diff --git a/modules/distribution/src/core/bin/profile-creator.sh b/modules/distribution/src/core/bin/profile-creator.sh
index 10fa3a91..4b98d665 100644
--- a/modules/distribution/src/core/bin/profile-creator.sh
+++ b/modules/distribution/src/core/bin/profile-creator.sh
@@ -120,6 +120,7 @@ then
 	rm -rf ${DIR}/profile-creator.bat
 	cp -rf ${DIR}/../repository/resources/profiles/keymanager/*.sh ${DIR}/../bin/
 	cp -rf ${DIR}/../repository/resources/profiles/keymanager/carbon.xml ${DIR}/../conf/
+	cp -rf ${DIR}/../repository/resources/profiles/keymanager/identity/application-authentication.xml ${DIR}/../conf/identity/
 	rm -rf ${DIR}/../repository/deployment/server/jaggeryapps/*
 	rm -rf ${DIR}/../repository/deployment/server/synapse-configs/default/api/*
 	rm -rf ${DIR}/../repository/deployment/server/synapse-configs/default/sequences/_*.xml
@@ -127,6 +128,7 @@ then
 	cp ${DIR}/../repository/deployment/server/webapps/oauth2.war ${DIR}/../repository/deployment/server/tempwebapp/
 	cp ${DIR}/../repository/deployment/server/webapps/client-registration#v0.11.war ${DIR}/../repository/deployment/server/tempwebapp/
 	cp ${DIR}/../repository/deployment/server/webapps/dynamic-client-web.war ${DIR}/../repository/deployment/server/tempwebapp/
+	cp ${DIR}/../repository/deployment/server/webapps/authenticationendpoint.war ${DIR}/../repository/deployment/server/tempwebapp/
 	rm -rf ${DIR}/../repository/deployment/server/webapps/*
 	cp -rf ${DIR}/../repository/deployment/server/tempwebapp/* ${DIR}/../repository/deployment/server/webapps/
 	rm -rf ${DIR}/../repository/deployment/server/tempwebapp
diff --git a/modules/distribution/src/core/resources/profiles/keymanager/identity/application-authentication.xml b/modules/distribution/src/core/resources/profiles/keymanager/identity/application-authentication.xml
new file mode 100644
index 00000000..f242c3c1
--- /dev/null
+++ b/modules/distribution/src/core/resources/profiles/keymanager/identity/application-authentication.xml
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+~ Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+~
+~ Licensed under the Apache License, Version 2.0 (the "License");
+~ you may not use this file except in compliance with the License.
+~ You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing, software
+~ distributed under the License is distributed on an "AS IS" BASIS,
+~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+~ See the License for the specific language governing permissions and
+~ limitations under the License.
+ -->
+
+<ApplicationAuthentication xmlns="http://wso2.org/projects/carbon/application-authentication.xml">
+
+    <!--
+        ProxyMode allows framework to operate in either 'smart' mode
+        or 'dumb' mode.
+        smart = both local and federated authentication is supported
+        dumb = only federated authentication is supported
+    -->
+    <ProxyMode>smart</ProxyMode>
+
+    <!--
+        AuthenticationEndpointURL is location of the web app containing
+        the authentication related pages
+    -->
+    <AuthenticationEndpointURL>/authenticationendpoint/login.do</AuthenticationEndpointURL>
+
+    <!--
+        Extensions allow extending the default behaviour of the authentication
+        process.
+    -->
+    <Extensions>
+        <RequestCoordinator>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator</RequestCoordinator>
+        <AuthenticationRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler</AuthenticationRequestHandler>
+        <LogoutRequestHandler>org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultLogoutRequestHandler</LogoutRequestHandler>
+        <StepBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler</StepBasedSequenceHandler>
+        <RequestPathBasedSequenceHandler>org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultRequestPathBasedSequenceHandler</RequestPathBasedSequenceHandler>
+        <StepHandler>org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler</StepHandler>
+        <HomeRealmDiscoverer>org.wso2.carbon.identity.application.authentication.framework.handler.hrd.impl.DefaultHomeRealmDiscoverer</HomeRealmDiscoverer>
+        <ClaimHandler>org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl.DefaultClaimHandler</ClaimHandler>
+        <ProvisioningHandler>org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler</ProvisioningHandler>
+    </Extensions>
+
+    <!--
+        AuthenticatorNameMappings allow specifying an authenticator
+        against a pre-defined alias (which will be used by other components.
+        E.g. Application Mgt component). This enables the usage of a custom
+        authenticator in place of an authenticator that gets packed with the
+        distribution.
+    -->
+    <AuthenticatorNameMappings>
+        <AuthenticatorNameMapping name="BasicAuthenticator" alias="basic" />
+        <AuthenticatorNameMapping name="OAuthRequestPathAuthenticator" alias="oauth-bearer" />
+        <AuthenticatorNameMapping name="BasicAuthRequestPathAuthenticator" alias="basic-auth" />
+        <AuthenticatorNameMapping name="IWAAuthenticator" alias="iwa" />
+        <AuthenticatorNameMapping name="SAMLSSOAuthenticator" alias="samlsso" />
+        <AuthenticatorNameMapping name="OpenIDConnectAuthenticator" alias="openidconnect" />
+        <AuthenticatorNameMapping name="OpenIDAuthenticator" alias="openid" />
+        <AuthenticatorNameMapping name="PassiveSTSAuthenticator" alias="passive-sts" />
+    </AuthenticatorNameMappings>
+
+    <!--
+		AuthenticatorConfigs allow specifying various configurations needed
+		by the authenticators by using any number of \'Parameter\' elements
+		E.g.
+		<AuthenticatorConfig name="CustomAuthenticator" enabled="true" />
+			<Parameter name="paramName1">paramValue</Parameter>
+			<Parameter name="paramName2">paramValue</Parameter>
+		</AuthenticatorConfig>
+    -->
+    <AuthenticatorConfigs>
+        <AuthenticatorConfig name="BasicAuthenticator" enabled="true">
+            <!--Parameter name="UserNameAttributeClaimUri">http://wso2.org/claims/emailaddress</Parameter-->
+            <!--Parameter name="showAuthFailureReason">true</Parameter-->
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="OAuthRequestPathAuthenticator" enabled="true" />
+        <AuthenticatorConfig name="BasicAuthRequestPathAuthenticator" enabled="true" />
+        <AuthenticatorConfig name="SAMLSSOAuthenticator" enabled="true">
+            <!--Parameter name="SignAuth2SAMLUsingSuperTenant">true</Parameter-->
+            <!--Parameter name="SAML2SSOManager">org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager</Parameter-->
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="OpenIDConnectAuthenticator" enabled="true">
+            <!--Parameter name="IDTokenHandler">org.wso2.carbon.identity.application.authenticator.oidc.DefaultIDTokenHandler</Parameter-->
+            <!--Parameter name="ClaimsRetriever">org.wso2.carbon.identity.application.authenticator.oidc.OIDCUserInfoClaimsRetriever</Parameter-->
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="OpenIDAuthenticator" enabled="true">
+            <Parameter name="LoginPage">/authenticationendpoint/login.do</Parameter>
+            <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.jks</Parameter>
+            <Parameter name="TrustStorePassword">wso2carbon</Parameter>
+            <!--Parameter name="OpenIDManager">org.wso2.carbon.identity.application.authenticator.openid.manager.DefaultOpenIDManager</Parameter>
+            <Parameter name="AttributesRequestor">org.wso2.carbon.identity.application.authenticator.openid.manager.SampleAttributesRequestor</Parameter-->
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="GoogleOIDCAuthenticator" enabled="true">
+            <Parameter name="GoogleTokenEndpoint">https://accounts.google.com/o/oauth2/token</Parameter>
+            <Parameter name="GoogleAuthzEndpoint">https://accounts.google.com/o/oauth2/auth</Parameter>
+            <Parameter name="GoogleUserInfoEndpoint">https://www.googleapis.com/oauth2/v3/userinfo</Parameter>
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="MicrosoftWindowsLive" enabled="true">
+            <Parameter name="AuthTokenEndpoint">https://login.live.com/oauth20_token.srf</Parameter>
+            <Parameter name="AuthnEndpoint">https://login.live.com/oauth20_authorize.srf</Parameter>
+            <Parameter name="UserInfoEndpoint">https://apis.live.net/v5.0/me?access_token=</Parameter>
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="FacebookAuthenticator" enabled="true">
+            <Parameter name="AuthTokenEndpoint">https://graph.facebook.com/oauth/access_token</Parameter>
+            <Parameter name="AuthnEndpoint">http://www.facebook.com/dialog/oauth</Parameter>
+            <Parameter name="UserInfoEndpoint">https://graph.facebook.com/me</Parameter>
+        </AuthenticatorConfig>
+        <AuthenticatorConfig  name="FIDOAuthenticator" enabled="true">
+            <Parameter name="FidoAuth">/authenticationendpoint/fido-auth.jsp</Parameter>
+        </AuthenticatorConfig>
+        <AuthenticatorConfig name="YahooOAuth2Authenticator" enabled="true">
+            <Parameter name="YahooTokenEndpoint">https://api.login.yahoo.com/oauth2/get_token</Parameter>
+            <Parameter name="YahooOAuthzEndpoint">https://api.login.yahoo.com/oauth2/request_auth</Parameter>
+            <Parameter name="YahooUserInfoEndpoint">https://social.yahooapis.com/v1/user/</Parameter>
+        </AuthenticatorConfig>
+    </AuthenticatorConfigs>
+
+    <!--
+		Sequences allow specifying authentication flows for different
+		registered applications. \'default\' sequence is taken if an
+		application specific sequence doesn't exist in this file or
+		in the Application Mgt module.
+    -->
+    <Sequences>
+        <!-- Default Sequence. This is mandatory -->
+        <Sequence appId="default">
+            <Step order="1">
+                <Authenticator name="BasicAuthenticator"/>
+            </Step>
+        </Sequence>
+    </Sequences>
+
+    <!--
+            AuthenticationEndpointQueryParams are the request parameters
+            that would be sent to the AuthenticationEndpoint.
+            'action' defines the behaviour: if 'include', only the defined
+            parameters would be included in the request.
+            If 'exclude' specified, all the parameters received by the
+            Authentication Framework would be sent in the request except
+            the ones specified.
+            'sessionDataKey', 'type', 'relyingParty', 'sp' and 'authenticators'
+            parameters will be always sent. They should not be specified here.
+        -->
+    <AuthenticationEndpointQueryParams action="exclude">
+        <AuthenticationEndpointQueryParam name="username"/>
+        <AuthenticationEndpointQueryParam name="password"/>
+        <AuthenticationEndpointQueryParam name="SAMLRequest"/>
+    </AuthenticationEndpointQueryParams>
+
+    <!--TenantDomainDropDownEnabled>true</TenantDomainDropDownEnabled>
+    <TenantDataListenerURLs>
+      <TenantDataListenerURL>/authenticationendpoint/tenantlistrefresher.do</TenantDataListenerURL>
+    </TenantDataListenerURLs-->
+
+</ApplicationAuthentication>
diff --git a/modules/p2-profile/iot-core-profile/pom.xml b/modules/p2-profile/iot-core-profile/pom.xml
index 3792f4f3..2cfb7463 100644
--- a/modules/p2-profile/iot-core-profile/pom.xml
+++ b/modules/p2-profile/iot-core-profile/pom.xml
@@ -2105,9 +2105,7 @@
                                     <version>${carbon.commons.version}</version>
                                 </feature>
                                 <feature>
-                                    <id>
-                                        org.wso2.carbon.identity.application.authenticator.basicauth.server.feature.group
-                                    </id>
+                                    <id>org.wso2.carbon.identity.application.authenticator.basicauth.server.feature.group</id>
                                     <version>${identity.local.auth.basicauth.version}</version>
                                 </feature>
                                 <feature>
@@ -2475,6 +2473,10 @@
                                     <id>org.wso2.carbon.analytics.api.client.feature.group</id>
                                     <version>${carbon.analytics.version}</version>
                                 </feature>
+                                <feature>
+                                    <id>org.wso2.carbon.identity.sso.saml.feature.group</id>
+                                    <version>${identity.inbound.auth.saml.version}</version>
+                                </feature>
                             </features>
                         </configuration>
                     </execution>