diff --git a/modules/broker/distribution/src/main/assembly/bin.xml b/modules/broker/distribution/src/main/assembly/bin.xml
index 15dda311..8d198090 100644
--- a/modules/broker/distribution/src/main/assembly/bin.xml
+++ b/modules/broker/distribution/src/main/assembly/bin.xml
@@ -210,6 +210,7 @@
             </outputDirectory>
             <excludes>
                 <exclude>**/broker.xml</exclude>
+                <exclude>tomcat/carbon/WEB-INF/web.xml</exclude>
                 <exclude>**/axis2.xml</exclude>
                 <exclude>**/carbon.xml</exclude>
                 <exclude>**/cipher-text.properties</exclude>
@@ -352,6 +353,12 @@
             <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/</outputDirectory>
             <filtered>true</filtered>
         </file>
+        <file>
+            <source>src/main/conf/web.xml
+            </source>
+            <outputDirectory>${pom.artifactId}-${pom.version}/repository/conf/tomcat/carbon/WEB-INF/</outputDirectory>
+            <filtered>true</filtered>
+        </file>
         <file>
             <source>src/main/conf/metrics.xml
             </source>
diff --git a/modules/broker/distribution/src/main/conf/web.xml b/modules/broker/distribution/src/main/conf/web.xml
new file mode 100644
index 00000000..ce5eba2e
--- /dev/null
+++ b/modules/broker/distribution/src/main/conf/web.xml
@@ -0,0 +1,177 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ ~
+ ~ WSO2 Inc. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except
+ ~ in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~    http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied.  See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
+        "http://java.sun.com/dtd/web-app_2_3.dtd">
+<web-app id="WebApp">
+
+    <security-constraint>
+        <display-name>Restrict access to carbon console</display-name>
+        <web-resource-collection>
+            <web-resource-name>Restricted Console UI</web-resource-name>
+            <url-pattern>/carbon/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint/>
+    </security-constraint>
+
+    <!-- OWASP CSRFGuard per-application configuration property file location-->
+    <context-param>
+        <param-name>Owasp.CsrfGuard.Config</param-name>
+        <param-value>repository/conf/security/Owasp.CsrfGuard.Carbon.properties</param-value>
+    </context-param>
+
+    <servlet id="bridge">
+        <servlet-name>bridgeservlet</servlet-name>
+        <display-name>Carbon Bridge Servlet</display-name>
+        <description>Carbon Bridge Servlet</description>
+        <servlet-class>org.wso2.carbon.tomcat.ext.servlet.DelegationServlet</servlet-class>
+
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+    <!-- OWASP CSRFGuard servlet that serves dynamic token injection JavaScript-->
+    <servlet>
+        <servlet-name>JavaScriptServlet</servlet-name>
+        <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>bridgeservlet</servlet-name>
+        <url-pattern>/*</url-pattern>
+    </servlet-mapping>
+    <!--
+       This is required if your application bundles expose JSPs.
+     -->
+    <servlet-mapping>
+        <servlet-name>bridgeservlet</servlet-name>
+        <url-pattern>*.jsp</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>JavaScriptServlet</servlet-name>
+        <url-pattern>/carbon/admin/js/csrfPrevention.js</url-pattern>
+    </servlet-mapping>
+
+    <!--This is for performing the character encoding in the JSPs. -->
+    <filter>
+        <filter-name>CharsetFilter</filter-name>
+        <filter-class>org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter</filter-class>
+        <init-param>
+            <param-name>requestEncoding</param-name>
+            <param-value>UTF-8</param-value>
+        </init-param>
+    </filter>
+
+    <!-- OWASP CSRFGuard filter used to validate CSRF token-->
+    <filter>
+        <filter-name>CSRFGuard</filter-name>
+        <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
+    </filter>
+
+    <!-- Tomcat http header security filter -->
+    <filter>
+        <filter-name>HttpHeaderSecurityFilter</filter-name>
+        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+        <init-param>
+            <param-name>hstsEnabled</param-name>
+            <param-value>false</param-value>
+        </init-param>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>HttpHeaderSecurityFilter</filter-name>
+        <url-pattern>*</url-pattern>
+    </filter-mapping>
+
+    <filter-mapping>
+        <filter-name>CharsetFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <filter-mapping>
+        <filter-name>CSRFGuard</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <!-- OWASP CSRFGuard context listener used to read CSRF configuration -->
+    <listener>
+        <listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
+    </listener>
+
+    <!-- OWASP CSRFGuard session listener used to generate per-session CSRF token -->
+    <listener>
+        <listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
+    </listener>
+
+    <session-config>
+        <session-timeout>15</session-timeout>
+        <cookie-config>
+            <secure>true</secure>
+        </cookie-config>
+    </session-config>
+
+    <!-- custom error pages -->
+    <error-page>
+        <error-code>400</error-code>
+        <location>/carbon/errors/error_400.html</location>
+    </error-page>
+    <error-page>
+        <error-code>401</error-code>
+        <location>/carbon/errors/error_401.html</location>
+    </error-page>
+    <error-page>
+        <error-code>403</error-code>
+        <location>/carbon/errors/error_403.html</location>
+    </error-page>
+    <error-page>
+        <error-code>404</error-code>
+        <location>/carbon/errors/error_404.html</location>
+    </error-page>
+    <error-page>
+        <error-code>405</error-code>
+        <location>/carbon/errors/error_405.html</location>
+    </error-page>
+    <error-page>
+        <error-code>408</error-code>
+        <location>/carbon/errors/error_408.html</location>
+    </error-page>
+    <error-page>
+        <error-code>410</error-code>
+        <location>/carbon/errors/error_410.html</location>
+    </error-page>
+    <error-page>
+        <error-code>500</error-code>
+        <location>/carbon/errors/error_500.html</location>
+    </error-page>
+    <error-page>
+        <error-code>502</error-code>
+        <location>/carbon/errors/error_502.html</location>
+    </error-page>
+    <error-page>
+        <error-code>503</error-code>
+        <location>/carbon/errors/error_503.html</location>
+    </error-page>
+    <error-page>
+        <error-code>504</error-code>
+        <location>/carbon/errors/error_504.html</location>
+    </error-page>
+
+    <error-page>
+        <location>/carbon/errors/error.html</location>
+    </error-page>
+</web-app>
diff --git a/modules/broker/p2-profile/pom.xml b/modules/broker/p2-profile/pom.xml
index 66366263..938d31b6 100644
--- a/modules/broker/p2-profile/pom.xml
+++ b/modules/broker/p2-profile/pom.xml
@@ -103,9 +103,6 @@
                                 <featureArtifactDef>
                                     org.wso2.carbon.registry:org.wso2.carbon.registry.contentsearch.feature:${carbon.registry.version}
                                 </featureArtifactDef>
-                                <featureArtifactDef>
-                                    org.wso2.carbon.registry:org.wso2.carbon.registry.ui.menu.feature:${carbon.registry.version}
-                                </featureArtifactDef>
                                 <featureArtifactDef>
                                     org.wso2.carbon.registry:org.wso2.carbon.registry.resource.properties.feature:${carbon.registry.version}
                                 </featureArtifactDef>
@@ -119,7 +116,7 @@
                                     org.wso2.carbon.messaging:org.wso2.carbon.andes.feature:${carbon.messaging.version}
                                 </featureArtifactDef>
                                 <featureArtifactDef>
-                                    org.wso2.carbon.multitenancy:org.wso2.carbon.tenant.common.feature:${carbon.multitenancy.version}
+                                    org.wso2.carbon.multitenancy:org.wso2.carbon.tenant.common.server.feature:${carbon.multitenancy.version}
                                 </featureArtifactDef>
                                 <featureArtifactDef>
                                     org.wso2.carbon.commons:org.wso2.carbon.tenant.mgt.common.feature:${carbon.commons.version}
@@ -136,18 +133,12 @@
                                 <featureArtifactDef>
                                     org.wso2.carbon.identity:org.wso2.carbon.identity.authenticator.saml2.sso.server.feature:${identity.carbon.auth.saml2.version}
                                 </featureArtifactDef>
-                                <featureArtifactDef>
-                                    org.wso2.carbon.identity:org.wso2.carbon.identity.authenticator.saml2.sso.ui.feature:${identity.carbon.auth.saml2.version}
-                                </featureArtifactDef>
                                 <featureArtifactDef>
                                     org.wso2.carbon.identity:org.wso2.carbon.user.mgt.feature:${carbon.identity.framework.version}
                                 </featureArtifactDef>
                                 <featureArtifactDef>
                                     org.wso2.carbon.identity:org.wso2.carbon.identity.core.feature:${carbon.identity.framework.version}
                                 </featureArtifactDef>
-                                <featureArtifactDef>
-                                    org.wso2.carbon.identity:org.wso2.carbon.identity.core.ui.feature:${carbon.identity.framework.version}
-                                </featureArtifactDef>
                                 <!--carbon core features -->
                                 <featureArtifactDef>
                                     org.wso2.carbon:org.wso2.carbon.core.feature:${carbon.kernel.version}
@@ -161,13 +152,6 @@
                                 <featureArtifactDef>
                                     org.wso2.carbon.metrics:org.wso2.carbon.metrics.feature:${carbon.metrics.version}
                                 </featureArtifactDef>
-                                <!-- mb styles -->
-                                <featureArtifactDef>
-                                    org.wso2.mb:org.wso2.mb.styles.feature:${product.mb.version}
-                                </featureArtifactDef>
-                                <featureArtifactDef>
-                                    org.wso2.mb:org.wso2.stratos.mb.dashboard.ui.feature:${product.mb.version}
-                                </featureArtifactDef>
                                 <featureArtifactDef>
                                     org.wso2.ciphertool:org.wso2.ciphertool.feature:${cipher.tool.version}
                                 </featureArtifactDef>
@@ -232,10 +216,6 @@
                                     <id>org.wso2.carbon.registry.core.feature.group</id>
                                     <version>${carbon.registry.version}</version>
                                 </feature>
-                                <feature>
-                                    <id>org.wso2.carbon.registry.ui.menu.feature.group</id>
-                                    <version>${carbon.registry.version}</version>
-                                </feature>
                                 <feature>
                                     <id>org.wso2.carbon.registry.resource.properties.feature.group
                                     </id>
@@ -245,10 +225,6 @@
                                     <id>org.wso2.carbon.wsdl.tools.feature.group</id>
                                     <version>${carbon.commons.version}</version>
                                 </feature>
-                                <feature>
-                                    <id>org.wso2.carbon.registry.core.ui.feature.group</id>
-                                    <version>${carbon.registry.version}</version>
-                                </feature>
                                 <feature>
                                     <id>org.wso2.carbon.um.ws.service.feature.group</id>
                                     <version>${carbon.um.ws.version}</version>
@@ -264,7 +240,7 @@
                                 </feature>
                                 <!-- multitenancy feature groups -->
                                 <feature>
-                                    <id>org.wso2.carbon.tenant.common.feature.group</id>
+                                    <id>org.wso2.carbon.tenant.common.server.feature.group</id>
                                     <version>${carbon.multitenancy.version}</version>
                                 </feature>
                                 <feature>
@@ -281,12 +257,6 @@
                                     <id>org.wso2.carbon.tenant.throttling.agent.feature.group</id>
                                     <version>${carbon.multitenancy.version}</version>
                                 </feature>
-                                <feature>
-                                    <id>
-                                        org.wso2.carbon.identity.authenticator.saml2.sso.ui.feature.group
-                                    </id>
-                                    <version>${identity.carbon.auth.saml2.version}</version>
-                                </feature>
                                 <feature>
                                     <id>org.wso2.carbon.user.mgt.feature.group</id>
                                     <version>${carbon.identity.framework.version}</version>
@@ -295,10 +265,6 @@
                                     <id>org.wso2.carbon.identity.core.feature.group</id>
                                     <version>${carbon.identity.framework.version}</version>
                                 </feature>
-                                <feature>
-                                    <id>org.wso2.carbon.identity.core.ui.feature.group</id>
-                                    <version>${carbon.identity.framework.version}</version>
-                                </feature>
                                 <feature>
                                     <id>org.wso2.carbon.messaging.metrics.feature.group</id>
                                     <version>${carbon.messaging.version}</version>
@@ -307,15 +273,6 @@
                                     <id>org.wso2.carbon.metrics.feature.group</id>
                                     <version>${carbon.metrics.version}</version>
                                 </feature>
-                                <!-- mb style -->
-                                <feature>
-                                    <id>org.wso2.stratos.mb.dashboard.ui.feature.group</id>
-                                    <version>${product.mb.version}</version>
-                                </feature>
-                                <feature>
-                                    <id>org.wso2.mb.styles.feature.group</id>
-                                    <version>${product.mb.version}</version>
-                                </feature>
                                 <!--cipher tool-->
                                 <feature>
                                     <id>org.wso2.ciphertool.feature.group</id>
diff --git a/modules/core/distribution/src/repository/bin/wso2server.bat b/modules/core/distribution/src/repository/bin/wso2server.bat
index 9406db61..39cf7c63 100644
--- a/modules/core/distribution/src/repository/bin/wso2server.bat
+++ b/modules/core/distribution/src/repository/bin/wso2server.bat
@@ -162,7 +162,7 @@ set CARBON_CLASSPATH=.\lib;%CARBON_CLASSPATH%
 
 set JAVA_ENDORSED=".\lib\endorsed";"%JAVA_HOME%\jre\lib\endorsed";"%JAVA_HOME%\lib\endorsed"
 
-set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof"  -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf"  -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true
+set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof"  -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Core" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf"  -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8 -Dorg.wso2.ignoreHostnameVerification=true -Dorg.opensaml.httpclient.https.disableHostnameVerification=true
 
 :runJava
 echo JAVA_HOME environment variable is set to %JAVA_HOME%
diff --git a/modules/core/distribution/src/repository/bin/wso2server.sh b/modules/core/distribution/src/repository/bin/wso2server.sh
index b4b84fc9..65add0f6 100755
--- a/modules/core/distribution/src/repository/bin/wso2server.sh
+++ b/modules/core/distribution/src/repository/bin/wso2server.sh
@@ -306,6 +306,7 @@ do
     -Dcom.ibm.cacheLocalHost=true \
     -DworkerNode=false \
     -Dorg.wso2.ignoreHostnameVerification=true \
+    -Dorg.opensaml.httpclient.https.disableHostnameVerification=true \
     org.wso2.carbon.bootstrap.Bootstrap $*
     status=$?
 done
diff --git a/pom.xml b/pom.xml
index 295067b0..123e7de0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1274,36 +1274,16 @@
                 <artifactId>servlet-api</artifactId>
                 <version>${servlet-api.version}</version>
             </dependency>
-            <dependency>
-                <groupId>org.wso2.iot</groupId>
-                <artifactId>org.wso2.stratos.mb.dashboard.ui</artifactId>
-                <version>${product.iot.broker.version}</version>
-            </dependency>
             <dependency>
                 <groupId>org.wso2.carbon</groupId>
                 <artifactId>org.wso2.carbon.ui.menu.stratos</artifactId>
                 <version>${carbon.ui.menu.stratos.version}</version>
             </dependency>
-            <dependency>
-                <groupId>org.wso2.iot</groupId>
-                <artifactId>org.wso2.stratos.mb.deployment</artifactId>
-                <version>${product.iot.broker.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>org.wso2.iot</groupId>
-                <artifactId>org.wso2.stratos.mb.login.ui</artifactId>
-                <version>${product.iot.broker.version}</version>
-            </dependency>
             <dependency>
                 <groupId>org.wso2.iot</groupId>
                 <artifactId>org.wso2.iot.broker.styles</artifactId>
                 <version>${product.iot.broker.version}</version>
             </dependency>
-            <dependency>
-                <groupId>org.wso2.iot</groupId>
-                <artifactId>org.wso2.stratos.mb.styles</artifactId>
-                <version>${product.iot.broker.version}</version>
-            </dependency>
             <!--Dependencies for integration tests  -->
             <dependency>
                 <groupId>org.wso2.iot</groupId>
@@ -1516,13 +1496,13 @@
 
         <!-- Carbon Identity -->
         <carbon.identity.framework.version>5.2.0</carbon.identity.framework.version>
-        <carbon.identity.framework.version.iotcore>5.6.17</carbon.identity.framework.version.iotcore>
+        <carbon.identity.framework.version.iotcore>5.6.89</carbon.identity.framework.version.iotcore>
         <carbon.identity.framework.version.range>[5.2.0, 6.0.0)</carbon.identity.framework.version.range>
         <identity.local.auth.basicauth.version>5.1.1</identity.local.auth.basicauth.version>
         <identity.local.auth.basicauth.version.iotcore>5.2.2</identity.local.auth.basicauth.version.iotcore>
         <identity.inbound.auth.openid.version>5.1.1</identity.inbound.auth.openid.version>
         <identity.inbound.auth.saml.version>5.1.1</identity.inbound.auth.saml.version>
-        <identity.inbound.auth.saml.version.iotcore>5.2.7</identity.inbound.auth.saml.version.iotcore>
+        <identity.inbound.auth.saml.version.iotcore>5.2.14</identity.inbound.auth.saml.version.iotcore>
         <identity.carbon.auth.saml2.version>5.1.3</identity.carbon.auth.saml2.version>
         <identity.carbon.auth.saml2.version.iotcore>5.1.6</identity.carbon.auth.saml2.version.iotcore>
         <identity.inbound.auth.oauth.version>5.1.2</identity.inbound.auth.oauth.version>