        </div>
+
+
+<div class="cloud-menu-content hide">
+    <div id="popover-head" class="hide">Navigate to Cloud</div>
+    <div id="popover-content" class="hide">
+        <div class="cloud-apps">
+
+            <a href="https://api.cloud.wso2.com/publisher" target="_self" class="cloud-block add-padding-top-3x">
+                <i class="fw fw-api  fw-3x"></i>
+                <div class="cloud-name">API Cloud</div>
+            </a>
+
+            <a href="https://apps.cloud.wso2.com/appmgt" target="_self" class="cloud-block add-padding-top-3x">
+                <i class="fw fw-application fw-3x"></i>
+                <div class="cloud-name">App Cloud</div>
+            </a>
+
+            <a href="https://devicemgt.cloud.wso2.com/devicemgt" target="_self" class="cloud-block add-padding-top-3x">
+                <i class="fw fw-mobile fw-3x"></i>
+                <div class="cloud-name">Device Cloud</div>
+            </a>
+
+            <div class="clearfix"></div><!-- to make seperate -->
+        </div>
+        <div class="cloud-actions">
+            <h3>Manage your cloud</h3>
+
+            <a href="https://cloudmgt.cloud.wso2.com/cloudmgt/site/pages/organization.jag" target="_self" class="cloud-block-invert add-padding-top-3x">
+                <i class="fw fw-organization  fw-3x"></i>
+                <div class="cloud-name">Organization</div>
+            </a>
+
+            <a href="https://cloudmgt.cloud.wso2.com/cloudmgt/site/pages/user.jag" target="_self" class="cloud-block-invert add-padding-top-3x">
+                <i class="fa fa-users  fa-3x"></i>
+                <div class="cloud-name">Members</div>
+            </a>
+
+        </div>
+    </div>
+</div>
+
+        <% } else { %>
+            <div class="pull-right auth float-remove-xs text-center-xs">
+                <% if (user) { %>
+                <span class="hidden-xs">
+                    <a href="#" class="dropdown" data-toggle="dropdown">
+                        <span class="add-margin-left-2x add-margin-right-1x"><%=user.username%></span>
+                        <span class="fw fw-user add-margin-right-1x"></span>
+                        <span class="caret add-margin-right-2x"></span>
+                    </a>
+                    <ul class="dropdown-menu dropdown-menu-right" role="menu">
+                        <li class="dropdown-header visible-xs"><%=user.username%> <span class="caret"></span></li>
+                        <li><a href="<%=urlPrefix%>logout?destination=<%=dest%>"><%= i18n.localize("logout.label")%></a></li>
+                    </ul>
+                </span>
+                <div class="visible-xs auth-xs">
+                    <a href="#" class="collapsed" data-toggle="collapse" data-target="#auth-menu-items" aria-expanded="false">
+                        <span class="icon fw-stack fw">
+                            <i class="fw fw-user fw-stack-1x"></i>
+                        </span>
+                        <span class="caret"></span>
+                    </a>
+                    <div id="auth-menu-items" class="collapse">
+                        <ul >
+                            <li><%=user.username%></li>
+                            <li><a href="<%=urlPrefix%>logout?destination=<%=dest%>"><%= i18n.localize("logout.label")%></a></li>
+                        </ul>
+                    </div>
+                </div>
+                <% } else { %>
+                <a href="<%=urlPrefix%>login?destination=<%=dest%>" class="dropdown" data-toggle="dropdown">
+                    <%= i18n.localize("login.label")%>
+                </a>
+                <% } %>
+            </div>
+        <% } %>
+    </div>
+</header>
\ No newline at end of file
diff --git a/modules/core/distribution/src/repository/cloud/portal/portal.js b/modules/core/distribution/src/repository/cloud/portal/portal.js
new file mode 100644
index 00000000..5b09f436
--- /dev/null
+++ b/modules/core/distribution/src/repository/cloud/portal/portal.js
@@ -0,0 +1,204 @@
+/*
+ * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+$(function () {
+
+    var dashboardsApi = ues.utils.tenantPrefix() + 'apis/dashboards';
+    var dashboards = [];
+    var isStillLoading = false;
+    var nextStart = 0;
+    var hasMore = true;
+
+    /**
+     * Page count.
+     * @const
+     */
+    var PAGE_COUNT = 10;
+
+    // Pre-compiling handlebar templates
+    var dashboardsListHbs = Handlebars.compile($("#ues-dashboards-list-hbs").html());
+    var dashboardThumbnailHbs = Handlebars.compile($("#ues-dashboard-thumbnail-hbs").html());
+    var dashboardConfirmHbs = Handlebars.compile($("#ues-dashboard-confirm-hbs").html());
+    var dashboardsEmptyHbs = Handlebars.compile($("#ues-dashboards-empty-hbs").html());
+    Handlebars.registerPartial('ues-dashboard-thumbnail-hbs', dashboardThumbnailHbs);
+
+    /**
+     * Find the dashboard using dashboard id.
+     * @param id
+     * @return {object}
+     * @private
+     * */
+    var findDashboard = function (id) {
+        var i;
+        var dashboard;
+        var length = dashboards.length;
+        for (i = 0; i < length; i++) {
+            dashboard = dashboards[i];
+            if (dashboard.id === id) {
+                return dashboard;
+            }
+        }
+    };
+
+    /**
+     * Delete the selected dashboard
+     * @param el:-selected dashboard element
+     * @private
+     * */
+    var deleteDashboard = function (el) {
+        var button = Ladda.create(el[0]);
+        button.start();
+        var id = el.closest('.ues-dashboard').data('id');
+        $.ajax({
+            url: dashboardsApi + '/' + id,
+            method: 'DELETE',
+            async : false,
+            success: function () {
+                button.stop();
+                location.reload();
+            },
+            error: function () {
+                button.stop();
+            }
+        });
+    };
+
+    /**
+     * Load the list of dashboards available.
+     * @private
+     * */
+    var loadDashboards = function () {
+        isStillLoading = true;
+
+        if (!hasMore) {
+            isStillLoading = false;
+            $('.ues-dashboard').each(function (i, obj) {
+                if ($(this).find('.ues-dashboard-share').length) {
+                    $(this).addClass("shared");
+                }
+            });
+            return;
+        }
+        ues.store.assets('dashboard', {
+            start: nextStart,
+            count: PAGE_COUNT
+        }, function (err, data) {
+            var dashboardsEl = $('#ues-portal').find('.ues-dashboards');
+            hasMore = data.length;
+            if (!hasMore && nextStart === 0) {
+                dashboardsEl.append(dashboardsEmptyHbs());
+                return;
+            }
+
+            nextStart += PAGE_COUNT;
+            dashboards = dashboards.concat(data);
+            dashboardsEl.append(dashboardsListHbs(data));
+
+            var win = $(window);
+            var doc = $(document);
+            isStillLoading = false;
+            if (doc.height() > win.height()) {
+                return;
+            }
+
+            loadDashboards();
+
+            $(".disable").on('click', function (event) {
+                event.preventDefault();
+            });
+        });
+    };
+
+    /**
+     * Initialize the UI functionality such as binding events.
+     * @private
+     * */
+    var initUI = function () {
+        var portal = $('#ues-portal');
+        portal.on('click', '.ues-dashboards .ues-dashboard-trash-handle', function (e) {
+            e.preventDefault();
+            var thiz = $(this);
+            var dashboardEl = thiz.closest('.ues-dashboard');
+            var id = dashboardEl.data('id');
+            var dashboard = findDashboard(id);
+            dashboardEl.html(dashboardConfirmHbs(dashboard));
+        });
+
+        portal.on('click', '.ues-dashboards .ues-dashboard-trash-confirm', function (e) {
+            e.preventDefault();
+            deleteDashboard($(this));
+        });
+
+        portal.on('click', '.ues-dashboards .ues-dashboard-trash-cancel', function (e) {
+            e.preventDefault();
+            var thiz = $(this);
+            var dashboardEl = thiz.closest('.ues-dashboard');
+            var id = dashboardEl.data('id');
+            var dashboard = findDashboard(id);
+            dashboardEl.html(dashboardThumbnailHbs(dashboard));
+        });
+
+        portal.on('click', '.ues-view:not(.disable)', function(e) {
+            e.preventDefault();
+            window.open($(this).attr('href'), '_blank');
+        });
+
+        $('#filter-dashboards a').on('click', function () {
+            $('#filter').html($(this).text());
+            var filter = $(this).data('filter');
+
+            $('.ues-dashboard-container').each(function (i, obj) {
+                if (filter === "All") {
+                    $(this).show();
+                } else {
+                    if ($(this).find('.ues-dashboard-share').length) {
+                        filter === "Shared" ? $(this).show() : $(this).hide();
+                    } else {
+                        filter === "Shared" ? $(this).hide() : $(this).show();
+                    }
+                }
+            });
+        });
+
+        $(window).scroll(function () {
+            var win = $(window);
+            var doc = $(document);
+            if (win.scrollTop() + win.height() < doc.height() - 100) {
+                return;
+            }
+
+            if (!isStillLoading) {
+                loadDashboards();
+            }
+        });
+    };
+
+    $(document).ready(function () {
+          if($('#cloud-menu-popover').length)  {
+            $('#cloud-menu-popover i.fw-tiles').popover({
+                html: true,
+                trigger:'click',
+                title: function() {
+                    return $("#popover-head").html();
+                },
+                content: function() {
+                    return $("#popover-content").html();
+                }
+            });
+        }
+    });
+    initUI();
+    loadDashboards();
+});
\ No newline at end of file
diff --git a/modules/core/distribution/src/repository/conf/api-manager.xml b/modules/core/distribution/src/repository/conf/api-manager.xml
index 81cca534..1341e29f 100755
--- a/modules/core/distribution/src/repository/conf/api-manager.xml
+++ b/modules/core/distribution/src/repository/conf/api-manager.xml
@@ -253,10 +253,10 @@
         <ApplicationTokenScope>am_application_scope</ApplicationTokenScope>
         <!-- All  scopes under the ScopeWhitelist element are not validating against roles that has assigned to it.
              By default ^device_.* and openid scopes have been white listed internally. -->
-        <!--ScopeWhitelist>
+        <ScopeWhitelist>
             <Scope>^device_.*</Scope>
-            <Scope>openid</Scope>
-        </ScopeWhitelist-->
+            <!--<Scope>openid</Scope>-->
+        </ScopeWhitelist>
         <!-- Name of the token API -->
         <TokenEndPointName>/oauth2/token</TokenEndPointName>
         <!-- This the API URL for revoke API. When we revoke tokens revoke requests should go through this
diff --git a/modules/core/distribution/src/repository/conf/cdm-config.xml b/modules/core/distribution/src/repository/conf/cdm-config.xml
deleted file mode 100644
index a1e35bce..00000000
--- a/modules/core/distribution/src/repository/conf/cdm-config.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--
-  ~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-  ~
-  ~ WSO2 Inc. licenses this file to you under the Apache License,
-  ~ Version 2.0 (the "License"); you may not use this file except
-  ~ in compliance with the License.
-  ~ you may obtain a copy of the License at
-  ~
-  ~   http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing,
-  ~ software distributed under the License is distributed on an
-  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  ~ KIND, either express or implied.  See the License for the
-  ~ specific language governing permissions and limitations
-  ~ under the License.
-  -->
-
-<DeviceMgtConfiguration>
-    <ManagementRepository>
-        <DataSourceConfiguration>
-            <JndiLookupDefinition>
-                <Name>jdbc/DM_DS</Name>
-            </JndiLookupDefinition>
-        </DataSourceConfiguration>
-    </ManagementRepository>
-    <PushNotificationProviders>
-        <Provider>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.MQTTBasedPushNotificationProvider</Provider>
-        <Provider>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.XMPPBasedPushNotificationProvider</Provider>
-        <!--<Provider>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.GCMBasedPushNotificationProvider</Provider>-->
-        <!--<Provider>org.wso2.carbon.device.mgt.mobile.impl.ios.apns.APNSBasedPushNotificationProvider</Provider>-->
-    </PushNotificationProviders>
-    <IdentityConfiguration>
-        <ServerUrl>https://localhost:9443</ServerUrl>
-        <AdminUsername>admin</AdminUsername>
-        <AdminPassword>admin</AdminPassword>
-    </IdentityConfiguration>
-    <PolicyConfiguration>
-        <MonitoringClass>org.wso2.carbon.policy.mgt</MonitoringClass>
-        <MonitoringEnable>false</MonitoringEnable>
-        <MonitoringFrequency>60000</MonitoringFrequency>
-        <MaxRetries>5</MaxRetries>
-        <MinRetriesToMarkUnreachable>8</MinRetriesToMarkUnreachable>
-        <MinRetriesToMarkInactive>20</MinRetriesToMarkInactive>
-        <!--Set the policy evaluation point name (Simple/Merged)-->
-        <!--Simple -  Simple policy evaluation point-->
-        <!--Merged -  Merged policy evaluation point -->
-        <PolicyEvaluationPoint>Simple</PolicyEvaluationPoint>
-    </PolicyConfiguration>
-    <TaskConfiguration>
-        <Enable>true</Enable>
-        <Frequency>60000</Frequency>
-        <TaskClass>org.wso2.carbon.device.mgt.core.task.impl.DeviceDetailsRetrieverTask</TaskClass>
-    </TaskConfiguration>
-    <!-- Default Page size configuration for paginated DM APIs-->
-    <PaginationConfiguration>
-        <DeviceListPageSize>20</DeviceListPageSize>
-        <NotificationListPageSize>20</NotificationListPageSize>
-        <ActivityListPageSize>20</ActivityListPageSize>
-        <OperationListPageSize>20</OperationListPageSize>
-    </PaginationConfiguration>
-</DeviceMgtConfiguration>
\ No newline at end of file
diff --git a/modules/core/distribution/src/repository/conf/etc/webapp-publisher-config.xml b/modules/core/distribution/src/repository/conf/etc/webapp-publisher-config.xml
index 0784d2a4..59a239ac 100644
--- a/modules/core/distribution/src/repository/conf/etc/webapp-publisher-config.xml
+++ b/modules/core/distribution/src/repository/conf/etc/webapp-publisher-config.xml
@@ -35,6 +35,6 @@
 	<!--Webapp will be published only when running below profiles-->
 	<Profiles>
 		<Profile>default</Profile>
-		<Profile>devicetype-publisher</Profile>
+		<Profile>device-manager</Profile>
 	</Profiles>
 </WebappPublisherConfigs>
\ No newline at end of file
diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml
index 4ae3fdaf..d77e49a3 100644
--- a/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml
+++ b/modules/core/distribution/src/repository/conf/identity/service-providers/API_STORE.xml
@@ -44,7 +44,7 @@
       </AuthenticationStep>
     </AuthenticationSteps>
     <UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
-    <UseTenantDomainInUsername>false</UseTenantDomainInUsername>
+    <UseTenantDomainInUsername>true</UseTenantDomainInUsername>
   </LocalAndOutBoundAuthenticationConfig>
   <RequestPathAuthenticatorConfigs>
   </RequestPathAuthenticatorConfigs>
diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml
index 156eb6e1..2c7c52d9 100644
--- a/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml
+++ b/modules/core/distribution/src/repository/conf/identity/service-providers/devicemgt.xml
@@ -44,7 +44,7 @@
             </AuthenticationStep>
         </AuthenticationSteps>
         <UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
-        <UseTenantDomainInUsername>false</UseTenantDomainInUsername>
+        <UseTenantDomainInUsername>true</UseTenantDomainInUsername>
     </LocalAndOutBoundAuthenticationConfig>
     <RequestPathAuthenticatorConfigs>
     </RequestPathAuthenticatorConfigs>
diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml
index 7f84e5ab..3cd65666 100644
--- a/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml
+++ b/modules/core/distribution/src/repository/conf/identity/service-providers/portal.xml
@@ -44,7 +44,7 @@
             </AuthenticationStep>
         </AuthenticationSteps>
         <UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
-        <UseTenantDomainInUsername>false</UseTenantDomainInUsername>
+        <UseTenantDomainInUsername>true</UseTenantDomainInUsername>
     </LocalAndOutBoundAuthenticationConfig>
     <RequestPathAuthenticatorConfigs>
     </RequestPathAuthenticatorConfigs>
diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/publisher.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/publisher.xml
index 503833ce..33a4736d 100644
--- a/modules/core/distribution/src/repository/conf/identity/service-providers/publisher.xml
+++ b/modules/core/distribution/src/repository/conf/identity/service-providers/publisher.xml
@@ -44,7 +44,7 @@
       </AuthenticationStep>
     </AuthenticationSteps>
     <UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
-    <UseTenantDomainInUsername>false</UseTenantDomainInUsername>
+    <UseTenantDomainInUsername>true</UseTenantDomainInUsername>
   </LocalAndOutBoundAuthenticationConfig>
   <RequestPathAuthenticatorConfigs>
   </RequestPathAuthenticatorConfigs>
diff --git a/modules/core/distribution/src/repository/conf/identity/service-providers/store.xml b/modules/core/distribution/src/repository/conf/identity/service-providers/store.xml
index 27bb258e..9503a87d 100644
--- a/modules/core/distribution/src/repository/conf/identity/service-providers/store.xml
+++ b/modules/core/distribution/src/repository/conf/identity/service-providers/store.xml
@@ -44,7 +44,7 @@
       </AuthenticationStep>
     </AuthenticationSteps>
     <UseUserstoreDomainInUsername>true</UseUserstoreDomainInUsername>
-    <UseTenantDomainInUsername>false</UseTenantDomainInUsername>
+    <UseTenantDomainInUsername>true</UseTenantDomainInUsername>
   </LocalAndOutBoundAuthenticationConfig>
   <RequestPathAuthenticatorConfigs>
   </RequestPathAuthenticatorConfigs>
diff --git a/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties b/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties
index 131b993f..345a112a 100644
--- a/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties
+++ b/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties
@@ -476,6 +476,7 @@ org.owasp.csrfguard.unprotected.socialAcs=%servletContext%/social/acs
 org.owasp.csrfguard.unprotected.socialApis=%servletContext%/social/apis
 org.owasp.csrfguard.unprotected.appStoreDevices=%servletContext%/store/apps/devices/*
 org.owasp.csrfguard.unprotected.appStoreApis=%servletContext%/store/apis/*
+org.owasp.csrfguard.unprotected.appPortalClient=%servletContext%/portal/apis/*
 
  
 #carbon
diff --git a/modules/core/distribution/src/repository/conf/security/authenticators.xml b/modules/core/distribution/src/repository/conf/security/authenticators.xml
index 4c227fe9..4b8e8fb8 100644
--- a/modules/core/distribution/src/repository/conf/security/authenticators.xml
+++ b/modules/core/distribution/src/repository/conf/security/authenticators.xml
@@ -25,22 +25,35 @@
 <Authenticators xmlns="http://wso2.org/projects/carbon/authenticators.xml">
 
     <!-- authenticator Configurations for OAuthAuthenticator -->
-    <Authenticator name="OAuthAuthenticator" disabled="false">
-        <Priority>10</Priority>
-        <Config>
-            <Parameter name="isRemote">false</Parameter>
-            <Parameter name="hostURL">https://localhost:9443</Parameter>
-            <Parameter name="adminUsername">admin</Parameter>
-            <Parameter name="adminPassword">admin</Parameter>
-        </Config>
-    </Authenticator>
+	<Authenticator name="SignedJWTAuthenticator" disabled="false">
+		<Priority>5</Priority>
+	</Authenticator>
+	<Authenticator name="OAuthAuthenticator" disabled="true">
+		<Priority>10</Priority>
+		<Config>
+			<Parameter name="isRemote">false</Parameter>
+			<Parameter name="hostURL">https://localhost:9443</Parameter>
+			<Parameter name="adminUsername">admin</Parameter>
+			<Parameter name="adminPassword">admin</Parameter>
+		</Config>
+	</Authenticator>
 
     <!-- authenticator Configurations for TokenUIAuthenticator -->
     <Authenticator name="TokenUIAuthenticator" disabled="false">
         <Priority>5</Priority>
     </Authenticator>
 
-    <!-- authenticator Configurations for SAML2SSOAuthenticator -->
+	<!-- Authenticator Configurations for MutualSSLAuthenticator -->
+	<!--Authenticator name="MutualSSLAuthenticator" disabled="false">
+		<Priority>5</Priority>
+		<Config>
+			<Parameter name="UsernameHeader">UserName</Parameter>
+			<Parameter name="WhiteListEnabled">false</Parameter>
+			<Parameter name="WhiteList"/>
+		</Config>
+	</Authenticator-->
+
+	<!-- authenticator Configurations for SAML2SSOAuthenticator -->
     <Authenticator name="SAML2SSOAuthenticator" disabled="true">
         <Priority>10</Priority>
         <Config>
diff --git a/modules/core/distribution/src/repository/conf/tomcat/catalina-server.xml b/modules/core/distribution/src/repository/conf/tomcat/catalina-server.xml
new file mode 100644
index 00000000..c68a93ef
--- /dev/null
+++ b/modules/core/distribution/src/repository/conf/tomcat/catalina-server.xml
@@ -0,0 +1,99 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<Server port="8005" shutdown="SHUTDOWN">
+
+    <Service className="org.wso2.carbon.tomcat.ext.service.ExtendedStandardService" name="Catalina">
+
+        <!--
+        optional attributes:
+
+        proxyPort="80"
+        -->
+        <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
+                   port="9763"
+                   redirectPort="9443"
+                   bindOnInit="false"
+                   maxHttpHeaderSize="8192"
+                   acceptorThreadCount="2"
+                   maxThreads="250"
+                   minSpareThreads="50"
+                   disableUploadTimeout="false"
+                   connectionUploadTimeout="120000"
+                   maxKeepAliveRequests="200"
+                   acceptCount="200"
+                   server="WSO2 Carbon Server"
+                   compression="on"
+                   compressionMinSize="2048"
+                   noCompressionUserAgents="gozilla, traviata"
+                   compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
+                   URIEncoding="UTF-8"/>
+
+        <!--
+        optional attributes:
+
+        proxyPort="443"
+        Added sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" for poodle vulnerability fix
+        -->
+        <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
+                   port="9443"
+                   bindOnInit="false"
+                   sslProtocol="TLS"
+                   sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
+                   maxHttpHeaderSize="8192"
+                   acceptorThreadCount="2"
+                   maxThreads="250"
+                   minSpareThreads="50"
+                   disableUploadTimeout="false"
+                   enableLookups="false"
+                   connectionUploadTimeout="120000"
+                   maxKeepAliveRequests="200"
+                   acceptCount="200"
+                   server="WSO2 Carbon Server"
+                   clientAuth="want"
+                   compression="on"
+                   scheme="https"
+                   secure="true"
+                   SSLEnabled="true"
+                   compressionMinSize="2048"
+                   noCompressionUserAgents="gozilla, traviata"
+                   compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
+                   keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks"
+                   keystorePass="wso2carbon"
+                   URIEncoding="UTF-8"/>
+
+
+        <Engine name="Catalina" defaultHost="localhost">
+
+            <!--Realm className="org.apache.catalina.realm.MemoryRealm" pathname="${carbon.home}/repository/conf/tomcat/tomcat-users.xml"/-->
+
+            <Realm className="org.wso2.carbon.tomcat.ext.realms.CarbonTomcatRealm"/>
+
+            <Host name="localhost" unpackWARs="true" deployOnStartup="false" autoDeploy="false"
+                  appBase="${carbon.home}/repository/deployment/server/webapps/">
+                <Valve className="org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve"/>
+                <Valve className="org.apache.catalina.valves.AccessLogValve" directory="${carbon.home}/repository/logs"
+                       prefix="http_access_" suffix=".log"
+                       pattern="combined"/>
+                <Valve className="org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve" threshold="600"/>
+                <Valve className="org.wso2.carbon.tomcat.ext.valves.CompositeValve"/>
+            </Host>
+        </Engine>
+    </Service>
+</Server>
+
diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json
index 7e6bb450..86b79ac3 100644
--- a/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json
+++ b/modules/core/distribution/src/repository/jaggeryapps/portal/configs/designer.json
@@ -1,4 +1,5 @@
 {
+  "isCloud" : false,
   "store": {
     "types": ["fs"]
   },
@@ -20,7 +21,7 @@
           "acs": "%https.host%/portal/acs",
           "identityAlias": "wso2carbon",
           "defaultNameIDPolicy": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
-          "useTenantKey": false,
+          "useTenantKey": true,
           "isPassive": false
         }
       },
@@ -34,7 +35,7 @@
     "methods": {
       "oauth": {
         "attributes": {
-          "apimgt-gateway": false,
+          "apimgt-gateway": true,
           "oauthProvider": {
             "appRegistration": {
               "appType": "webapp",
@@ -46,7 +47,8 @@
               "grantType": "password refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer urn:ietf:params:oauth:grant-type:jwt-bearer",
               "tokenScope": "admin",
               "callbackUrl": "%https.host%/portal",
-              "saasApp":true
+              "saasApp":true,
+              "samlGrantTypeName":"urn:ietf:params:oauth:grant-type:saml2-bearer"
             },
             "tokenServiceURL": "https://localhost:9443/oauth2/token"
           },
diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js b/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js
new file mode 100644
index 00000000..c6a8aab5
--- /dev/null
+++ b/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handler-utils.js
@@ -0,0 +1,598 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+var utils = function () {
+    var log = new Log("/modules/oauth/token-handler-utils.js");
+
+    var configs = require('/configs/portal.js').config();
+    var constants = require("/modules/constants.js");
+    var carbon = require("carbon");
+
+    //noinspection JSUnresolvedVariable
+    var Base64 = Packages.org.apache.commons.codec.binary.Base64;
+    //noinspection JSUnresolvedVariable
+    var String = Packages.java.lang.String;
+
+    var publicMethods = {};
+    var privateMethods = {};
+
+    publicMethods["encode"] = function (payload) {
+        return String(Base64.encodeBase64(String(payload).getBytes()));
+    };
+
+    publicMethods["decode"] = function (payload) {
+        return String(Base64.decodeBase64(String(payload).getBytes()));
+    };
+
+    /**
+     * Check whether this application is oauth enable or not
+     * @returns boolean if oauth enable
+     */
+    publicMethods["checkOAuthEnabled"] = function () {
+        if (constants.AUTHORIZATION_TYPE_OAUTH === configs["authorization"]["activeMethod"]) {
+            return true;
+        }
+        return false;
+    };
+
+    /**
+     * Set access token into xml http request header
+     * @param xhr     xml http request
+     * @returns {*}   xhr which has access token it's header
+     */
+    publicMethods["setAccessToken"] = function (xhr, callback) {
+        var accessToken;
+        if (publicMethods.checkOAuthEnabled()) {
+            try {
+                accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
+                xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BEARER_PREFIX + accessToken);
+            } catch (exception) {
+                log.error("Access token hasn't been set yet, " + exception);
+            } finally {
+                callback(xhr);
+            }
+        }
+        callback(xhr);
+    };
+
+    /**
+     * Get access token of current logged user
+     * @param callBack response with access token
+     */
+    publicMethods["getAccessToken"] = function (callBack) {
+        var accessToken = null;
+        if (publicMethods.checkOAuthEnabled()) {
+            try {
+                accessToken =  parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
+            } catch (exception) {
+                log.error("Access token hasn't been set yet, " + exception);
+            } finally {
+                callBack(accessToken);
+            }
+        }
+        callBack(accessToken);
+    };
+
+    /**
+     * Create error message which adhere to xml http response object
+     * @param statusCode       response status code
+     * @param status           response status
+     * @param responseText     response message
+     * @returns {{statusCode: *, status: *, responseText: *}}
+     */
+    publicMethods["createXHRObject"] = function (statusCode, status, responseText) {
+        return {"statusCode": statusCode, "status": status, "responseText": responseText};
+    };
+
+    /**
+     * check whether user already logged to system before invoking any apis
+     * @param callBack
+     */
+    publicMethods["isUserAuthorized"] = function (callBack) {
+        if (session.get("Loged") !== constants.LOGIN_MESSAGE) {
+            callBack(false);
+        } else {
+            callBack(true);
+        }
+    };
+
+    /**
+     * Get identity provider uir
+     * @returns {*}
+     */
+    publicMethods["getIdPServerURL"] = function () {
+        return configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["tokenServiceURL"];
+    };
+
+    /**
+     * Get an Access token pair based on client secret
+     * @param encodedClientKeys  {{clientId:"", clientSecret:""}}
+     * @param scope              eg: PRODUCTION
+     * @param idPServer          identity provider url
+     * @returns {{accessToken: *, refreshToken: *}}
+     */
+    publicMethods["getTokenWithClientSecretType"] = function (encodedClientKeys, scope, idPServer) {
+        var xhr = new XMLHttpRequest();
+        var tokenEndpoint = idPServer;
+        xhr.open(constants.HTTP_POST, tokenEndpoint, false);
+        xhr.setRequestHeader(constants.CONTENT_TYPE_IDENTIFIER, constants.APPLICATION_X_WWW_FOR_URLENCODED);
+        xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BASIC_PREFIX + encodedClientKeys);
+        xhr.send("grant_type=client_credentials&scope=" + scope);
+        var tokenPair = {};
+        if (xhr.status == constants.HTTP_ACCEPTED) {
+            var data = parse(xhr.responseText);
+            tokenPair.refreshToken = data.refresh_token;
+            tokenPair.accessToken = data.access_token;
+        } else if (xhr.status == constants.HTTP_USER_NOT_AUTHENTICATED) {
+            log.error("Error in obtaining token with client secret grant type, You are not authenticated yet");
+            return null;
+        } else {
+            log.error("Error in obtaining token with client secret grant type, This might be a problem with client meta " +
+                "data which required for client secret grant type");
+            return null;
+        }
+        return tokenPair;
+    };
+
+
+    /**
+     * This will create client id and client secret for a given application
+     * @param properties    "callbackUrl": "",
+     *                      "clientName": "",
+     *                      "owner": "",
+     *                      "applicationType": "",
+     *                      "grantType": "",
+     *                      "saasApp" :"",
+     *                      "dynamicClientRegistrationEndPoint" : ""
+     *
+     * @returns {{clientId:*, clientSecret:*}}
+     */
+    publicMethods["getDynamicClientAppCredentials"] = function (username) {
+        // setting up dynamic client application properties
+        var dcAppProperties = {
+            "applicationType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["appType"],
+            "clientName": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["clientName"],
+            "owner": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"],
+            "tokenScope": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["tokenScope"],
+            "grantType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["grantType"],
+            "callbackUrl": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["callbackUrl"],
+            "saasApp" : configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["saasApp"]
+        };
+
+        var tenantDomain = carbon.server.tenantDomain({username: username});
+        if (!tenantDomain) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+                "based client application credentials. Unable to obtain a valid tenant domain for provided username "+
+                username +"- getDynamicClientAppCredentials(x)");
+            return null;
+        } else {
+            var cachedTenantBasedClientAppCredentials = privateMethods.
+            getCachedTenantBasedClientAppCredentials(tenantDomain);
+            if (cachedTenantBasedClientAppCredentials) {
+                return cachedTenantBasedClientAppCredentials;
+            } else {
+                // calling dynamic client app registration service endpoint
+                var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]
+                    ["dynamicClientAppRegistrationServiceURL"];
+                var requestPayload = dcAppProperties;
+                var token = publicMethods.encode(configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+                        ["appRegistration"]["owner"] + ":" + configs["authorization"]["methods"]["oauth"]["attributes"]
+                        ["oauthProvider"]["appRegistration"]["password"]);
+                var xhr = new XMLHttpRequest();
+                xhr.open("POST", requestURL, false);
+                xhr.setRequestHeader("Content-Type", "application/json");
+                xhr.setRequestHeader("Authorization", "Basic "+ token);
+                xhr.send(stringify(requestPayload));
+                var dynamicClientAppCredentials = {};
+                if (xhr["status"] == 201 || xhr["status"] == 200 && xhr["responseText"]) {
+                    var responsePayload = parse(xhr["responseText"]);
+                    var clientId = responsePayload["client_id"];
+                    var clientSecret = responsePayload["client_secret"];
+                    if(typeof clientId == "undefined"){
+                        clientId = responsePayload["clientId"];
+                    }
+                    if(typeof clientSecret == "undefined"){
+                        clientSecret = responsePayload["clientSecret"];
+                    }
+                    dynamicClientAppCredentials["clientId"] = clientId;
+                    dynamicClientAppCredentials["clientSecret"] = clientSecret;
+                    privateMethods.
+                    setCachedTenantBasedClientAppCredentials(tenantDomain, dynamicClientAppCredentials);
+                } else if (xhr["status"] == 400) {
+                    log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
+                        "Bad request. Invalid data provided as dynamic client application properties.");
+                    dynamicClientAppCredentials = null;
+                } else {
+                    log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
+                        "Error in retrieving dynamic client credentials.");
+                    dynamicClientAppCredentials = null;
+                }
+                // returning dynamic client credentials
+                return dynamicClientAppCredentials;
+            }
+        }
+    };
+
+    /**
+     * If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create oauth application
+     * @param username   username of current logged user
+     * @returns {{clientId:*, clientSecret:*}}
+     */
+    publicMethods["getTenantBasedClientAppCredentials"] = function (username) {
+        if (!username) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+                "based client app credentials. No username " +
+                "as input - getTenantBasedClientAppCredentials(x)");
+            return null;
+        } else {
+            //noinspection JSUnresolvedFunction, JSUnresolvedVariable
+            var tenantDomain = carbon.server.tenantDomain({username: username});
+
+            if (!tenantDomain) {
+                log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+                    "based client application credentials. Unable to obtain a valid tenant domain for provided " +
+                    "username - getTenantBasedClientAppCredentials(x, y)");
+                return null;
+            } else {
+                var cachedTenantBasedClientAppCredentials = privateMethods.
+                getCachedTenantBasedClientAppCredentials(tenantDomain);
+                if (cachedTenantBasedClientAppCredentials) {
+                    return cachedTenantBasedClientAppCredentials;
+                } else {
+                    var adminUsername = configs["authorization"]["methods"]["oauth"]["attributes"]["adminUser"];
+                    var adminUserTenantId = configs["authorization"]["methods"]["oauth"]["attributes"]
+                        ["adminUserTenantId"];
+                    //claims required for jwtAuthenticator.
+                    var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
+                        "http://wso2.org/claims/enduser": adminUsername};
+                    var jwtToken = publicMethods.getJwtToken(adminUsername, claims);
+                    // register a tenant based client app at API Manager
+                    var applicationName = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+                            ["appRegistration"]["clientName"] + "_" + tenantDomain;
+                    var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+                            ["appRegistration"]["apiManagerClientAppRegistrationServiceURL"] +
+                        "?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName;
+                    var xhr = new XMLHttpRequest();
+                    xhr.open("POST", requestURL, false);
+                    xhr.setRequestHeader("Content-Type", "application/json");
+                    xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken);
+                    xhr.send();
+                    if ((xhr["status"] == 201 || xhr["status"] == 200) && xhr["responseText"]) {
+                        var responsePayload = parse(xhr["responseText"]);
+                        var tenantBasedClientAppCredentials = {};
+                        var clientId = responsePayload["client_id"];
+                        var clientSecret = responsePayload["client_secret"];
+                        if(typeof clientId == "undefined"){
+                            clientId = responsePayload["clientId"];
+                        }
+                        if(typeof clientSecret == "undefined"){
+                            clientSecret = responsePayload["clientSecret"];
+                        }
+                        tenantBasedClientAppCredentials["clientId"] = clientId;
+                        tenantBasedClientAppCredentials["clientSecret"] = clientSecret;
+                        privateMethods.
+                        setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials);
+                        return tenantBasedClientAppCredentials;
+                    } else {
+                        log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+                            "based client application credentials from API " +
+                            "Manager - getTenantBasedClientAppCredentials(x, y)");
+                        return null;
+                    }
+                }
+            }
+        }
+    };
+
+    /**
+     * Caching oauth application credentials
+     * @param tenantDomain            tenant domain where application is been created
+     * @param clientAppCredentials    {{clientId:*, clientSecret:*}}
+     */
+    privateMethods["setCachedTenantBasedClientAppCredentials"] = function (tenantDomain, clientAppCredentials) {
+        var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
+        if (!cachedTenantBasedClientAppCredentialsMap) {
+            cachedTenantBasedClientAppCredentialsMap = {};
+            cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
+            application.put(constants["CACHED_CREDENTIALS_PORTAL_APP"], cachedTenantBasedClientAppCredentialsMap);
+        } else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
+            cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
+        }
+    };
+
+    /**
+     * Get oauth application credentials from cache
+     * @param tenantDomain    tenant domain where application is been created
+     * @returns {{clientId:*, clientSecret:*}}
+     */
+    privateMethods["getCachedTenantBasedClientAppCredentials"] = function (tenantDomain) {
+        var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
+        if (!cachedTenantBasedClientAppCredentialsMap ||
+            !cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
+            return null;
+        } else {
+            return cachedTenantBasedClientAppCredentialsMap[tenantDomain];
+        }
+    };
+
+    /**
+     * Get access token and refresh token using password grant type
+     * @param username                      username of the logged user
+     * @param password                      password of the logged user
+     * @param encodedClientAppCredentials   {{clientId:*, clientSecret:*}}
+     * @param scopes                         scopes list
+     * @returns {{accessToken: *, refreshToken: *}}
+     */
+    publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password
+        , encodedClientAppCredentials, scopes) {
+        if (!username || !password || !encodedClientAppCredentials || !scopes) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " +
+                "grant type. No username, password, encoded client app credentials or scopes are " +
+                "found - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
+            return null;
+        } else {
+            // calling oauth provider token service endpoint
+            var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+                ["tokenServiceURL"];
+            var requestPayload = "grant_type=password&username=" +
+                username + "&password=" + password + "&scope=" + scopes;
+
+            var xhr = new XMLHttpRequest();
+            xhr.open("POST", requestURL, false);
+            xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+            xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
+            xhr.send(requestPayload);
+
+            if (xhr["status"] == 200 && xhr["responseText"]) {
+                var responsePayload = parse(xhr["responseText"]);
+                var tokenData = {};
+                tokenData["accessToken"] = responsePayload["access_token"];
+                tokenData["refreshToken"] = responsePayload["refresh_token"];
+                tokenData["scopes"] = responsePayload["scope"];
+                return tokenData;
+            } else {
+                log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
+                    "by password grant type - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
+                return null;
+            }
+        }
+    };
+
+	/**
+	 * Get access token and refresh token using SAML grant type
+	 * @param assertion
+	 * @param encodedClientAppCredentials
+	 * @param scopes
+	 * @returns {{accessToken: *, refreshToken: *}}
+	 */
+	publicMethods["getTokenPairAndScopesByJWTGrantType"] = function (username, encodedClientAppCredentials, scopes) {
+		if (!username || !encodedClientAppCredentials || !scopes) {
+			log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token by jwt " +
+			"grant type. No assertion, encoded client app credentials or scopes are " +
+			"found - getTokenPairAndScopesByJWTGrantType(x, y, z)");
+			return null;
+		} else {
+			var JWTClientManagerServicePackagePath =
+				"org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
+			//noinspection JSUnresolvedFunction, JSUnresolvedVariable
+			var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
+			//noinspection JSUnresolvedFunction
+			var jwtClient = JWTClientManagerService.getJWTClient();
+			// returning access token by JWT grant type
+			var tokenInfo = jwtClient.getAccessToken(encodedClientAppCredentials,
+				username, scopes);
+			var tokenData = {};
+			tokenData["accessToken"] = tokenInfo.getAccessToken();
+			tokenData["refreshToken"] = tokenInfo.getRefreshToken();
+			tokenData["scopes"] = tokenInfo.getScopes();
+			return tokenData;
+		}
+	};
+
+    /**
+     * Get access token and refresh token using SAML grant type
+     * @param assertion
+     * @param encodedClientAppCredentials
+     * @param scopes
+     * @returns {{accessToken: *, refreshToken: *}}
+     */
+    publicMethods["getTokenPairAndScopesBySAMLGrantType"] = function (assertion, encodedClientAppCredentials, scopes) {
+        if (!assertion || !encodedClientAppCredentials || !scopes) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml " +
+                "grant type. No assertion, encoded client app credentials or scopes are " +
+                "found - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
+            return null;
+        } else {
+
+            var assertionXML = publicMethods.decode(assertion);
+            /*
+             TODO: make assertion extraction with proper parsing.
+             Since Jaggery XML parser seem to add formatting which causes signature verification to fail.
+             */
+            var assertionStartMarker = "<saml2:Assertion";
+            var assertionEndMarker = "<\/saml2:Assertion>";
+            var assertionStartIndex = assertionXML.indexOf(assertionStartMarker);
+            var assertionEndIndex = assertionXML.indexOf(assertionEndMarker);
+
+            var extractedAssertion;
+            if (assertionStartIndex == -1 || assertionEndIndex == -1) {
+                log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml grant " +
+                    "type. Issue in assertion format - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
+                return null;
+            } else {
+                extractedAssertion = assertionXML.
+                    substring(assertionStartIndex, assertionEndIndex) + assertionEndMarker;
+                var encodedAssertion = publicMethods.encode(extractedAssertion);
+                // calling oauth provider token service endpoint
+                var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+                    ["tokenServiceURL"];
+                var requestPayload = "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&" +
+                    "assertion=" + encodeURIComponent(encodedAssertion) + "&scope=" + scopes;
+                var xhr = new XMLHttpRequest();
+                xhr.open("POST", requestURL, false);
+                xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+                xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
+                xhr.send(requestPayload);
+
+                if (xhr["status"] == 200 && xhr["responseText"]) {
+                    var responsePayload = parse(xhr["responseText"]);
+                    var tokenData = {};
+                    tokenData["accessToken"] = responsePayload["access_token"];
+                    tokenData["refreshToken"] = responsePayload["refresh_token"];
+                    tokenData["scopes"] = responsePayload["scope"];
+                    return tokenData;
+                } else {
+                    log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
+                        "by password grant type - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
+                    return null;
+                }
+            }
+        }
+    };
+
+    /**
+     * If access token is expired, try to refresh it using existing refresh token
+     * @param callback
+     */
+    publicMethods["refreshAccessToken"] = function (callback) {
+        try {
+            if (publicMethods.checkOAuthEnabled()) {
+                var currentTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"]));
+                // currentTokenPair includes current access token as well as current refresh token
+                var encodedClientAppCredentials
+                    = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
+                if (!currentTokenPair || !encodedClientAppCredentials) {
+                    callback(false);
+                    throw new Error("{/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " +
+                        "token pair, encoded client app credentials or both input are not found under " +
+                        "session context - refreshTokenPair()");
+                } else {
+                    var newTokenPair = publicMethods.
+                    getNewTokenPairByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials);
+                    if (!newTokenPair) {
+                        log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " +
+                            "Unable to update session context with new access token pair - refreshTokenPair()");
+                        callback(false);
+                    } else {
+                        session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(newTokenPair));
+                        callback(true);
+                    }
+                }
+            } else {
+                log.error("You have not enable dynamic client yet");
+                callback(false);
+            }
+        } catch (exception) {
+            callback(false);
+            throw "Error while refreshing existing access token, " + exception;
+        }
+    };
+
+    /**
+     * Get access token and refresh token using refresh token grant type
+     * @param refreshToken                  refresh token
+     * @param encodedClientAppCredentials   {{clientId:*, clientSecret:*}}
+     * @param scopes
+     * @returns {{accessToken: *, refreshToken: *}}
+     */
+    publicMethods["getNewTokenPairByRefreshToken"] = function (refreshToken, encodedClientAppCredentials, scopes) {
+        if (!refreshToken || !encodedClientAppCredentials) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token " +
+                "by current refresh token. No refresh token or encoded client app credentials are " +
+                "found - getNewTokenPairByRefreshToken(x, y, z)");
+            return null;
+        } else {
+            var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
+                ["tokenServiceURL"];
+            var requestPayload = "grant_type=refresh_token&refresh_token=" + refreshToken;
+            if (scopes) {
+                requestPayload = requestPayload + "&scope=" + scopes;
+            }
+
+            var xhr = new XMLHttpRequest();
+            xhr.open("POST", requestURL, false);
+            xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+            xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
+            xhr.send(requestPayload);
+
+            if (xhr["status"] == 200 && xhr["responseText"]) {
+                var responsePayload = parse(xhr["responseText"]);
+                var tokenPair = {};
+                tokenPair["accessToken"] = responsePayload["access_token"];
+                tokenPair["refreshToken"] = responsePayload["refresh_token"];
+                return tokenPair;
+            } else {
+                log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token by " +
+                    "current refresh token - getNewTokenPairByRefreshToken(x, y, z)");
+                return null;
+            }
+        }
+    };
+
+    /**
+     * Get access token using JWT grant type
+     * @param clientAppCredentials {{clientId:*, clientSecret:*}}
+     * @returns {{accessToken: *, refreshToken: *}}
+     */
+    publicMethods["getAccessTokenByJWTGrantType"] =  function (clientAppCredentials) {
+        if (!clientAppCredentials) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token " +
+                "by current refresh token. No client app credentials are found " +
+                "as input - getAccessTokenByJWTGrantType(x)");
+            return null;
+        } else {
+            var JWTClientManagerServicePackagePath =
+                "org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
+            //noinspection JSUnresolvedFunction, JSUnresolvedVariable
+            var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
+            //noinspection JSUnresolvedFunction
+            var jwtClient = JWTClientManagerService.getJWTClient();
+            // returning access token by JWT grant type
+            return jwtClient.getAccessToken(clientAppCredentials["clientId"], clientAppCredentials["clientSecret"],
+                configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"],
+                null)["accessToken"];
+        }
+    };
+
+    /**
+     * Get jwt token
+     * @param username  username of logged user
+     * @param claims    claims which are required
+     * @returns {"jwtToken"}
+     */
+    publicMethods["getJwtToken"] =  function (username, claims) {
+        if (!username) {
+            log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new jwt token");
+            return null;
+        } else {
+            var JWTClientManagerServicePackagePath =
+                "org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
+            //noinspection JSUnresolvedFunction, JSUnresolvedVariable
+            var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
+            //noinspection JSUnresolvedFunction
+            var jwtClient = JWTClientManagerService.getJWTClient();
+            // returning access token by JWT grant type
+            if (claims) {
+                return jwtClient.getJwtToken(username, claims);
+            } else {
+                return jwtClient.getJwtToken(username);
+            }
+        }
+    };
+    return publicMethods;
+}();
diff --git a/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handlers.js b/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handlers.js
new file mode 100644
index 00000000..2167f7a9
--- /dev/null
+++ b/modules/core/distribution/src/repository/jaggeryapps/portal/modules/oauth/token-handlers.js
@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * -----------------------------------------------------
+ * Following module includes handlers
+ * at Jaggery Layer for handling OAuth tokens.
+ * -----------------------------------------------------
+ */
+var handlers = function () {
+    var log = new Log("/modules/oauth/token-handlers.js");
+
+    var tokenUtil = require("/modules/oauth/token-handler-utils.js")["utils"];
+    var constants = require("/modules/constants.js");
+    var configs = require('/configs/portal.js').config();
+
+    var publicMethods = {};
+    var privateMethods = {};
+
+    /**
+     * Get an AccessToken pair based on username and password
+     * @param username   username of the logged user
+     * @param password   password of the logged user
+     */
+    publicMethods["setupTokenPairByPasswordGrantType"] = function (username, password) {
+        if (!username || !password) {
+            throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
+                "password grant type. Either username of logged in user, password or both are missing " +
+                    "as input - setupTokenPairByPasswordGrantType(x, y)");
+        } else {
+            privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
+            var encodedClientAppCredentials =
+                session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
+            if (!encodedClientAppCredentials) {
+                throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
+                    "password grant type. Encoded client credentials are " +
+                        "missing - setupTokenPairByPasswordGrantType(x, y)");
+            } else {
+                var tokenData;
+                // tokenPair will include current access token as well as current refresh token
+                var arrayOfScopes = configs["authorization"]["methods"]["oauth"]["attributes"]["scopes"];
+                var stringOfScopes = "";
+                arrayOfScopes.forEach(function (entry) {
+                    stringOfScopes += entry + " ";
+                });
+                tokenData = tokenUtil.
+                    getTokenPairAndScopesByPasswordGrantType(username,
+                        encodeURIComponent(password), encodedClientAppCredentials, stringOfScopes);
+                if (!tokenData) {
+                    throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up " +
+                        "token pair by password grant type. Error in token " +
+                            "retrieval - setupTokenPairByPasswordGrantType(x, y)");
+                } else {
+                    var tokenPair = {};
+                    tokenPair["accessToken"] = tokenData["accessToken"];
+                    tokenPair["refreshToken"] = tokenData["refreshToken"];
+                    // setting up token pair into session context as a string
+                    session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(tokenPair));
+                    var scopes = tokenData.scopes.split(" ");
+                    // adding allowed scopes to the session
+                    session.put(constants["ALLOWED_SCOPES"], scopes);
+                }
+            }
+        }
+    };
+
+    /**
+     * Get an AccessToken pair based on SAML assertion
+     * @param samlToken         SAML assertion
+     * @param username          {{clientId:"", clientSecret:""}}
+     */
+    publicMethods["setupTokenPairBySamlGrantType"] = function (username, samlToken) {
+        if (!username || !samlToken) {
+            throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
+                "saml grant type. Either username of logged in user, samlToken or both are missing " +
+                    "as input - setupTokenPairBySamlGrantType(x, y)");
+        } else {
+            privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
+            var encodedClientAppCredentials =
+                session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
+            if (!encodedClientAppCredentials) {
+                throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " +
+                    "by saml grant type. Encoded client credentials are " +
+                        "missing - setupTokenPairBySamlGrantType(x, y)");
+            } else {
+                var tokenData;
+                // accessTokenPair will include current access token as well as current refresh token
+                tokenData = tokenUtil.
+                    getTokenPairAndScopesByJWTGrantType(username, encodedClientAppCredentials, "PRODUCTION");
+                if (!tokenData) {
+                    throw new Error("{/modules/oauth/token-handlers.js} Could not set up token " +
+                        "pair by saml grant type. Error in token " +
+                            "retrieval - setupTokenPairBySamlGrantType(x, y)");
+                } else {
+                    var tokenPair = {};
+                    tokenPair["accessToken"] = tokenData["accessToken"];
+                    tokenPair["refreshToken"] = tokenData["refreshToken"];
+                    // setting up access token pair into session context as a string
+                    session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(tokenPair));
+
+                    var scopes = tokenData.scopes.split(" ");
+                    // adding allowed scopes to the session
+                    session.put(constants["ALLOWED_SCOPES"], scopes);
+                }
+            }
+        }
+    };
+
+    /**
+     * Set access token and refresh token using refresh token grant type
+     */
+    publicMethods["refreshTokenPair"] = function () {
+        var currentTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"]));
+        // currentTokenPair includes current access token as well as current refresh token
+        var encodedClientAppCredentials
+            = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
+        if (!currentTokenPair || !encodedClientAppCredentials) {
+            throw new Error("{/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " +
+                "token pair, encoded client app credentials or both input are not found under " +
+                    "session context - refreshTokenPair()");
+        } else {
+            var newTokenPair = tokenUtil.
+                getNewTokenPairByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials);
+            if (!newTokenPair) {
+                log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " +
+                    "Unable to update session context with new access token pair - refreshTokenPair()");
+            } else {
+                session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(newTokenPair));
+            }
+        }
+    };
+
+    /**
+     * If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create an oauth application or
+     * else DCR endpoint is used to create an oauth application
+     * @param username   username of current logged user
+     */
+    privateMethods["setUpEncodedTenantBasedClientAppCredentials"] = function (username) {
+        if (!username) {
+            throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
+                "client credentials to session context. No username of logged in user is found as " +
+                    "input - setUpEncodedTenantBasedClientAppCredentials(x)");
+        } else {
+            if (configs["authorization"]["methods"]["oauth"]["attributes"]["apimgt-gateway"]) {
+				var tenantBasedClientAppCredentials = tokenUtil.getTenantBasedClientAppCredentials(username);
+				if (!tenantBasedClientAppCredentials) {
+					throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant " +
+					"based client credentials to session context as the server is unable " +
+					"to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
+				} else {
+					var encodedTenantBasedClientAppCredentials =
+						tokenUtil.encode(tenantBasedClientAppCredentials["clientId"] + ":" +
+						tenantBasedClientAppCredentials["clientSecret"]);
+					// setting up encoded tenant based client credentials to session context.
+					session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"],
+						encodedTenantBasedClientAppCredentials);
+				}
+            } else {
+                var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials(username);
+                if (!dynamicClientAppCredentials) {
+                    throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
+                    "client credentials to session context as the server is unable to obtain " +
+                    "dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
+                }
+                var encodedTenantBasedClientAppCredentials =
+                    tokenUtil.encode(dynamicClientAppCredentials["clientId"] + ":" +
+                    dynamicClientAppCredentials["clientSecret"]);
+                // setting up encoded tenant based client credentials to session context.
+                session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"],
+                    encodedTenantBasedClientAppCredentials);
+            }
+
+        }
+    };
+
+    return publicMethods;
+}();
\ No newline at end of file
diff --git a/modules/core/distribution/src/repository/modules/sso/scripts/sso.client.js b/modules/core/distribution/src/repository/modules/sso/scripts/sso.client.js
index 33f62fca..73b551d7 100644
--- a/modules/core/distribution/src/repository/modules/sso/scripts/sso.client.js
+++ b/modules/core/distribution/src/repository/modules/sso/scripts/sso.client.js
@@ -55,7 +55,10 @@ var client = {};
 	client.validateSignature = function (samlObj, config) {
 		var tDomain = Util.getDomainName(samlObj);
 		var tId = carbon.server.tenantId({domain: tDomain});
-
+		if (tId != carbon.server.superTenant.tenantId) {
+			var identityTenantUtil = Packages.org.wso2.carbon.identity.core.util.IdentityTenantUtil;
+			identityTenantUtil.initializeRegistry(tId,tDomain);
+		}
 		return Util.validateSignature(samlObj,
 			config.KEY_STORE_NAME, config.KEY_STORE_PASSWORD, config.IDP_ALIAS, tId, tDomain);
 	};
diff --git a/modules/core/p2-profile-gen/pom.xml b/modules/core/p2-profile-gen/pom.xml
index 2fc8a8bb..a3520b5b 100644
--- a/modules/core/p2-profile-gen/pom.xml
+++ b/modules/core/p2-profile-gen/pom.xml
@@ -146,6 +146,9 @@
                                 <featureArtifactDef>
                                     org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.application.extension.feature:${carbon.device.mgt.version}
                                 </featureArtifactDef>
+								<featureArtifactDef>
+									org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.integration.client.feature:${carbon.device.mgt.version}
+								</featureArtifactDef>
                                 <featureArtifactDef>
                                     org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.handler.server.feature:${carbon.device.mgt.version}
                                 </featureArtifactDef>
@@ -158,6 +161,9 @@
 				                <featureArtifactDef>
                                     org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature:${carbon.device.mgt.version}
                                 </featureArtifactDef>
+								<featureArtifactDef>
+									org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature:${carbon.device.mgt.version}
+								</featureArtifactDef>
                                 <featureArtifactDef>
                                     org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature:${carbon.device.mgt.version}
                                 </featureArtifactDef>
@@ -359,9 +365,6 @@
                                 <featureArtifactDef>
                                     org.wso2.carbon.identity.framework:org.wso2.carbon.identity.thrift.authentication.feature:${carbon.identity.framework.version.iotcore}
                                 </featureArtifactDef>
-                                <featureArtifactDef>
-                                    org.wso2.carbon.identity:org.wso2.carbon.identity.authenticator.mutualssl.feature:${identity.carbon.auth.mutual.ssl.version}
-                                </featureArtifactDef>
                                 <featureArtifactDef>
                                     org.wso2.carbon.identity.metadata.saml2:org.wso2.carbon.identity.inbound.metadata.saml2.server.feature:0.1.1
                                 </featureArtifactDef>
@@ -618,6 +621,12 @@
                                 <featureArtifactDef>
                                     org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.dcr.feature:${carbon.api.mgt.version}
                                 </featureArtifactDef>
+								<featureArtifactDef>
+									org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.publisher.feature:${carbon.api.mgt.version}
+								</featureArtifactDef>
+								<featureArtifactDef>
+									org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.store.feature:${carbon.api.mgt.version}
+								</featureArtifactDef>
                                 <!-- End of API Management Features -->
 
                                 <!-- TCP Transport -->
@@ -770,7 +779,7 @@
                         </configuration>
                     </execution>
                     <execution>
-                        <id>p2-profile-generation-devicetype-publisher-profile</id>
+                        <id>p2-profile-generation-device-manager-profile</id>
                         <phase>package</phase>
                         <goals>
                             <goal>materialize-product</goal>
@@ -782,11 +791,11 @@
                             <targetPath>
                                 file:${basedir}/target/wso2carbon-core-${carbon.kernel.version}/repository/components
                             </targetPath>
-                            <profile>devicetype-publisher</profile>
+                            <profile>device-manager</profile>
                         </configuration>
                     </execution>
                     <execution>
-                        <id>p2-profile-generation-devicetype-worker-profile</id>
+                        <id>p2-profile-generation-device-backend-profile</id>
                         <phase>package</phase>
                         <goals>
                             <goal>materialize-product</goal>
@@ -798,7 +807,7 @@
                             <targetPath>
                                 file:${basedir}/target/wso2carbon-core-${carbon.kernel.version}/repository/components
                             </targetPath>
-                            <profile>devicetype-worker</profile>
+                            <profile>device-backend</profile>
                         </configuration>
                     </execution>
                     <execution>
@@ -846,10 +855,6 @@
                                     <id>org.wso2.carbon.appmgt.core.feature.group</id>
                                     <version>${appmgt.feature.version}</version>
                                 </feature>
-                                <feature>
-                                    <id>org.wso2.carbon.store.feature.group</id>
-                                    <version>${carbon.store.version}</version>
-                                </feature>
                                 <feature>
                                     <id>org.wso2.carbon.appmgt.mdm.wso2emm.feature.group</id>
                                     <version>${appmgt.feature.version}</version>
@@ -866,6 +871,10 @@
                                     <id>org.wso2.carbon.appmgt.services.api.feature.group</id>
                                     <version>${appmgt.feature.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.store.feature.group</id>
+									<version>${carbon.store.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.appmgt.store.feature.group</id>
                                     <version>${appmgt.feature.version}</version>
@@ -893,6 +902,10 @@
                                     <id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.email.sender.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -945,6 +958,10 @@
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
 				                <feature>
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -1053,6 +1070,14 @@
                                     <id>org.wso2.carbon.apimgt.rest.api.dcr.feature.group</id>
                                     <version>${carbon.api.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.rest.api.publisher.feature.group</id>
+									<version>${carbon.api.mgt.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.rest.api.store.feature.group</id>
+									<version>${carbon.api.mgt.version}</version>
+								</feature>
                                 <!-- API Manager Publisher and Store Features -->
                                 <feature>
                                     <id>org.wso2.carbon.apimgt.gateway.feature.group</id>
@@ -1883,6 +1908,10 @@
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -1911,6 +1940,10 @@
                                     <id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.certificate.mgt.server.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -2327,6 +2360,10 @@
                                     <id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.dynamic.client.registration.server.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -2366,6 +2403,10 @@
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -2390,6 +2431,10 @@
                                     <id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.certificate.mgt.api.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -2433,7 +2478,7 @@
                             <goal>p2-profile-gen</goal>
                         </goals>
                         <configuration>
-                            <profile>devicetype-publisher</profile>
+                            <profile>device-manager</profile>
                             <metadataRepository>file:${basedir}/target/p2-repo</metadataRepository>
                             <artifactRepository>file:${basedir}/target/p2-repo</artifactRepository>
                             <destination>
@@ -2447,7 +2492,6 @@
                                     <version>${product.iot.version}</version>
                                 </feature>
                                 <!-- End of IoTServer Features -->
-
                                 <!-- App management features-->
                                 <feature>
                                     <id>org.wso2.carbon.appmgt.core.feature.group</id>
@@ -2512,6 +2556,10 @@
                                     <id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.email.sender.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -2568,6 +2616,10 @@
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -2863,6 +2915,18 @@
                                     <id>org.wso2.carbon.apimgt.gateway.feature.group</id>
                                     <version>${carbon.api.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.rest.api.dcr.feature.group</id>
+									<version>${carbon.api.mgt.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.rest.api.publisher.feature.group</id>
+									<version>${carbon.api.mgt.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.rest.api.store.feature.group</id>
+									<version>${carbon.api.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.apimgt.core.feature.group</id>
                                     <version>${carbon.api.mgt.version}</version>
@@ -2997,6 +3061,10 @@
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -3021,6 +3089,10 @@
                                     <id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.certificate.mgt.api.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -3091,7 +3163,7 @@
                             <goal>p2-profile-gen</goal>
                         </goals>
                         <configuration>
-                            <profile>devicetype-worker</profile>
+                            <profile>device-backend</profile>
                             <metadataRepository>file:${basedir}/target/p2-repo</metadataRepository>
                             <artifactRepository>file:${basedir}/target/p2-repo</artifactRepository>
                             <destination>
@@ -3106,23 +3178,39 @@
                                 </feature>
                                 <!-- End of IoTServer Features -->
 
-                                <!-- App management features-->
-                                <feature>
-                                    <id>org.wso2.carbon.appmgt.core.feature.group</id>
-                                    <version>${appmgt.feature.version}</version>
-                                </feature>
-                                <feature>
-                                    <id>org.wso2.carbon.appmgt.mdm.wso2emm.feature.group</id>
-                                    <version>${appmgt.feature.version}</version>
-                                </feature>
-                                <feature>
-                                    <id>org.wso2.carbon.appmgt.mobile.feature.group</id>
-                                    <version>${appmgt.feature.version}</version>
-                                </feature>
-                                <feature>
-                                    <id>org.wso2.carbon.appmgt.services.api.feature.group</id>
-                                    <version>${appmgt.feature.version}</version>
-                                </feature>
+								<!-- App management features-->
+								<feature>
+									<id>org.wso2.carbon.appmgt.core.feature.group</id>
+									<version>${appmgt.feature.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.appmgt.mdm.wso2emm.feature.group</id>
+									<version>${appmgt.feature.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.appmgt.mobile.feature.group</id>
+									<version>${appmgt.feature.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.appmgt.publisher.feature.group</id>
+									<version>${appmgt.feature.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.appmgt.services.api.feature.group</id>
+									<version>${appmgt.feature.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.store.feature.group</id>
+									<version>${carbon.store.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.appmgt.store.feature.group</id>
+									<version>${appmgt.feature.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.social.feature.group</id>
+									<version>${carbon.store.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.appmgt.mdm.osgiconnector.feature.group</id>
                                     <version>${carbon.device.mgt.plugin.version}</version>
@@ -3131,7 +3219,7 @@
                                     <id>org.wso2.carbon.appmgt.mdm.restconnector.feature.group</id>
                                     <version>${carbon.device.mgt.plugin.version}</version>
                                 </feature>
-                                <!-- End of app management features-->
+								<!-- End of app management features-->
 
                                 <!-- Device Management Features -->
                                 <feature>
@@ -3150,6 +3238,10 @@
                                     <id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.email.sender.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -3198,6 +3290,10 @@
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -3215,6 +3311,7 @@
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
                                 <!-- End of Device Management Features -->
+
                                 <feature>
                                     <id>org.wso2.carbon.device.mgt.adapter.feature.group</id>
                                     <version>${carbon.device.mgt.plugin.version}</version>
@@ -3481,6 +3578,18 @@
                                     <id>org.wso2.carbon.apimgt.store.feature.group</id>
                                     <version>${carbon.api.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.rest.api.dcr.feature.group</id>
+									<version>${carbon.api.mgt.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.rest.api.publisher.feature.group</id>
+									<version>${carbon.api.mgt.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.rest.api.store.feature.group</id>
+									<version>${carbon.api.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.registry.extensions.feature.group</id>
                                     <version>${carbon.governance.version}</version>
@@ -3607,6 +3716,10 @@
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.mqtt.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.gcm.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.device.mgt.extensions.push.notification.provider.xmpp.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -3631,6 +3744,10 @@
                                     <id>org.wso2.carbon.apimgt.application.extension.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
                                 </feature>
+								<feature>
+									<id>org.wso2.carbon.apimgt.integration.client.feature.group</id>
+									<version>${carbon.device.mgt.version}</version>
+								</feature>
                                 <feature>
                                     <id>org.wso2.carbon.certificate.mgt.server.feature.group</id>
                                     <version>${carbon.device.mgt.version}</version>
@@ -3686,6 +3803,24 @@
 									<version>${identity.inbound.auth.saml.version.iotcore}</version>
 								</feature>
 								<!-- SSO Fix-->
+
+								<!-- Dashboard Features -->
+								<feature>
+									<id>org.wso2.carbon.dashboards.shindig.feature.group</id>
+									<version>${carbon.dashboard.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.dashboards.portal.feature.group</id>
+									<version>${carbon.dashboard.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.dashboard.deployment.feature.group</id>
+									<version>${carbon.dashboard.version}</version>
+								</feature>
+								<feature>
+									<id>org.wso2.carbon.iot.device.statistics.dashboard.feature.group</id>
+									<version>${carbon.device.mgt.plugin.version}</version>
+								</feature>
                             </features>
                         </configuration>
                     </execution>
diff --git a/modules/core/scripts/mobile-qsg/pom.xml b/modules/core/scripts/mobile-qsg/pom.xml
index 9310827a..944351b0 100644
--- a/modules/core/scripts/mobile-qsg/pom.xml
+++ b/modules/core/scripts/mobile-qsg/pom.xml
@@ -64,6 +64,72 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-antrun-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>download-appm-store.war</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <configuration>
+                            <target>
+                                <get src="http://maven.wso2.org/nexus/content/groups/wso2-public/org/wso2/carbon/appmgt/org.wso2.carbon.appmgt.rest.api.store/1.2.5/org.wso2.carbon.appmgt.rest.api.store-1.2.5.war"
+                                     dest="${project.build.directory}/api#appm#store#v1.1.war"
+                                     verbose="false"
+                                     usetimestamp="true"/>
+                            </target>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>download-appm-publisher.war</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <configuration>
+                            <target>
+                                <get src="http://maven.wso2.org/nexus/content/groups/wso2-public/org/wso2/carbon/appmgt/org.wso2.carbon.appmgt.rest.api.publisher/1.2.5/org.wso2.carbon.appmgt.rest.api.publisher-1.2.5.war"
+                                     dest="${project.build.directory}/api#appm#publisher#v1.1.war"
+                                     verbose="false"
+                                     usetimestamp="true"/>
+                            </target>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>download-appm-ouath-webapp.war</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <configuration>
+                            <target>
+                                <get src="http://maven.wso2.org/nexus/content/groups/wso2-public/org/wso2/carbon/appmgt/org.wso2.carbon.appmgt.oauth.webapp/1.2.5/org.wso2.carbon.appmgt.oauth.webapp-1.2.5.war"
+                                     dest="${project.build.directory}/api#appm#oauth#v1.0.war"
+                                     verbose="false"
+                                     usetimestamp="true"/>
+                            </target>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>download-appm-ouath-core.jar</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                        <configuration>
+                            <target>
+                                <get src="http://maven.wso2.org/nexus/content/groups/wso2-public/org/wso2/carbon/appmgt/org.wso2.carbon.appmgt.oauth.core/1.2.5/org.wso2.carbon.appmgt.oauth.core-1.2.5.jar"
+                                     dest="${project.build.directory}/"
+                                     verbose="false"
+                                     usetimestamp="true"/>
+                            </target>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
         <finalName>${project.artifactId}</finalName>
     </build>
diff --git a/modules/core/scripts/mobile-qsg/resources/Readme.txt b/modules/core/scripts/mobile-qsg/resources/Readme.txt
index 36cf44c3..64ce0ece 100644
--- a/modules/core/scripts/mobile-qsg/resources/Readme.txt
+++ b/modules/core/scripts/mobile-qsg/resources/Readme.txt
@@ -1,10 +1,7 @@
-    IoTs 3.0.0 QSG Setup guide
-
-1. Navigate to this folder using the terminal, Note that this (Readme.txt) flie should be located under <IoTS_HOME>/core/samples/mobile-qsg/ directory.
-2. Stop the WSO2 IoTS if already runing
-3. Then execute the copy-files.sh script
-4. Start the WSO2 IoTS server
-5. Once server is started execute the mobile-qsg.sh script
-6. Then login to the https://<your-server>:9443/devicemgt/ and use the username,password as alex alex@IoTS, Note that for this sample we have configured above user from the script. If you want to run this script again you have to login as admin and remove the user alex, chris and role iotMobileUser from the IoT Server.
-
+    IoTs 3.1.0 QSG Setup guide
 
+1. Start the WSO2 IoTS server
+2. Navigate to <IoTS_HOME>/core/samples/mobile-qsg/ directory using the terminal.
+3. Once server is started execute the mobile-qsg.sh script
+4. Then login to the https://<your-server>:9443/devicemgt/ and use the username,password as alex alex@IoTS,
++Note that for this sample we have configured above user from the script. If you want to run this script again you have to login as admin and remove the user alex, chris and role iotMobileUser from the IoT Server.
\ No newline at end of file
diff --git a/modules/core/scripts/mobile-qsg/resources/apps/android/catalog.apk b/modules/core/scripts/mobile-qsg/resources/apps/android/catalog.apk
new file mode 100644
index 00000000..473f5805
Binary files /dev/null and b/modules/core/scripts/mobile-qsg/resources/apps/android/catalog.apk differ
diff --git a/modules/core/scripts/mobile-qsg/resources/apps/android/images/banner.jpg b/modules/core/scripts/mobile-qsg/resources/apps/android/images/banner.jpg
new file mode 100644
index 00000000..002dea5c
Binary files /dev/null and b/modules/core/scripts/mobile-qsg/resources/apps/android/images/banner.jpg differ
diff --git a/modules/core/scripts/mobile-qsg/resources/apps/android/images/icon.jpg b/modules/core/scripts/mobile-qsg/resources/apps/android/images/icon.jpg
new file mode 100644
index 00000000..002dea5c
Binary files /dev/null and b/modules/core/scripts/mobile-qsg/resources/apps/android/images/icon.jpg differ
diff --git a/modules/core/scripts/mobile-qsg/resources/apps/android/images/screen1.jpg b/modules/core/scripts/mobile-qsg/resources/apps/android/images/screen1.jpg
new file mode 100644
index 00000000..002dea5c
Binary files /dev/null and b/modules/core/scripts/mobile-qsg/resources/apps/android/images/screen1.jpg differ
diff --git a/modules/core/scripts/mobile-qsg/resources/apps/android/images/screen2.jpg b/modules/core/scripts/mobile-qsg/resources/apps/android/images/screen2.jpg
new file mode 100644
index 00000000..002dea5c
Binary files /dev/null and b/modules/core/scripts/mobile-qsg/resources/apps/android/images/screen2.jpg differ
diff --git a/modules/core/scripts/mobile-qsg/resources/apps/android/images/screen3.jpg b/modules/core/scripts/mobile-qsg/resources/apps/android/images/screen3.jpg
new file mode 100644
index 00000000..002dea5c
Binary files /dev/null and b/modules/core/scripts/mobile-qsg/resources/apps/android/images/screen3.jpg differ
diff --git a/modules/core/scripts/mobile-qsg/resources/apps/ios/PNDemo.ipa b/modules/core/scripts/mobile-qsg/resources/apps/ios/PNDemo.ipa
new file mode 100644
index 00000000..01729c7c
Binary files /dev/null and b/modules/core/scripts/mobile-qsg/resources/apps/ios/PNDemo.ipa differ
diff --git a/modules/core/scripts/mobile-qsg/resources/apps/ios/images/banner.jpg b/modules/core/scripts/mobile-qsg/resources/apps/ios/images/banner.jpg
new file mode 100644
index 00000000..002dea5c
Binary files /dev/null and b/modules/core/scripts/mobile-qsg/resources/apps/ios/images/banner.jpg differ
diff --git a/modules/core/scripts/mobile-qsg/resources/apps/ios/images/icon.jpg b/modules/core/scripts/mobile-qsg/resources/apps/ios/images/icon.jpg
new file mode 100644
index 00000000..002dea5c
Binary files /dev/null and b/modules/core/scripts/mobile-qsg/resources/apps/ios/images/icon.jpg differ
diff --git a/modules/core/scripts/mobile-qsg/resources/apps/ios/images/screen1.jpg b/modules/core/scripts/mobile-qsg/resources/apps/ios/images/screen1.jpg
new file mode 100644
index 00000000..002dea5c
Binary files /dev/null and b/modules/core/scripts/mobile-qsg/resources/apps/ios/images/screen1.jpg differ
diff --git a/modules/core/scripts/mobile-qsg/resources/apps/ios/images/screen2.jpg b/modules/core/scripts/mobile-qsg/resources/apps/ios/images/screen2.jpg
new file mode 100644
index 00000000..002dea5c
Binary files /dev/null and b/modules/core/scripts/mobile-qsg/resources/apps/ios/images/screen2.jpg differ
diff --git a/modules/core/scripts/mobile-qsg/resources/apps/ios/images/screen3.jpg b/modules/core/scripts/mobile-qsg/resources/apps/ios/images/screen3.jpg
new file mode 100644
index 00000000..002dea5c
Binary files /dev/null and b/modules/core/scripts/mobile-qsg/resources/apps/ios/images/screen3.jpg differ
diff --git a/modules/core/scripts/mobile-qsg/resources/copy-files.sh b/modules/core/scripts/mobile-qsg/resources/copy-files.sh
deleted file mode 100644
index 8bb28f16..00000000
--- a/modules/core/scripts/mobile-qsg/resources/copy-files.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-# product-emm qsg sample setup script for copying the required files
-
-echo "Copying the required files for wso2iots-3.0.0 QSG setup ..."
-cp dropings/* ../../repository/components/dropins/ 
-cp webapps/* ../../repository/deployment/server/webapps/ 
-
-
diff --git a/modules/core/scripts/mobile-qsg/resources/mobile-qsg.sh b/modules/core/scripts/mobile-qsg/resources/mobile-qsg.sh
old mode 100644
new mode 100755
diff --git a/modules/core/scripts/mobile-qsg/resources/script_and_resources.zip b/modules/core/scripts/mobile-qsg/resources/script_and_resources.zip
deleted file mode 100644
index e69de29b..00000000
diff --git a/modules/distribution/src/assembly/dist.xml b/modules/distribution/src/assembly/dist.xml
index fdd91e0f..d14ebd4f 100644
--- a/modules/distribution/src/assembly/dist.xml
+++ b/modules/distribution/src/assembly/dist.xml
@@ -46,12 +46,12 @@
             </includes>
         </fileSet>
         <!--<fileSet>-->
-            <!--<directory>src/resources/bin</directory>-->
-            <!--<outputDirectory>wso2iot-${product.iot.version}/bin</outputDirectory>-->
-            <!--<includes>-->
-                <!--<include>*/**</include>-->
-            <!--</includes>-->
-            <!--<fileMode>755</fileMode>-->
+        <!--<directory>src/resources/bin</directory>-->
+        <!--<outputDirectory>wso2iot-${product.iot.version}/bin</outputDirectory>-->
+        <!--<includes>-->
+        <!--<include>*/**</include>-->
+        <!--</includes>-->
+        <!--<fileMode>755</fileMode>-->
         <!--</fileSet>-->
         <fileSet>
             <directory>${basedir}/src/resources/plugins</directory>
@@ -60,37 +60,38 @@
                 <include>*/**</include>
             </includes>
             <fileMode>644</fileMode>
-			<filtered>true</filtered>
+            <filtered>true</filtered>
         </fileSet>
-		<fileSet>
-			<directory>${basedir}/src/resources/samples</directory>
-			<outputDirectory>wso2iot-${product.iot.version}/samples</outputDirectory>
-			<includes>
-				<include>*/**</include>
-			</includes>
+        <fileSet>
+            <directory>${basedir}/src/resources/samples</directory>
+            <outputDirectory>wso2iot-${product.iot.version}/samples</outputDirectory>
+            <includes>
+                <include>*/**</include>
+            </includes>
             <excludes>
                 <exclude>**/*samples-deployer.xml</exclude>
                 <exclude>**/*connectedcup/pom.xml</exclude>
             </excludes>
-			<fileMode>644</fileMode>
-		</fileSet>
+            <fileMode>644</fileMode>
+        </fileSet>
     </fileSets>
-	<files>
-		<file>
-			<source>
+    <files>
+        <file>
+            <source>
                 ${basedir}/src/resources/samples/samples-deployer.xml
-			</source>
-			<outputDirectory>wso2iot-${product.iot.version}/samples/</outputDirectory>
-			<filtered>true</filtered>
-			<fileMode>644</fileMode>
-		</file>
-		<file>
-			<source>
+            </source>
+            <outputDirectory>wso2iot-${product.iot.version}/samples/</outputDirectory>
+            <filtered>true</filtered>
+            <fileMode>644</fileMode>
+        </file>
+        <file>
+            <source>
                 ${basedir}/src/resources/samples/connectedcup/pom.xml
-			</source>
-			<outputDirectory>wso2iot-${product.iot.version}/samples/connectedcup</outputDirectory>
-			<filtered>true</filtered>
-			<fileMode>644</fileMode>
-		</file>
-	</files>
+            </source>
+            <outputDirectory>wso2iot-${product.iot.version}/samples/connectedcup</outputDirectory>
+            <filtered>true</filtered>
+            <fileMode>644</fileMode>
+        </file>
+
+    </files>
 </assembly>
diff --git a/modules/distribution/src/resources/plugins/plugins-deployer.xml b/modules/distribution/src/resources/plugins/plugins-deployer.xml
index a531bd63..e545dd51 100644
--- a/modules/distribution/src/resources/plugins/plugins-deployer.xml
+++ b/modules/distribution/src/resources/plugins/plugins-deployer.xml
@@ -111,7 +111,7 @@
                         <configuration>
                             <tasks>
                                 <copy todir="../analytics/repository/deployment/server/carbonapps">
-                                    <fileset dir="../core/repository/deployment/server/carbonapps">
+                                    <fileset dir="../core/repository/resources/devicetypes">
                                         <include name="*.car"/>
                                     </fileset>
                                 </copy>
diff --git a/modules/distribution/src/resources/samples/connectedcup/component/analytics/src/main/resources/carbonapps/connected_cup/connected_cup_receiver/connected_cup_receiver.xml b/modules/distribution/src/resources/samples/connectedcup/component/analytics/src/main/resources/carbonapps/connected_cup/connected_cup_receiver/connected_cup_receiver.xml
index e63f6973..0bf476f5 100644
--- a/modules/distribution/src/resources/samples/connectedcup/component/analytics/src/main/resources/carbonapps/connected_cup/connected_cup_receiver/connected_cup_receiver.xml
+++ b/modules/distribution/src/resources/samples/connectedcup/component/analytics/src/main/resources/carbonapps/connected_cup/connected_cup_receiver/connected_cup_receiver.xml
@@ -20,9 +20,7 @@
 <eventReceiver name="connected_cup_receiver" statistics="disable" trace="disable" xmlns="http://wso2.org/carbon/eventreceiver">
     <from eventAdapterType="oauth-mqtt">
         <property name="topic">carbon.super/connectedcup/#</property>
-        <property name="username">admin</property>
-		<property name="password">admin</property>
-        <property name="contentValidator">org.wso2.carbon.device.mgt.input.adapter.mqtt.util.MQTTContentValidator</property>
+        <property name="contentValidator">iot-mqtt</property>
         <property name="contentTransformer">default</property>
         <property name="cleanSession">true</property>
     </from>
diff --git a/modules/integration/pom.xml b/modules/integration/pom.xml
index 72e02fa3..e01676b3 100644
--- a/modules/integration/pom.xml
+++ b/modules/integration/pom.xml
@@ -33,8 +33,8 @@
     <modules>
         <module>tests-artifacts</module>
         <module>tests-common</module>
-        <module>tests-integration</module>
-        <!--module>tests-iot-web-ui</module-->
+        <!--<module>tests-integration</module>-->
+        <module>tests-iot-web-ui</module>
     </modules>
 
 </project>
diff --git a/modules/integration/tests-integration/pom.xml b/modules/integration/tests-integration/pom.xml
index 7ef822f8..124c5b2a 100644
--- a/modules/integration/tests-integration/pom.xml
+++ b/modules/integration/tests-integration/pom.xml
@@ -16,7 +16,8 @@
 ~ specific language governing permissions and limitations
 ~ under the License.
 -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <parent>
         <groupId>org.wso2.iot</groupId>
         <artifactId>wso2iot-integration</artifactId>
diff --git a/modules/integration/tests-integration/src/test/java/org/wso2/iot/integration/common/OAuthUtil.java b/modules/integration/tests-integration/src/test/java/org/wso2/iot/integration/common/OAuthUtil.java
index 6c57af40..7935d017 100644
--- a/modules/integration/tests-integration/src/test/java/org/wso2/iot/integration/common/OAuthUtil.java
+++ b/modules/integration/tests-integration/src/test/java/org/wso2/iot/integration/common/OAuthUtil.java
@@ -27,6 +27,7 @@ import org.wso2.carbon.automation.test.utils.http.client.HttpResponse;
  */
 public class OAuthUtil {
 
+
     public static String getScopes(String backendHTTPURL, String backendHTTPSURL) throws Exception {
         return getOAuthTokenPair(backendHTTPURL, backendHTTPSURL).get(Constants.SCOPE).toString();
     }
diff --git a/modules/integration/tests-integration/src/test/java/org/wso2/iot/integration/mobileDevice/MobileDeviceManagementWithNoDevices.java b/modules/integration/tests-integration/src/test/java/org/wso2/iot/integration/mobileDevice/MobileDeviceManagementWithNoDevices.java
index b2e76bea..eeaa37a9 100644
--- a/modules/integration/tests-integration/src/test/java/org/wso2/iot/integration/mobileDevice/MobileDeviceManagementWithNoDevices.java
+++ b/modules/integration/tests-integration/src/test/java/org/wso2/iot/integration/mobileDevice/MobileDeviceManagementWithNoDevices.java
@@ -70,4 +70,4 @@ public class MobileDeviceManagementWithNoDevices extends TestBase {
         return tokenString.contains(permissionsList);
     }
 
-}
\ No newline at end of file
+}
diff --git a/pom.xml b/pom.xml
index 787f115b..4ee1ae97 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1534,21 +1534,23 @@
         <carbon.governance.version>4.7.0</carbon.governance.version>
 
         <!-- Carbon Device Management -->
-        <carbon.device.mgt.version>2.0.13</carbon.device.mgt.version>
+
+        <carbon.device.mgt.version>2.0.20-SNAPSHOT</carbon.device.mgt.version>
         <carbon.device.mgt.version.range>[2.0.0, 3.0.0)</carbon.device.mgt.version.range>
 
         <!-- IOT Device Management -->
         <product.iot.version>3.1.0-SNAPSHOT</product.iot.version>
 
         <!-- Carbon Device Management Plugins-->
-        <carbon.device.mgt.plugin.version>3.0.10</carbon.device.mgt.plugin.version>
+
+        <carbon.device.mgt.plugin.version>3.0.12-SNAPSHOT</carbon.device.mgt.plugin.version>
 
         <!-- API Management -->
-        <carbon.api.mgt.version>6.1.35</carbon.api.mgt.version>
+        <carbon.api.mgt.version>6.1.72</carbon.api.mgt.version>
         <carbon.api.mgt.version.range>(6.0.0,7.0.0]</carbon.api.mgt.version.range>
 
         <!-- Carbon Mediation -->
-        <carbon.mediation.version>4.6.9</carbon.mediation.version>
+        <carbon.mediation.version>4.6.10</carbon.mediation.version>
 
         <!-- Carbon Analytics Common (DAS) -->
         <carbon.analytics.common.version>5.1.5</carbon.analytics.common.version>
@@ -1681,7 +1683,7 @@
         <eclipse.paho.version>1.0.2</eclipse.paho.version>
 
         <!-- CDMF Analytics -->
-        <cdmf.analytics.version>1.0.3</cdmf.analytics.version>
+        <cdmf.analytics.version>1.0.4-SNAPSHOT</cdmf.analytics.version>
 
         <apache.httpmime.version>4.2.5</apache.httpmime.version>
         <apache.httpclient.version>4.5.2</apache.httpclient.version>