diff --git a/README.md b/README.md
index 6bbcda7..8fe3afd 100644
--- a/README.md
+++ b/README.md
@@ -16,8 +16,8 @@ To start a Dev Keycloak instance that can show the pub.solar theme, you need to
     -e KEYCLOAK_ADMIN_PASSWORD=admin \
     -v $(pwd):/opt/keycloak/themes/pub.solar \
     -v $(pwd)/.dev-import:/opt/keycloak/data/import \
-    quay.io/keycloak/keycloak:23.0.6 \
-    start-dev --import-realm --features="declarative-user-profile"
+    quay.io/keycloak/keycloak:25.0.6 \
+    start-dev --import-realm
   ```
 
 3. After this, you can start and stop the container using `docker start keycloak-theme-dev` and `docker-stop keycloak-theme-dev`.
diff --git a/login/code.ftl b/login/code.ftl
index 6830fc4..bb0621d 100644
--- a/login/code.ftl
+++ b/login/code.ftl
@@ -4,7 +4,7 @@
         <#if code.success>
             ${msg("codeSuccessTitle")}
         <#else>
-            ${msg("codeErrorTitle", code.error)}
+            ${kcSanitize(msg("codeErrorTitle", code.error))}
         </#if>
     <#elseif section = "form">
         <div id="kc-code">
@@ -12,7 +12,7 @@
                 <p>${msg("copyCodeInstruction")}</p>
                 <input id="code" class="${properties.kcTextareaClass!}" value="${code.code}"/>
             <#else>
-                <p id="error">${code.error}</p>
+                <p id="error">${kcSanitize(code.error)}</p>
             </#if>
         </div>
     </#if>
diff --git a/login/delete-credential.ftl b/login/delete-credential.ftl
new file mode 100644
index 0000000..57f30e7
--- /dev/null
+++ b/login/delete-credential.ftl
@@ -0,0 +1,15 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout displayMessage=false; section>
+    <#if section = "header">
+        ${msg("deleteCredentialTitle", credentialLabel)}
+    <#elseif section = "form">
+    <div id="kc-delete-text">
+        ${msg("deleteCredentialMessage", credentialLabel)}
+    </div>
+    <form class="form-actions" action="${url.loginAction}" method="POST">
+        <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="accept" id="kc-accept" type="submit" value="${msg("doConfirmDelete")}"/>
+        <input class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="cancel-aia" value="${msg("doCancel")}" id="kc-decline" type="submit" />
+    </form>
+    <div class="clearfix"></div>
+    </#if>
+</@layout.registrationLayout>
diff --git a/login/info.ftl b/login/info.ftl
index 8da0cb7..d8cb648 100644
--- a/login/info.ftl
+++ b/login/info.ftl
@@ -2,13 +2,13 @@
 <@layout.registrationLayout displayMessage=false; section>
     <#if section = "header">
         <#if messageHeader??>
-        ${messageHeader}
+            ${kcSanitize(msg("${messageHeader}"))?no_esc}
         <#else>
         ${message.summary}
         </#if>
     <#elseif section = "form">
     <div id="kc-info-message">
-        <p class="instruction">${message.summary}<#if requiredActions??><#list requiredActions>: <b><#items as reqActionItem>${msg("requiredAction.${reqActionItem}")}<#sep>, </#items></b></#list><#else></#if></p>
+        <p class="instruction">${message.summary}<#if requiredActions??><#list requiredActions>: <b><#items as reqActionItem>${kcSanitize(msg("requiredAction.${reqActionItem}"))?no_esc}<#sep>, </#items></b></#list><#else></#if></p>
         <#if skipLink??>
         <#else>
             <#if pageRedirectUri?has_content>
diff --git a/login/login-idp-link-confirm-override.ftl b/login/login-idp-link-confirm-override.ftl
new file mode 100644
index 0000000..a5b3630
--- /dev/null
+++ b/login/login-idp-link-confirm-override.ftl
@@ -0,0 +1,12 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout; section>
+    <#if section = "header">
+        ${msg("confirmOverrideIdpTitle")}
+    <#elseif section = "form">
+        <form id="kc-register-form" action="${url.loginAction}" method="post">
+            ${msg("pageExpiredMsg1")} <a id="loginRestartLink" href="${url.loginRestartFlowUrl}">${msg("doClickHere")}</a>
+
+            <button type="submit" class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}" name="submitAction" id="confirmOverride" value="confirmOverride">${msg("confirmOverrideIdpContinue", idpDisplayName)}</button>
+        </form>
+    </#if>
+</@layout.registrationLayout>
diff --git a/login/login-otp.ftl b/login/login-otp.ftl
index b297ee0..a43778d 100644
--- a/login/login-otp.ftl
+++ b/login/login-otp.ftl
@@ -1,58 +1,58 @@
 <#import "template.ftl" as layout>
 <@layout.registrationLayout displayMessage=!messagesPerField.existsError('totp'); section>
-  <#if section="header">
-    ${msg("doLogIn")}
-  <#elseif section="form">
-    <form
-      id="kc-otp-login-form"
-      class="ps-container"
-      action="${url.loginAction}"
-      method="post"
-    >
-      <#if otpLogin.userOtpCredentials?size gt 1>
-        <div class="${properties.kcFormGroupClass!}">
-          <#list otpLogin.userOtpCredentials as otpCredential>
-            <input id="kc-otp-credential-${otpCredential?index}" class="${properties.kcLoginOTPListInputClass!}" type="radio" name="selectedCredentialId" value="${otpCredential.id}" <#if otpCredential.id == otpLogin.selectedCredentialId>checked="checked"</#if>>
-            <label for="kc-otp-credential-${otpCredential?index}" class="${properties.kcLoginOTPListClass!}" tabindex="${otpCredential?index}">
-              <span class="${properties.kcLoginOTPListItemHeaderClass!}">
-                <span class="${properties.kcLoginOTPListItemIconBodyClass!}">
-                  <i class="${properties.kcLoginOTPListItemIconClass!}" aria-hidden="true"></i>
-                </span>
-                <span class="${properties.kcLoginOTPListItemTitleClass!}">${otpCredential.userLabel}</span>
-              </span>
-            </label>
-          </#list>
+    <#if section="header">
+        ${msg("doLogIn")}
+    <#elseif section="form">
+        <form id="kc-otp-login-form" class="${properties.kcFormClass!}" action="${url.loginAction}"
+            method="post">
+            <#if otpLogin.userOtpCredentials?size gt 1>
+                <div class="${properties.kcFormGroupClass!}">
+                    <div class="${properties.kcInputWrapperClass!}">
+                        <#list otpLogin.userOtpCredentials as otpCredential>
+                            <input id="kc-otp-credential-${otpCredential?index}" class="${properties.kcLoginOTPListInputClass!}" type="radio" name="selectedCredentialId" value="${otpCredential.id}" <#if otpCredential.id == otpLogin.selectedCredentialId>checked="checked"</#if>>
+                            <label for="kc-otp-credential-${otpCredential?index}" class="${properties.kcLoginOTPListClass!}" tabindex="${otpCredential?index}">
+                                <span class="${properties.kcLoginOTPListItemHeaderClass!}">
+                                    <span class="${properties.kcLoginOTPListItemIconBodyClass!}">
+                                      <i class="${properties.kcLoginOTPListItemIconClass!}" aria-hidden="true"></i>
+                                    </span>
+                                    <span class="${properties.kcLoginOTPListItemTitleClass!}">${otpCredential.userLabel}</span>
+                                </span>
+                            </label>
+                        </#list>
+                    </div>
+                </div>
+            </#if>
+
+            <div class="${properties.kcFormGroupClass!}">
+                <div class="${properties.kcLabelWrapperClass!}">
+                    <label for="otp" class="${properties.kcLabelClass!}">${msg("loginOtpOneTime")}</label>
+                </div>
+
+            <div class="${properties.kcInputWrapperClass!}">
+                <input id="otp" name="otp" autocomplete="off" type="text" class="${properties.kcInputClass!}"
+                       autofocus aria-invalid="<#if messagesPerField.existsError('totp')>true</#if>"/>
+
+                <#if messagesPerField.existsError('totp')>
+                    <span id="input-error-otp-code" class="${properties.kcInputErrorMessageClass!}"
+                          aria-live="polite">
+                        ${kcSanitize(messagesPerField.get('totp'))?no_esc}
+                    </span>
+                </#if>
+            </div>
         </div>
-      </#if>
 
-      <div class="${properties.kcFormGroupClass!}">
-        <label for="otp" class="${properties.kcLabelClass!}">${msg("loginOtpOneTime")}</label>
+            <div class="${properties.kcFormGroupClass!}">
+                <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
+                    <div class="${properties.kcFormOptionsWrapperClass!}">
+                    </div>
+                </div>
 
-        <input
-          id="otp"
-          name="otp"
-          autocomplete="off"
-          type="text"
-          class="${properties.kcInputClass!}"
-          autofocus aria-invalid="<#if messagesPerField.existsError('totp')>true</#if>"
-        />
-
-        <#if messagesPerField.existsError('totp')>
-          <span id="input-error-otp-code" class="${properties.kcInputErrorMessageClass!}"
-              aria-live="polite">
-            ${kcSanitize(messagesPerField.get('totp'))?no_esc}
-          </span>
-        </#if>
-      </div>
-
-      <div class="${properties.kcFormGroupClass!}">
-        <button
-          class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
-          name="login"
-          id="kc-login"
-          type="submit"
-        >${msg("doLogIn")}</button>
-      </div>
-    </form>
-  </#if>
-</@layout.registrationLayout>
+                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
+                    <input
+                        class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
+                        name="login" id="kc-login" type="submit" value="${msg("doLogIn")}" />
+                </div>
+            </div>
+        </form>
+    </#if>
+</@layout.registrationLayout>
\ No newline at end of file
diff --git a/login/login-passkeys-conditional-authenticate.ftl b/login/login-passkeys-conditional-authenticate.ftl
new file mode 100644
index 0000000..81be113
--- /dev/null
+++ b/login/login-passkeys-conditional-authenticate.ftl
@@ -0,0 +1,143 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout displayInfo=(realm.registrationAllowed && !registrationDisabled??); section>
+    <#if section = "title">
+     title
+    <#elseif section = "header">
+        ${kcSanitize(msg("passkey-login-title"))?no_esc}
+    <#elseif section = "form">
+        <form id="webauth" action="${url.loginAction}" method="post">
+            <input type="hidden" id="clientDataJSON" name="clientDataJSON"/>
+            <input type="hidden" id="authenticatorData" name="authenticatorData"/>
+            <input type="hidden" id="signature" name="signature"/>
+            <input type="hidden" id="credentialId" name="credentialId"/>
+            <input type="hidden" id="userHandle" name="userHandle"/>
+            <input type="hidden" id="error" name="error"/>
+        </form>
+
+        <div class="${properties.kcFormGroupClass!} no-bottom-margin">
+            <#if authenticators??>
+                <form id="authn_select" class="${properties.kcFormClass!}">
+                    <#list authenticators.authenticators as authenticator>
+                        <input type="hidden" name="authn_use_chk" value="${authenticator.credentialId}"/>
+                    </#list>
+                </form>
+
+                <#if shouldDisplayAuthenticators?? && shouldDisplayAuthenticators>
+                    <#if authenticators.authenticators?size gt 1>
+                        <p class="${properties.kcSelectAuthListItemTitle!}">${kcSanitize(msg("passkey-available-authenticators"))?no_esc}</p>
+                    </#if>
+
+                    <div class="${properties.kcFormClass!}">
+                        <#list authenticators.authenticators as authenticator>
+                            <div id="kc-webauthn-authenticator-item-${authenticator?index}" class="${properties.kcSelectAuthListItemClass!}">
+                                <div class="${properties.kcSelectAuthListItemIconClass!}">
+                                    <i class="${(properties['${authenticator.transports.iconClass}'])!'${properties.kcWebAuthnDefaultIcon!}'} ${properties.kcSelectAuthListItemIconPropertyClass!}"></i>
+                                </div>
+                                <div class="${properties.kcSelectAuthListItemBodyClass!}">
+                                    <div id="kc-webauthn-authenticator-label-${authenticator?index}"
+                                         class="${properties.kcSelectAuthListItemHeadingClass!}">
+                                        ${kcSanitize(msg('${authenticator.label}'))?no_esc}
+                                    </div>
+
+                                    <#if authenticator.transports?? && authenticator.transports.displayNameProperties?has_content>
+                                        <div id="kc-webauthn-authenticator-transport-${authenticator?index}"
+                                            class="${properties.kcSelectAuthListItemDescriptionClass!}">
+                                            <#list authenticator.transports.displayNameProperties as nameProperty>
+                                                <span>${kcSanitize(msg('${nameProperty!}'))?no_esc}</span>
+                                                <#if nameProperty?has_next>
+                                                    <span>, </span>
+                                                </#if>
+                                            </#list>
+                                        </div>
+                                    </#if>
+
+                                    <div class="${properties.kcSelectAuthListItemDescriptionClass!}">
+                                        <span id="kc-webauthn-authenticator-createdlabel-${authenticator?index}">
+                                            ${kcSanitize(msg('passkey-createdAt-label'))?no_esc}
+                                        </span>
+                                        <span id="kc-webauthn-authenticator-created-${authenticator?index}">
+                                            ${kcSanitize(authenticator.createdAt)?no_esc}
+                                        </span>
+                                    </div>
+                                </div>
+                                <div class="${properties.kcSelectAuthListItemFillClass!}"></div>
+                            </div>
+                        </#list>
+                    </div>
+                </#if>
+            </#if>
+
+            <div id="kc-form">
+                <div id="kc-form-wrapper">
+                    <#if realm.password>
+                        <form id="kc-form-login" onsubmit="login.disabled = true; return true;" action="${url.loginAction}" method="post" style="display:none">
+                            <#if !usernameHidden??>
+                                <div class="${properties.kcFormGroupClass!}">
+                                    <label for="username" class="${properties.kcLabelClass!}">${msg("passkey-autofill-select")}</label>
+                                    <input tabindex="1" id="username"
+                                        aria-invalid="<#if messagesPerField.existsError('username')>true</#if>"
+                                        class="${properties.kcInputClass!}" name="username"
+                                        value="${(login.username!'')}"
+                                        autocomplete="username webauthn"
+                                        type="text" autofocus autocomplete="off"/>
+                                    <#if messagesPerField.existsError('username')>
+                                        <span id="input-error-username" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                                            ${kcSanitize(messagesPerField.get('username'))?no_esc}
+                                        </span>
+                                    </#if>
+                                </div>
+                            </#if>
+                        </form>
+                    </#if>
+                    <div id="kc-form-passkey-button" class="${properties.kcFormButtonsClass!}" style="display:none">
+                        <input id="authenticateWebAuthnButton" type="button" onclick="doAuthenticate([], "${rpId}", "${challenge}", ${isUserIdentified}, ${createTimeout}, "${userVerification}", "${msg("passkey-unsupported-browser-text")?no_esc}")" autofocus="autofocus"
+                            value="${kcSanitize(msg("passkey-doAuthenticate"))}"
+                            class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"/>
+                    </div>
+                    <div id="kc-form-passkey-button" class="${properties.kcFormButtonsClass!}" style="display:none">
+                        <input id="authenticateWebAuthnButton" type="button" autofocus="autofocus"
+                            value="${kcSanitize(msg("passkey-doAuthenticate"))}"
+                            class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"/>
+                    </div>
+                </div>
+            </div>
+        </div>
+
+        <script type="module">
+            import { authenticateByWebAuthn } from "${url.resourcesPath}/js/webauthnAuthenticate.js";
+            import { initAuthenticate } from "${url.resourcesPath}/js/passkeysConditionalAuth.js";
+
+            const authButton = document.getElementById('authenticateWebAuthnButton');
+            const input = {
+                isUserIdentified : ${isUserIdentified},
+                challenge : '${challenge}',
+                userVerification : '${userVerification}',
+                rpId : '${rpId}',
+                createTimeout : ${createTimeout},
+                errmsg : "${msg("webauthn-unsupported-browser-text")?no_esc}"
+            };
+            authButton.addEventListener("click", () => {
+                authenticateByWebAuthn(input);
+            });
+
+            const args = {
+                isUserIdentified : ${isUserIdentified},
+                challenge : '${challenge}',
+                userVerification : '${userVerification}',
+                rpId : '${rpId}',
+                createTimeout : ${createTimeout},
+                errmsg : "${msg("passkey-unsupported-browser-text")?no_esc}"
+            };
+
+            document.addEventListener("DOMContentLoaded", (event) => initAuthenticate(args));
+        </script>
+
+    <#elseif section = "info">
+        <#if realm.registrationAllowed && !registrationDisabled??>
+            <div id="kc-registration">
+                <span>${msg("noAccount")} <a tabindex="6" href="${url.registrationUrl}">${msg("doRegister")}</a></span>
+            </div>
+        </#if>
+    </#if>
+
+</@layout.registrationLayout>
diff --git a/login/login-password.ftl b/login/login-password.ftl
index dc60ed1..aa984b1 100644
--- a/login/login-password.ftl
+++ b/login/login-password.ftl
@@ -1,55 +1,52 @@
 <#import "template.ftl" as layout>
 <@layout.registrationLayout displayMessage=!messagesPerField.existsError('password'); section>
-  <#if section = "header">
-    ${msg("doLogIn")}
-  <#elseif section = "form">
-        <form
-          id="kc-form-login"
-          class="ps-container"
-          onsubmit="login.disabled = true; return true;"
-          action="${url.loginAction}"
-          method="post"
-        >
-          <div class="${properties.kcFormGroupClass!}">
-            <label for="password" class="${properties.kcLabelClass!}">${msg("password")}</label>
-            <input
-              tabindex="2"
-              id="password"
-              class="${properties.kcInputClass!}"
-              name="password"
-              type="password"
-              autocomplete="on"
-              autofocus
-              aria-invalid="<#if messagesPerField.existsError('password')>true</#if>"
-            />
-            <#if messagesPerField.existsError('password')>
-              <span id="input-error-password" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-                ${kcSanitize(messagesPerField.get('password'))?no_esc}
-              </span>
-            </#if>
-          </div>
+    <#if section = "header">
+        ${msg("doLogIn")}
+    <#elseif section = "form">
+        <div id="kc-form">
+            <div id="kc-form-wrapper">
+                <form id="kc-form-login" onsubmit="login.disabled = true; return true;" action="${url.loginAction}"
+                      method="post">
+                    <div class="${properties.kcFormGroupClass!} no-bottom-margin">
+                        <hr/>
+                        <label for="password" class="${properties.kcLabelClass!}">${msg("password")}</label>
+                        <div class="${properties.kcInputGroup!}">
+                            <input tabindex="2" id="password" class="${properties.kcInputClass!}" name="password"
+                                   type="password" autocomplete="on" autofocus
+                                   aria-invalid="<#if messagesPerField.existsError('password')>true</#if>"
+                            />
+                            <button class="${properties.kcFormPasswordVisibilityButtonClass!}" type="button" aria-label="${msg('showPassword')}"
+                                    aria-controls="password"  data-password-toggle
+                                    data-icon-show="${properties.kcFormPasswordVisibilityIconShow!}" data-icon-hide="${properties.kcFormPasswordVisibilityIconHide!}"
+                                    data-label-show="${msg('showPassword')}" data-label-hide="${msg('hidePassword')}">
+                                <i class="${properties.kcFormPasswordVisibilityIconShow!}" aria-hidden="true"></i>
+                            </button>
+                        </div>
+                        <#if messagesPerField.existsError('password')>
+                            <span id="input-error-password" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                                ${kcSanitize(messagesPerField.get('password'))?no_esc}
+                            </span>
+                        </#if>
+                    </div>
 
-          <div class="${properties.kcFormGroupClass!} ${properties.kcFormSettingClass!}">
-            <#if realm.resetPasswordAllowed>
-              <span><a tabindex="5"
-                   href="${url.loginResetCredentialsUrl}">${msg("doForgotPassword")}</a></span>
-            </#if>
-          </div>
+                    <div class="${properties.kcFormGroupClass!} ${properties.kcFormSettingClass!}">
+                        <div id="kc-form-options">
+                        </div>
+                        <div class="${properties.kcFormOptionsWrapperClass!}">
+                            <#if realm.resetPasswordAllowed>
+                                <span><a tabindex="5"
+                                         href="${url.loginResetCredentialsUrl}">${msg("doForgotPassword")}</a></span>
+                            </#if>
+                        </div>
+                    </div>
 
-          <div id="kc-form-buttons" class="${properties.kcFormGroupClass!}">
-            <button
-              tabindex="4"
-              class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
-              name="login"
-              id="kc-login"
-              type="submit"
-            >
-              ${msg("doLogIn")}
-            </button>
-          </div>
-      </form>
-    </div>
-    </div>
-  </#if>
+                    <div id="kc-form-buttons" class="${properties.kcFormGroupClass!}">
+                        <input tabindex="4" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}" name="login" id="kc-login" type="submit" value="${msg("doLogIn")}"/>
+                    </div>
+                </form>
+            </div>
+        </div>
+        <script type="module" src="${url.resourcesPath}/js/passwordVisibility.js"></script>
+    </#if>
 
 </@layout.registrationLayout>
diff --git a/login/login-recovery-authn-code-config.ftl b/login/login-recovery-authn-code-config.ftl
index ef81710..c664fc7 100644
--- a/login/login-recovery-authn-code-config.ftl
+++ b/login/login-recovery-authn-code-config.ftl
@@ -6,7 +6,7 @@
     ${msg("recovery-code-config-header")}
 <#elseif section = "form">
     <!-- warning -->
-    <div class="pf-c-alert pf-m-warning pf-m-inline ${properties.kcRecoveryCodesWarning}" aria-label="Warning alert">
+    <div class="pf-c-alert pf-m-warning pf-m-inline ${properties.kcRecoveryCodesWarning!}" aria-label="Warning alert">
         <div class="pf-c-alert__icon">
             <i class="pficon-warning-triangle-o" aria-hidden="true"></i>
         </div>
@@ -26,7 +26,7 @@
     </ol>
 
     <!-- actions -->
-    <div class="${properties.kcRecoveryCodesActions}">
+    <div class="${properties.kcRecoveryCodesActions!}">
         <button id="printRecoveryCodes" class="pf-c-button pf-m-link" type="button">
             <i class="pficon-print"></i> ${msg("recovery-codes-print")}
         </button>
@@ -40,7 +40,7 @@
 
     <!-- confirmation checkbox -->
     <div class="${properties.kcFormOptionsClass!}">
-        <input class="${properties.kcCheckInputClass}" type="checkbox" id="kcRecoveryCodesConfirmationCheck" name="kcRecoveryCodesConfirmationCheck" 
+        <input class="${properties.kcCheckInputClass!}" type="checkbox" id="kcRecoveryCodesConfirmationCheck" name="kcRecoveryCodesConfirmationCheck"
         onchange="document.getElementById('saveRecoveryAuthnCodesBtn').disabled = !this.checked;"
         />
         <label for="kcRecoveryCodesConfirmationCheck">${msg("recovery-codes-confirmation-message")}</label>
@@ -75,7 +75,7 @@
         /* copy recovery codes  */
         function copyRecoveryCodes() {
             var tmpTextarea = document.createElement("textarea");
-            var codes = document.getElementById("kc-recovery-codes-list").getElementsByTagName("li");
+            var codes = document.querySelectorAll("#kc-recovery-codes-list li");
             for (i = 0; i < codes.length; i++) {
                 tmpTextarea.value = tmpTextarea.value + codes[i].innerText + "\n";
             }
@@ -106,7 +106,7 @@
         }
 
         function parseRecoveryCodeList() {
-            var recoveryCodes = document.querySelectorAll(".kc-recovery-codes-list li");
+            var recoveryCodes = document.querySelectorAll("#kc-recovery-codes-list li");
             var recoveryCodeList = "";
 
             for (var i = 0; i < recoveryCodes.length; i++) {
@@ -160,7 +160,7 @@
                 `@page { size: auto;  margin-top: 0; }
                 body { width: 480px; }
                 div { list-style-type: none; font-family: monospace }
-                p:first-of-type { margin-top: 48px }`
+                p:first-of-type { margin-top: 48px }`;
 
             return printFileContent =
                 "<html><style>" + styles + "</style><body>" +
diff --git a/login/login-recovery-authn-code-input.ftl b/login/login-recovery-authn-code-input.ftl
index f6cad67..8d67d43 100644
--- a/login/login-recovery-authn-code-input.ftl
+++ b/login/login-recovery-authn-code-input.ftl
@@ -1,5 +1,5 @@
 <#import "template.ftl" as layout>
-<@layout.registrationLayout; section>
+<@layout.registrationLayout displayMessage=!messagesPerField.existsError('recoveryCodeInput'); section>
 
     <#if section = "header">
         ${msg("auth-recovery-code-header")}
@@ -11,7 +11,19 @@
                 </div>
 
                 <div class="${properties.kcInputWrapperClass!}">
-                    <input id="recoveryCodeInput" name="recoveryCodeInput" autocomplete="off" type="text" class="${properties.kcInputClass!}" autofocus/>
+                    <input tabindex="1" id="recoveryCodeInput"
+                           name="recoveryCodeInput"
+                           aria-invalid="<#if messagesPerField.existsError('recoveryCodeInput')>true</#if>"
+                           autocomplete="off"
+                           type="text"
+                           class="${properties.kcInputClass!}"
+                           autofocus/>
+
+                    <#if messagesPerField.existsError('recoveryCodeInput')>
+                        <span id="input-error" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                            ${kcSanitize(messagesPerField.get('recoveryCodeInput'))?no_esc}
+                        </span>
+                    </#if>
                 </div>
             </div>
 
diff --git a/login/login-reset-otp.ftl b/login/login-reset-otp.ftl
new file mode 100644
index 0000000..d8fc580
--- /dev/null
+++ b/login/login-reset-otp.ftl
@@ -0,0 +1,33 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout displayMessage=!messagesPerField.existsError('totp'); section>
+    <#if section="header">
+        ${msg("doLogIn")}
+    <#elseif section="form">
+        <form id="kc-otp-reset-form" class="${properties.kcFormClass!}" action="${url.loginAction}"
+              method="post">
+            <div class="${properties.kcFormGroupClass!}">
+                <div class="${properties.kcInputWrapperClass!}">
+                    <p id="kc-otp-reset-form-description">${msg("otp-reset-description")}</p>
+
+                    <#list configuredOtpCredentials.userOtpCredentials as otpCredential>
+                        <input id="kc-otp-credential-${otpCredential?index}" class="${properties.kcLoginOTPListInputClass!}" type="radio" name="selectedCredentialId" value="${otpCredential.id}" <#if otpCredential.id == configuredOtpCredentials.selectedCredentialId>checked="checked"</#if>>
+                        <label for="kc-otp-credential-${otpCredential?index}" class="${properties.kcLoginOTPListClass!}" tabindex="${otpCredential?index}">
+                                    <span class="${properties.kcLoginOTPListItemHeaderClass!}">
+                                        <span class="${properties.kcLoginOTPListItemIconBodyClass!}">
+                                          <i class="${properties.kcLoginOTPListItemIconClass!}" aria-hidden="true"></i>
+                                        </span>
+                                        <span class="${properties.kcLoginOTPListItemTitleClass!}">${otpCredential.userLabel}</span>
+                                    </span>
+                        </label>
+                    </#list>
+
+                    <div class="${properties.kcFormGroupClass!}">
+                        <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
+                            <input id="kc-otp-reset-form-submit" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}"/>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </form>
+    </#if>
+</@layout.registrationLayout>
diff --git a/login/login-reset-password.ftl b/login/login-reset-password.ftl
index 518e3e6..800faea 100644
--- a/login/login-reset-password.ftl
+++ b/login/login-reset-password.ftl
@@ -1,50 +1,39 @@
 <#import "template.ftl" as layout>
 <@layout.registrationLayout displayInfo=true displayMessage=!messagesPerField.existsError('username'); section>
-  <#if section = "header">
-    ${msg("emailForgotTitle")}
-  <#elseif section = "info" >
-    <#if realm.duplicateEmailsAllowed>
-      ${msg("emailInstructionUsername")}
-    <#else>
-      ${msg("emailInstruction")}
-    </#if>
-  <#elseif section = "form">
-    <form id="kc-reset-password-form" class="ps-container" action="${url.loginAction}" method="post">
-      <div class="${properties.kcFormGroupClass!}">
-        <label
-          for="username"
-          class="${properties.kcLabelClass!}"
-        >
-          <#if !realm.loginWithEmailAllowed>${msg("username")}<#elseif !realm.registrationEmailAsUsername>${msg("usernameOrEmail")}<#else>${msg("email")}</#if>
-        </label>
-        <input
-          type="text"
-          id="username"
-          name="username"
-          class="${properties.kcInputClass!}"
-          autofocus
-          value="${(auth.attemptedUsername!'')}"
-          aria-invalid="<#if messagesPerField.existsError('username')>true</#if>"
-        />
-        <#if messagesPerField.existsError('username')>
-          <span id="input-error-username" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-            ${kcSanitize(messagesPerField.get('username'))?no_esc}
-          </span>
-        </#if>
-      </div>
-      <div class="${properties.kcFormGroupClass!} ${properties.kcFormSettingClass!}">
-        <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
-          <button
-            class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
-          >${msg("doSubmit")}</button>
-        </div>
-      </div>
+    <#if section = "header">
+        ${msg("emailForgotTitle")}
+    <#elseif section = "form">
+        <form id="kc-reset-password-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
+            <div class="${properties.kcFormGroupClass!}">
+                <div class="${properties.kcLabelWrapperClass!}">
+                    <label for="username" class="${properties.kcLabelClass!}"><#if !realm.loginWithEmailAllowed>${msg("username")}<#elseif !realm.registrationEmailAsUsername>${msg("usernameOrEmail")}<#else>${msg("email")}</#if></label>
+                </div>
+                <div class="${properties.kcInputWrapperClass!}">
+                    <input type="text" id="username" name="username" class="${properties.kcInputClass!}" autofocus value="${(auth.attemptedUsername!'')}" aria-invalid="<#if messagesPerField.existsError('username')>true</#if>"/>
+                    <#if messagesPerField.existsError('username')>
+                        <span id="input-error-username" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                                    ${kcSanitize(messagesPerField.get('username'))?no_esc}
+                        </span>
+                    </#if>
+                </div>
+            </div>
+            <div class="${properties.kcFormGroupClass!} ${properties.kcFormSettingClass!}">
+                <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
+                    <div class="${properties.kcFormOptionsWrapperClass!}">
+                        <span><a href="${url.loginUrl}">${kcSanitize(msg("backToLogin"))?no_esc}</a></span>
+                    </div>
+                </div>
 
-      <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
-        <div class="${properties.kcFormOptionsWrapperClass!}">
-          <span><a href="${url.loginUrl}">${kcSanitize(msg("backToLogin"))?no_esc}</a></span>
-        </div>
-      </div>
-    </form>
-  </#if>
+                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
+                    <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}"/>
+                </div>
+            </div>
+        </form>
+    <#elseif section = "info" >
+        <#if realm.duplicateEmailsAllowed>
+            ${msg("emailInstructionUsername")}
+        <#else>
+            ${msg("emailInstruction")}
+        </#if>
+    </#if>
 </@layout.registrationLayout>
diff --git a/login/login-update-password.ftl b/login/login-update-password.ftl
index a61efc2..f6414ec 100644
--- a/login/login-update-password.ftl
+++ b/login/login-update-password.ftl
@@ -5,19 +5,23 @@
         ${msg("updatePasswordTitle")}
     <#elseif section = "form">
         <form id="kc-passwd-update-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
-            <input type="text" id="username" name="username" value="${username}" autocomplete="username"
-                   readonly="readonly" style="display:none;"/>
-            <input type="password" id="password" name="password" autocomplete="current-password" style="display:none;"/>
-
             <div class="${properties.kcFormGroupClass!}">
                 <div class="${properties.kcLabelWrapperClass!}">
                     <label for="password-new" class="${properties.kcLabelClass!}">${msg("passwordNew")}</label>
                 </div>
                 <div class="${properties.kcInputWrapperClass!}">
-                    <input type="password" id="password-new" name="password-new" class="${properties.kcInputClass!}"
-                           autofocus autocomplete="new-password"
-                           aria-invalid="<#if messagesPerField.existsError('password','password-confirm')>true</#if>"
-                    />
+                    <div class="${properties.kcInputGroup!}">
+                        <input type="password" id="password-new" name="password-new" class="${properties.kcInputClass!}"
+                               autofocus autocomplete="new-password"
+                               aria-invalid="<#if messagesPerField.existsError('password','password-confirm')>true</#if>"
+                        />
+                        <button class="${properties.kcFormPasswordVisibilityButtonClass!}" type="button" aria-label="${msg('showPassword')}"
+                                aria-controls="password-new"  data-password-toggle
+                                data-icon-show="${properties.kcFormPasswordVisibilityIconShow!}" data-icon-hide="${properties.kcFormPasswordVisibilityIconHide!}"
+                                data-label-show="${msg('showPassword')}" data-label-hide="${msg('hidePassword')}">
+                            <i class="${properties.kcFormPasswordVisibilityIconShow!}" aria-hidden="true"></i>
+                        </button>
+                    </div>
 
                     <#if messagesPerField.existsError('password')>
                         <span id="input-error-password" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
@@ -32,11 +36,19 @@
                     <label for="password-confirm" class="${properties.kcLabelClass!}">${msg("passwordConfirm")}</label>
                 </div>
                 <div class="${properties.kcInputWrapperClass!}">
-                    <input type="password" id="password-confirm" name="password-confirm"
-                           class="${properties.kcInputClass!}"
-                           autocomplete="new-password"
-                           aria-invalid="<#if messagesPerField.existsError('password-confirm')>true</#if>"
-                    />
+                    <div class="${properties.kcInputGroup!}">
+                        <input type="password" id="password-confirm" name="password-confirm"
+                               class="${properties.kcInputClass!}"
+                               autocomplete="new-password"
+                               aria-invalid="<#if messagesPerField.existsError('password-confirm')>true</#if>"
+                        />
+                        <button class="${properties.kcFormPasswordVisibilityButtonClass!}" type="button" aria-label="${msg('showPassword')}"
+                                aria-controls="password-confirm"  data-password-toggle
+                                data-icon-show="${properties.kcFormPasswordVisibilityIconShow!}" data-icon-hide="${properties.kcFormPasswordVisibilityIconHide!}"
+                                data-label-show="${msg('showPassword')}" data-label-hide="${msg('hidePassword')}">
+                            <i class="${properties.kcFormPasswordVisibilityIconShow!}" aria-hidden="true"></i>
+                        </button>
+                    </div>
 
                     <#if messagesPerField.existsError('password-confirm')>
                         <span id="input-error-password-confirm" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
@@ -60,5 +72,6 @@
                 </div>
             </div>
         </form>
+        <script type="module" src="${url.resourcesPath}/js/passwordVisibility.js"></script>
     </#if>
 </@layout.registrationLayout>
diff --git a/login/login-update-profile.ftl b/login/login-update-profile.ftl
index be579b0..e09f5c3 100644
--- a/login/login-update-profile.ftl
+++ b/login/login-update-profile.ftl
@@ -1,83 +1,12 @@
 <#import "template.ftl" as layout>
-<@layout.registrationLayout displayMessage=!messagesPerField.existsError('username','email','firstName','lastName'); section>
+<#import "user-profile-commons.ftl" as userProfileCommons>
+<@layout.registrationLayout displayMessage=messagesPerField.exists('global') displayRequiredFields=true; section>
     <#if section = "header">
         ${msg("loginProfileTitle")}
     <#elseif section = "form">
         <form id="kc-update-profile-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
-            <#if user.editUsernameAllowed>
-                <div class="${properties.kcFormGroupClass!}">
-                    <div class="${properties.kcLabelWrapperClass!}">
-                        <label for="username" class="${properties.kcLabelClass!}">${msg("username")}</label>
-                    </div>
-                    <div class="${properties.kcInputWrapperClass!}">
-                        <input type="text" id="username" name="username" value="${(user.username!'')}"
-                               class="${properties.kcInputClass!}"
-                               aria-invalid="<#if messagesPerField.existsError('username')>true</#if>"
-                        />
 
-                        <#if messagesPerField.existsError('username')>
-                            <span id="input-error-username" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-                                ${kcSanitize(messagesPerField.get('username'))?no_esc}
-                            </span>
-                        </#if>
-                    </div>
-                </div>
-            </#if>
-            <#if user.editEmailAllowed>
-                <div class="${properties.kcFormGroupClass!}">
-                    <div class="${properties.kcLabelWrapperClass!}">
-                        <label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
-                    </div>
-                    <div class="${properties.kcInputWrapperClass!}">
-                        <input type="text" id="email" name="email" value="${(user.email!'')}"
-                               class="${properties.kcInputClass!}"
-                               aria-invalid="<#if messagesPerField.existsError('email')>true</#if>"
-                        />
-
-                        <#if messagesPerField.existsError('email')>
-                            <span id="input-error-email" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-                                ${kcSanitize(messagesPerField.get('email'))?no_esc}
-                            </span>
-                        </#if>
-                    </div>
-                </div>
-            </#if>
-
-            <div class="${properties.kcFormGroupClass!}">
-                <div class="${properties.kcLabelWrapperClass!}">
-                    <label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
-                </div>
-                <div class="${properties.kcInputWrapperClass!}">
-                    <input type="text" id="firstName" name="firstName" value="${(user.firstName!'')}"
-                           class="${properties.kcInputClass!}"
-                           aria-invalid="<#if messagesPerField.existsError('firstName')>true</#if>"
-                    />
-
-                    <#if messagesPerField.existsError('firstName')>
-                        <span id="input-error-firstname" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-                            ${kcSanitize(messagesPerField.get('firstName'))?no_esc}
-                        </span>
-                    </#if>
-                </div>
-            </div>
-
-            <div class="${properties.kcFormGroupClass!}">
-                <div class="${properties.kcLabelWrapperClass!}">
-                    <label for="lastName" class="${properties.kcLabelClass!}">${msg("lastName")}</label>
-                </div>
-                <div class="${properties.kcInputWrapperClass!}">
-                    <input type="text" id="lastName" name="lastName" value="${(user.lastName!'')}"
-                           class="${properties.kcInputClass!}"
-                           aria-invalid="<#if messagesPerField.existsError('lastName')>true</#if>"
-                    />
-
-                    <#if messagesPerField.existsError('lastName')>
-                        <span id="input-error-lastname" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-                            ${kcSanitize(messagesPerField.get('lastName'))?no_esc}
-                        </span>
-                    </#if>
-                </div>
-            </div>
+            <@userProfileCommons.userProfileFormFields/>
 
             <div class="${properties.kcFormGroupClass!}">
                 <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
@@ -87,13 +16,13 @@
 
                 <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
                     <#if isAppInitiatedAction??>
-                    <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}" />
-                    <button class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" type="submit" name="cancel-aia" value="true" />${msg("doCancel")}</button>
+                        <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}" />
+                        <button class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" type="submit" name="cancel-aia" value="true" formnovalidate/>${msg("doCancel")}</button>
                     <#else>
-                    <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}" />
+                        <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doSubmit")}" />
                     </#if>
                 </div>
             </div>
         </form>
     </#if>
-</@layout.registrationLayout>
+</@layout.registrationLayout>
\ No newline at end of file
diff --git a/login/login-username.ftl b/login/login-username.ftl
index a4f9760..4e0d312 100644
--- a/login/login-username.ftl
+++ b/login/login-username.ftl
@@ -1,111 +1,87 @@
 <#import "template.ftl" as layout>
 <@layout.registrationLayout displayMessage=!messagesPerField.existsError('username') displayInfo=(realm.password && realm.registrationAllowed && !registrationDisabled??); section>
-  <#if section = "header">
-    ${msg("loginAccountTitle")}
-  <#elseif section = "form">
-    <#if realm.password>
-      <form
-        id="kc-form-login"
-        onsubmit="login.disabled = true; return true;"
-        action="${url.loginAction}"
-        method="post"
-        class="ps-container"
-      >
-        <#if !usernameHidden??>
-          <div class="${properties.kcFormGroupClass!}">
-            <label
-              for="username"
-              class="${properties.kcLabelClass!}"
-            >
-              <#if !realm.loginWithEmailAllowed>${msg("username")}<#elseif !realm.registrationEmailAsUsername>${msg("usernameOrEmail")}<#else>${msg("email")}</#if>
-            </label>
+    <#if section = "header">
+        ${msg("loginAccountTitle")}
+    <#elseif section = "form">
+        <div id="kc-form">
+            <div id="kc-form-wrapper">
+                <#if realm.password>
+                    <form id="kc-form-login" onsubmit="login.disabled = true; return true;" action="${url.loginAction}"
+                          method="post">
+                        <#if !usernameHidden??>
+                            <div class="${properties.kcFormGroupClass!}">
+                                <label for="username"
+                                       class="${properties.kcLabelClass!}"><#if !realm.loginWithEmailAllowed>${msg("username")}<#elseif !realm.registrationEmailAsUsername>${msg("usernameOrEmail")}<#else>${msg("email")}</#if></label>
 
-            <input
-              tabindex="1"
-              id="username"
-              aria-invalid="<#if messagesPerField.existsError('username')>true</#if>"
-              class="${properties.kcInputClass!}"
-              name="username"
-              value="${(login.username!'')}"
-              type="text"
-              autofocus
-              autocomplete="off"
-            />
+                                <input tabindex="1" id="username"
+                                       aria-invalid="<#if messagesPerField.existsError('username')>true</#if>"
+                                       class="${properties.kcInputClass!}" name="username"
+                                       value="${(login.username!'')}"
+                                       type="text" autofocus autocomplete="off"/>
 
-            <#if messagesPerField.existsError('username')>
-              <span id="input-error-username" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-                ${kcSanitize(messagesPerField.get('username'))?no_esc}
-              </span>
-            </#if>
-          </div>
-        </#if>
+                                <#if messagesPerField.existsError('username')>
+                                    <span id="input-error-username" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                                        ${kcSanitize(messagesPerField.get('username'))?no_esc}
+                                    </span>
+                                </#if>
+                            </div>
+                        </#if>
 
-        <#if realm.rememberMe && !usernameHidden??>
-          <div class="${properties.kcFormGroupClass!} ${properties.kcFormSettingClass!}">
-            <div id="kc-form-options">
-              <div class="checkbox">
-                <label>
-                  <#if login.rememberMe??>
-                    <input
-                      tabindex="3"
-                      id="rememberMe"
-                      name="rememberMe"
-                      type="checkbox"
-                      checked
-                    /> ${msg("rememberMe")}
-                  <#else>
-                    <input
-                      tabindex="3"
-                      id="rememberMe"
-                      name="rememberMe"
-                      type="checkbox"
-                    /> ${msg("rememberMe")}
-                  </#if>
-                </label>
-              </div>
+                        <div class="${properties.kcFormGroupClass!} ${properties.kcFormSettingClass!}">
+                            <div id="kc-form-options">
+                                <#if realm.rememberMe && !usernameHidden??>
+                                    <div class="checkbox">
+                                        <label>
+                                            <#if login.rememberMe??>
+                                                <input tabindex="3" id="rememberMe" name="rememberMe" type="checkbox"
+                                                       checked> ${msg("rememberMe")}
+                                            <#else>
+                                                <input tabindex="3" id="rememberMe" name="rememberMe"
+                                                       type="checkbox"> ${msg("rememberMe")}
+                                            </#if>
+                                        </label>
+                                    </div>
+                                </#if>
+                            </div>
+                        </div>
+
+                        <div id="kc-form-buttons" class="${properties.kcFormGroupClass!}">
+                            <input tabindex="4"
+                                   class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
+                                   name="login" id="kc-login" type="submit" value="${msg("doLogIn")}"/>
+                        </div>
+                    </form>
+                </#if>
             </div>
-          </div>
-        </#if>
-
-        <div id="kc-form-buttons" class="${properties.kcFormGroupClass!}">
-          <button
-            tabindex="4"
-            class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
-            name="login"
-            id="kc-login"
-            type="submit"
-          >${msg("doLogIn")}</button>
         </div>
-      </form>
-    </#if>
 
-  <#elseif section = "info" >
-    <#if realm.password && realm.registrationAllowed && !registrationDisabled??>
-      <div id="kc-registration">
-        <span>${msg("noAccount")} <a tabindex="6" href="${url.registrationUrl}">${msg("doRegister")}</a></span>
-      </div>
-    </#if>
-  <#elseif section = "socialProviders" >
-    <#if realm.password && social.providers??>
-      <div id="kc-social-providers" class="${properties.kcFormSocialAccountSectionClass!}">
-        <hr/>
-        <h4>${msg("identity-provider-login-label")}</h4>
+    <#elseif section = "info" >
+        <#if realm.password && realm.registrationAllowed && !registrationDisabled??>
+            <div id="kc-registration">
+                <span>${msg("noAccount")} <a tabindex="6" href="${url.registrationUrl}">${msg("doRegister")}</a></span>
+            </div>
+        </#if>
+    <#elseif section = "socialProviders" >
+        <#if realm.password && social?? && social.providers?has_content>
+            <div id="kc-social-providers" class="${properties.kcFormSocialAccountSectionClass!}">
+                <hr/>
+                <h4>${msg("identity-provider-login-label")}</h4>
 
-        <ul class="${properties.kcFormSocialAccountListClass!} <#if social.providers?size gt 3>${properties.kcFormSocialAccountListGridClass!}</#if>">
-          <#list social.providers as p>
-            <a id="social-${p.alias}" class="${properties.kcFormSocialAccountListButtonClass!} <#if social.providers?size gt 3>${properties.kcFormSocialAccountGridItem!}</#if>"
-                type="button" href="${p.loginUrl}">
-              <#if p.iconClasses?has_content>
-                <i class="${properties.kcCommonLogoIdP!} ${p.iconClasses!}" aria-hidden="true"></i>
-                <span class="${properties.kcFormSocialAccountNameClass!} kc-social-icon-text">${p.displayName!}</span>
-              <#else>
-                <span class="${properties.kcFormSocialAccountNameClass!}">${p.displayName!}</span>
-              </#if>
-            </a>
-          </#list>
-        </ul>
-      </div>
+                <ul class="${properties.kcFormSocialAccountListClass!} <#if social.providers?size gt 3>${properties.kcFormSocialAccountListGridClass!}</#if>">
+                    <#list social.providers as p>
+                        <a id="social-${p.alias}" class="${properties.kcFormSocialAccountListButtonClass!} <#if social.providers?size gt 3>${properties.kcFormSocialAccountGridItem!}</#if>"
+                                type="button" href="${p.loginUrl}">
+                            <#if p.iconClasses?has_content>
+                                <i class="${properties.kcCommonLogoIdP!} ${p.iconClasses!}" aria-hidden="true"></i>
+                                <span class="${properties.kcFormSocialAccountNameClass!} kc-social-icon-text">${p.displayName!}</span>
+                            <#else>
+                                <span class="${properties.kcFormSocialAccountNameClass!}">${p.displayName!}</span>
+                            </#if>
+                        </a>
+                    </#list>
+                </ul>
+            </div>
+        </#if>
     </#if>
-  </#if>
 
 </@layout.registrationLayout>
diff --git a/login/login.ftl b/login/login.ftl
index 51d2102..a7361e9 100644
--- a/login/login.ftl
+++ b/login/login.ftl
@@ -1,132 +1,115 @@
 <#import "template.ftl" as layout>
 <@layout.registrationLayout displayMessage=!messagesPerField.existsError('username','password') displayInfo=realm.password && realm.registrationAllowed && !registrationDisabled??; section>
-  <#if section = "header">
-    ${msg("loginAccountTitle")}
-  <#elseif section = "form">
-    <#if realm.password>
-      <form class="ps-container" onsubmit="login.disabled = true; return true;" action="${url.loginAction}" method="post">
-        <#if !usernameHidden??>
-          <div class="${properties.kcFormGroupClass!}">
-            <label
-              for="username"
-              class="${properties.kcLabelClass!}"
-            >
-              <#if !realm.loginWithEmailAllowed>${msg("username")}<#elseif !realm.registrationEmailAsUsername>${msg("usernameOrEmail")}<#else>${msg("email")}</#if>
-            </label>
+    <#if section = "header">
+        ${msg("loginAccountTitle")}
+    <#elseif section = "form">
+        <div id="kc-form">
+          <div id="kc-form-wrapper">
+            <#if realm.password>
+                <form id="kc-form-login" onsubmit="login.disabled = true; return true;" action="${url.loginAction}" method="post">
+                    <#if !usernameHidden??>
+                        <div class="${properties.kcFormGroupClass!}">
+                            <label for="username" class="${properties.kcLabelClass!}"><#if !realm.loginWithEmailAllowed>${msg("username")}<#elseif !realm.registrationEmailAsUsername>${msg("usernameOrEmail")}<#else>${msg("email")}</#if></label>
 
-            <input
-              tabindex="1"
-              id="username"
-              class="${properties.kcInputClass!}"
-              name="username"
-              value="${(login.username!'')}"
-              type="text"
-              autofocus
-              autocomplete="off"
-              aria-invalid="<#if messagesPerField.existsError('username','password')>true</#if>"
-            />
+                            <input tabindex="2" id="username" class="${properties.kcInputClass!}" name="username" value="${(login.username!'')}"  type="text" autofocus autocomplete="username"
+                                   aria-invalid="<#if messagesPerField.existsError('username','password')>true</#if>"
+                            />
 
-            <#if messagesPerField.existsError('username','password')>
-              <span
-                id="input-error"
-                class="${properties.kcInputErrorMessageClass!}"
-                aria-live="polite"
-              >
-                ${kcSanitize(messagesPerField.getFirstError('username','password'))?no_esc}
-              </span>
+                            <#if messagesPerField.existsError('username','password')>
+                                <span id="input-error" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                                        ${kcSanitize(messagesPerField.getFirstError('username','password'))?no_esc}
+                                </span>
+                            </#if>
+
+                        </div>
+                    </#if>
+
+                    <div class="${properties.kcFormGroupClass!}">
+                        <label for="password" class="${properties.kcLabelClass!}">${msg("password")}</label>
+
+                        <div class="${properties.kcInputGroup!}">
+                            <input tabindex="3" id="password" class="${properties.kcInputClass!}" name="password" type="password" autocomplete="current-password"
+                                   aria-invalid="<#if messagesPerField.existsError('username','password')>true</#if>"
+                            />
+                            <button class="${properties.kcFormPasswordVisibilityButtonClass!}" type="button" aria-label="${msg("showPassword")}"
+                                    aria-controls="password" data-password-toggle tabindex="4"
+                                    data-icon-show="${properties.kcFormPasswordVisibilityIconShow!}" data-icon-hide="${properties.kcFormPasswordVisibilityIconHide!}"
+                                    data-label-show="${msg('showPassword')}" data-label-hide="${msg('hidePassword')}">
+                                <i class="${properties.kcFormPasswordVisibilityIconShow!}" aria-hidden="true"></i>
+                            </button>
+                        </div>
+
+                        <#if usernameHidden?? && messagesPerField.existsError('username','password')>
+                            <span id="input-error" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                                    ${kcSanitize(messagesPerField.getFirstError('username','password'))?no_esc}
+                            </span>
+                        </#if>
+
+                    </div>
+
+                    <div class="${properties.kcFormGroupClass!} ${properties.kcFormSettingClass!}">
+                        <div id="kc-form-options">
+                            <#if realm.rememberMe && !usernameHidden??>
+                                <div class="checkbox">
+                                    <label>
+                                        <#if login.rememberMe??>
+                                            <input tabindex="5" id="rememberMe" name="rememberMe" type="checkbox" checked> ${msg("rememberMe")}
+                                        <#else>
+                                            <input tabindex="5" id="rememberMe" name="rememberMe" type="checkbox"> ${msg("rememberMe")}
+                                        </#if>
+                                    </label>
+                                </div>
+                            </#if>
+                            </div>
+                            <div class="${properties.kcFormOptionsWrapperClass!}">
+                                <#if realm.resetPasswordAllowed>
+                                    <span><a tabindex="6" href="${url.loginResetCredentialsUrl}">${msg("doForgotPassword")}</a></span>
+                                </#if>
+                            </div>
+
+                      </div>
+
+                      <div id="kc-form-buttons" class="${properties.kcFormGroupClass!}">
+                          <input type="hidden" id="id-hidden-input" name="credentialId" <#if auth.selectedCredential?has_content>value="${auth.selectedCredential}"</#if>/>
+                          <input tabindex="7" class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}" name="login" id="kc-login" type="submit" value="${msg("doLogIn")}"/>
+                      </div>
+                </form>
             </#if>
-
-          </div>
+            </div>
+        </div>
+        <script type="module" src="${url.resourcesPath}/js/passwordVisibility.js"></script>
+    <#elseif section = "info" >
+        <#if realm.password && realm.registrationAllowed && !registrationDisabled??>
+            <div id="kc-registration-container">
+                <div id="kc-registration">
+                    <span>${msg("noAccount")} <a tabindex="8"
+                                                 href="${url.registrationUrl}">${msg("doRegister")}</a></span>
+                </div>
+            </div>
         </#if>
+    <#elseif section = "socialProviders" >
+        <#if realm.password && social?? && social.providers?has_content>
+            <div id="kc-social-providers" class="${properties.kcFormSocialAccountSectionClass!}">
+                <hr/>
+                <h2>${msg("identity-provider-login-label")}</h2>
 
-        <div class="${properties.kcFormGroupClass!}">
-          <label for="password" class="${properties.kcLabelClass!}">${msg("password")}</label>
-
-          <input
-            tabindex="2"
-            id="password"
-            class="${properties.kcInputClass!}"
-            name="password"
-            type="password"
-            autocomplete="off"
-            aria-invalid="<#if messagesPerField.existsError('username','password')>true</#if>"
-          />
-
-          <#if usernameHidden?? && messagesPerField.existsError('username','password')>
-            <span id="input-error" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-                ${kcSanitize(messagesPerField.getFirstError('username','password'))?no_esc}
-            </span>
-          </#if>
-
-          <#if realm.resetPasswordAllowed>
-            <div class="${properties.kcFormOptionsWrapperClass!}">
-              <span><a tabindex="5" href="${url.loginResetCredentialsUrl}">${msg("doForgotPassword")}</a></span>
+                <ul class="${properties.kcFormSocialAccountListClass!} <#if social.providers?size gt 3>${properties.kcFormSocialAccountListGridClass!}</#if>">
+                    <#list social.providers as p>
+                        <li>
+                            <a id="social-${p.alias}" class="${properties.kcFormSocialAccountListButtonClass!} <#if social.providers?size gt 3>${properties.kcFormSocialAccountGridItem!}</#if>"
+                                    type="button" href="${p.loginUrl}">
+                                <#if p.iconClasses?has_content>
+                                    <i class="${properties.kcCommonLogoIdP!} ${p.iconClasses!}" aria-hidden="true"></i>
+                                    <span class="${properties.kcFormSocialAccountNameClass!} kc-social-icon-text">${p.displayName!}</span>
+                                <#else>
+                                    <span class="${properties.kcFormSocialAccountNameClass!}">${p.displayName!}</span>
+                                </#if>
+                            </a>
+                        </li>
+                    </#list>
+                </ul>
             </div>
-          </#if>
-        </div>
-
-        <div class="${properties.kcFormGroupClass!} ${properties.kcFormSettingClass!}">
-          <#if realm.rememberMe && !usernameHidden??>
-            <div class="checkbox">
-              <label>
-                <#if login.rememberMe??>
-                  <input tabindex="3" id="rememberMe" name="rememberMe" type="checkbox" checked> ${msg("rememberMe")}
-                <#else>
-                  <input tabindex="3" id="rememberMe" name="rememberMe" type="checkbox"> ${msg("rememberMe")}
-                </#if>
-              </label>
-            </div>
-          </#if>
-        </div>
-
-        <div id="kc-form-buttons" class="${properties.kcFormGroupClass!}">
-          <input type="hidden" id="id-hidden-input" name="credentialId" <#if auth.selectedCredential?has_content>value="${auth.selectedCredential}"</#if>/>
-          <button
-            tabindex="4"
-            class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
-            name="login"
-            id="kc-login"
-            type="submit"
-          >${msg("doLogIn")}</button>
-        </div>
-      </form>
+        </#if>
     </#if>
 
-  <#elseif section = "info" >
-    <#if realm.password && realm.registrationAllowed && !registrationDisabled??>
-      <div id="kc-registration-container">
-        <div id="kc-registration">
-          <span>${msg("noAccount")}
-            <a tabindex="6" href="${url.registrationUrl}">${msg("doRegister")}</a>
-          </span>
-        </div>
-      </div>
-    </#if>
-  <#elseif section = "socialProviders" >
-    <#if realm.password && social.providers??>
-      <div id="kc-social-providers" class="${properties.kcFormSocialAccountSectionClass!}">
-        <hr/>
-        <h4>${msg("identity-provider-login-label")}</h4>
-
-        <ul class="${properties.kcFormSocialAccountListClass!} <#if social.providers?size gt 3>${properties.kcFormSocialAccountListGridClass!}</#if>">
-          <#list social.providers as p>
-            <a
-              id="social-${p.alias}"
-              class="${properties.kcFormSocialAccountListButtonClass!} <#if social.providers?size gt 3>${properties.kcFormSocialAccountGridItem!}</#if>"
-              type="button"
-              href="${p.loginUrl}"
-            >
-              <#if p.iconClasses?has_content>
-                <i class="${properties.kcCommonLogoIdP!} ${p.iconClasses!}" aria-hidden="true"></i>
-                <span class="${properties.kcFormSocialAccountNameClass!} kc-social-icon-text">${p.displayName!}</span>
-              <#else>
-                <span class="${properties.kcFormSocialAccountNameClass!}">${p.displayName!}</span>
-              </#if>
-            </a>
-          </#list>
-        </ul>
-      </div>
-    </#if>
-  </#if>
-
 </@layout.registrationLayout>
diff --git a/login/register-commons.ftl b/login/register-commons.ftl
new file mode 100644
index 0000000..7007797
--- /dev/null
+++ b/login/register-commons.ftl
@@ -0,0 +1,27 @@
+<#macro termsAcceptance>
+    <#if termsAcceptanceRequired??>
+        <div class="form-group">
+            <div class="${properties.kcInputWrapperClass!}">
+                ${msg("termsTitle")}
+                <div id="kc-registration-terms-text">
+                    ${kcSanitize(msg("termsText"))?no_esc}
+                </div>
+            </div>
+        </div>
+        <div class="form-group">
+            <div class="${properties.kcLabelWrapperClass!}">
+                <input type="checkbox" id="termsAccepted" name="termsAccepted" class="${properties.kcCheckboxInputClass!}"
+                       aria-invalid="<#if messagesPerField.existsError('termsAccepted')>true</#if>"
+                />
+                <label for="termsAccepted" class="${properties.kcLabelClass!}">${msg("acceptTerms")}</label>
+            </div>
+            <#if messagesPerField.existsError('termsAccepted')>
+                <div class="${properties.kcLabelWrapperClass!}">
+                            <span id="input-error-terms-accepted" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                                ${kcSanitize(messagesPerField.get('termsAccepted'))?no_esc}
+                            </span>
+                </div>
+            </#if>
+        </div>
+    </#if>
+</#macro>
diff --git a/login/register.ftl b/login/register.ftl
index 62e1eb1..f640848 100644
--- a/login/register.ftl
+++ b/login/register.ftl
@@ -1,112 +1,112 @@
 <#import "template.ftl" as layout>
-<@layout.registrationLayout displayMessage=!messagesPerField.existsError('firstName','lastName','email','username','password','password-confirm'); section>
-  <#if section = "header">
-    ${msg("registerTitle")}
-  <#elseif section = "form">
-    <form id="kc-register-form" class="ps-container" action="${url.registrationAction}" method="post">
-      <!--div class="${properties.kcFormGroupClass!}">
-        <label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
-        <input type="text" id="firstName" class="${properties.kcInputClass!}" name="firstName"
-             value="${(register.formData.firstName!'')}"
-             aria-invalid="<#if messagesPerField.existsError('firstName')>true</#if>"
-        />
-
-        <#if messagesPerField.existsError('firstName')>
-          <span id="input-error-firstname" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-            ${kcSanitize(messagesPerField.get('firstName'))?no_esc}
-          </span>
+<#import "user-profile-commons.ftl" as userProfileCommons>
+<#import "register-commons.ftl" as registerCommons>
+<@layout.registrationLayout displayMessage=messagesPerField.exists('global') displayRequiredFields=true; section>
+    <#if section = "header">
+        <#if messageHeader??>
+            ${kcSanitize(msg("${messageHeader}"))?no_esc}
+        <#else>
+            ${msg("registerTitle")}
         </#if>
-      </div>
+    <#elseif section = "form">
+        <form id="kc-register-form" class="${properties.kcFormClass!}" action="${url.registrationAction}" method="post">
 
-      <div class="${properties.kcFormGroupClass!}">
-        <label for="lastName" class="${properties.kcLabelClass!}">${msg("lastName")}</label>
-          <input type="text" id="lastName" class="${properties.kcInputClass!}" name="lastName"
-             value="${(register.formData.lastName!'')}"
-             aria-invalid="<#if messagesPerField.existsError('lastName')>true</#if>"
-          />
+            <@userProfileCommons.userProfileFormFields; callback, attribute>
+                <#if callback = "afterField">
+                <#-- render password fields just under the username or email (if used as username) -->
+                    <#if passwordRequired?? && (attribute.name == 'username' || (attribute.name == 'email' && realm.registrationEmailAsUsername))>
+                        <div class="${properties.kcFormGroupClass!}">
+                            <div class="${properties.kcLabelWrapperClass!}">
+                                <label for="password" class="${properties.kcLabelClass!}">${msg("password")}</label> *
+                            </div>
+                            <div class="${properties.kcInputWrapperClass!}">
+                                <div class="${properties.kcInputGroup!}">
+                                    <input type="password" id="password" class="${properties.kcInputClass!}" name="password"
+                                           autocomplete="new-password"
+                                           aria-invalid="<#if messagesPerField.existsError('password','password-confirm')>true</#if>"
+                                    />
+                                    <button class="${properties.kcFormPasswordVisibilityButtonClass!}" type="button" aria-label="${msg('showPassword')}"
+                                            aria-controls="password"  data-password-toggle
+                                            data-icon-show="${properties.kcFormPasswordVisibilityIconShow!}" data-icon-hide="${properties.kcFormPasswordVisibilityIconHide!}"
+                                            data-label-show="${msg('showPassword')}" data-label-hide="${msg('hidePassword')}">
+                                        <i class="${properties.kcFormPasswordVisibilityIconShow!}" aria-hidden="true"></i>
+                                    </button>
+                                </div>
 
-          <#if messagesPerField.existsError('lastName')>
-            <span id="input-error-lastname" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-              ${kcSanitize(messagesPerField.get('lastName'))?no_esc}
-            </span>
-          </#if>
-      </div-->
+                                <#if messagesPerField.existsError('password')>
+                                    <span id="input-error-password" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+		                                ${kcSanitize(messagesPerField.get('password'))?no_esc}
+		                            </span>
+                                </#if>
+                            </div>
+                        </div>
 
-      <#if !realm.registrationEmailAsUsername>
-        <div class="${properties.kcFormGroupClass!}">
-          <label for="username" class="${properties.kcLabelClass!}">${msg("username")}</label>
-          <input type="text" id="username" class="${properties.kcInputClass!}" name="username"
-               value="${(register.formData.username!'')}" autocomplete="username"
-               aria-invalid="<#if messagesPerField.existsError('username')>true</#if>"
-          />
+                        <div class="${properties.kcFormGroupClass!}">
+                            <div class="${properties.kcLabelWrapperClass!}">
+                                <label for="password-confirm"
+                                       class="${properties.kcLabelClass!}">${msg("passwordConfirm")}</label> *
+                            </div>
+                            <div class="${properties.kcInputWrapperClass!}">
+                                <div class="${properties.kcInputGroup!}">
+                                    <input type="password" id="password-confirm" class="${properties.kcInputClass!}"
+                                           name="password-confirm"
+                                           aria-invalid="<#if messagesPerField.existsError('password-confirm')>true</#if>"
+                                    />
+                                    <button class="${properties.kcFormPasswordVisibilityButtonClass!}" type="button" aria-label="${msg('showPassword')}"
+                                            aria-controls="password-confirm"  data-password-toggle
+                                            data-icon-show="${properties.kcFormPasswordVisibilityIconShow!}" data-icon-hide="${properties.kcFormPasswordVisibilityIconHide!}"
+                                            data-label-show="${msg('showPassword')}" data-label-hide="${msg('hidePassword')}">
+                                        <i class="${properties.kcFormPasswordVisibilityIconShow!}" aria-hidden="true"></i>
+                                    </button>
+                                </div>
 
-          <#if messagesPerField.existsError('username')>
-            <span id="input-error-username" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-              ${kcSanitize(messagesPerField.get('username'))?no_esc}
-            </span>
-          </#if>
-        </div>
-      </#if>
+                                <#if messagesPerField.existsError('password-confirm')>
+                                    <span id="input-error-password-confirm" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+		                                ${kcSanitize(messagesPerField.get('password-confirm'))?no_esc}
+		                            </span>
+                                </#if>
+                            </div>
+                        </div>
+                    </#if>
+                </#if>
+            </@userProfileCommons.userProfileFormFields>
 
-      <div class="${properties.kcFormGroupClass!}">
-        <label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
-          <input type="text" id="email" class="${properties.kcInputClass!}" name="email"
-             value="${(register.formData.email!'')}" autocomplete="email"
-             aria-invalid="<#if messagesPerField.existsError('email')>true</#if>"
-          />
+            <@registerCommons.termsAcceptance/>
 
-          <#if messagesPerField.existsError('email')>
-            <span id="input-error-email" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-              ${kcSanitize(messagesPerField.get('email'))?no_esc}
-            </span>
-          </#if>
-      </div>
+            <#if recaptchaRequired?? && (recaptchaVisible!false)>
+                <div class="form-group">
+                    <div class="${properties.kcInputWrapperClass!}">
+                        <div class="g-recaptcha" data-size="compact" data-sitekey="${recaptchaSiteKey}" data-action="${recaptchaAction}"></div>
+                    </div>
+                </div>
+            </#if>
 
-      <#if passwordRequired??>
-        <div class="${properties.kcFormGroupClass!}">
-          <label for="password" class="${properties.kcLabelClass!}">${msg("password")}</label>
-          <input type="password" id="password" class="${properties.kcInputClass!}" name="password"
-               autocomplete="new-password"
-               aria-invalid="<#if messagesPerField.existsError('password','password-confirm')>true</#if>"
-          />
+            <div class="${properties.kcFormGroupClass!}">
+                <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
+                    <div class="${properties.kcFormOptionsWrapperClass!}">
+                        <span><a href="${url.loginUrl}">${kcSanitize(msg("backToLogin"))?no_esc}</a></span>
+                    </div>
+                </div>
 
-          <#if messagesPerField.existsError('password')>
-            <span id="input-error-password" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-              ${kcSanitize(messagesPerField.get('password'))?no_esc}
-            </span>
-          </#if>
-        </div>
-
-        <div class="${properties.kcFormGroupClass!}">
-          <label for="password-confirm"
-               class="${properties.kcLabelClass!}">${msg("passwordConfirm")}</label>
-          <input type="password" id="password-confirm" class="${properties.kcInputClass!}"
-               name="password-confirm"
-               aria-invalid="<#if messagesPerField.existsError('password-confirm')>true</#if>"
-          />
-
-          <#if messagesPerField.existsError('password-confirm')>
-            <span id="input-error-password-confirm" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-              ${kcSanitize(messagesPerField.get('password-confirm'))?no_esc}
-            </span>
-          </#if>
-        </div>
-      </#if>
-
-      <#if recaptchaRequired??>
-        <div class="ps-form-group">
-          <div class="g-recaptcha" data-size="compact" data-sitekey="${recaptchaSiteKey}"></div>
-        </div>
-      </#if>
-
-      <div class="${properties.kcFormGroupClass!}">
-          <button
-            class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
-          >${msg("doRegister")}</button>
-      </div>
-      <div class="${properties.kcFormGroupClass!}">
-        <span><a href="${url.loginUrl}">${kcSanitize(msg("backToLogin"))?no_esc}</a></span>
-      </div>
-    </form>
-  </#if>
+                <#if recaptchaRequired?? && !(recaptchaVisible!false)>
+                    <script>
+                        function onSubmitRecaptcha(token) {
+                            document.getElementById("kc-register-form").submit();
+                        }
+                    </script>
+                    <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
+                        <button class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!} g-recaptcha" 
+                            data-sitekey="${recaptchaSiteKey}" data-callback='onSubmitRecaptcha' data-action='${recaptchaAction}' type="submit">
+                            ${msg("doRegister")}
+                        </button>
+                    </div>
+                <#else>
+                    <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
+                        <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doRegister")}"/>
+                    </div>
+                </#if>
+            </div>
+        </form>
+        <script type="module" src="${url.resourcesPath}/js/passwordVisibility.js"></script>
+    </#if>
 </@layout.registrationLayout>
diff --git a/login/select-authenticator.ftl b/login/select-authenticator.ftl
index 6a2abd4..4fbe2d3 100644
--- a/login/select-authenticator.ftl
+++ b/login/select-authenticator.ftl
@@ -1,12 +1,6 @@
 <#import "template.ftl" as layout>
 <@layout.registrationLayout displayInfo=false; section>
     <#if section = "header" || section = "show-username">
-        <script type="text/javascript">
-            function fillAndSubmit(authExecId) {
-                document.getElementById('authexec-hidden-input').value = authExecId;
-                document.getElementById('kc-select-credential-form').submit();
-            }
-        </script>
         <#if section = "header">
             ${msg("loginChooseAuthenticator")}
         </#if>
@@ -15,13 +9,13 @@
         <form id="kc-select-credential-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
             <div class="${properties.kcSelectAuthListClass!}">
                 <#list auth.authenticationSelections as authenticationSelection>
-                    <div class="${properties.kcSelectAuthListItemClass!}" onclick="fillAndSubmit('${authenticationSelection.authExecId}')">
+                    <button class="${properties.kcSelectAuthListItemClass!}" type="submit" name="authenticationExecution" value="${authenticationSelection.authExecId}">
 
                         <div class="${properties.kcSelectAuthListItemIconClass!}">
                             <i class="${properties['${authenticationSelection.iconCssClass}']!authenticationSelection.iconCssClass} ${properties.kcSelectAuthListItemIconPropertyClass!}"></i>
                         </div>
                         <div class="${properties.kcSelectAuthListItemBodyClass!}">
-                            <div class="${properties.kcSelectAuthListItemHeadingClass!} ${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}">
+                            <div class="${properties.kcSelectAuthListItemHeadingClass!}">
                                 ${msg('${authenticationSelection.displayName}')}
                             </div>
                             <div class="${properties.kcSelectAuthListItemDescriptionClass!}">
@@ -32,9 +26,8 @@
                         <div class="${properties.kcSelectAuthListItemArrowClass!}">
                             <i class="${properties.kcSelectAuthListItemArrowIconClass!}"></i>
                         </div>
-                    </div>
+                    </button>
                 </#list>
-                <input type="hidden" id="authexec-hidden-input" name="authenticationExecution" />
             </div>
         </form>
 
diff --git a/login/template.ftl b/login/template.ftl
index f8dd10b..95a506a 100644
--- a/login/template.ftl
+++ b/login/template.ftl
@@ -1,43 +1,62 @@
 <#macro registrationLayout bodyClass="" displayInfo=false displayMessage=true displayRequiredFields=false>
-<!doctype html>
-<html>
+<!DOCTYPE html>
+<html class="${properties.kcHtmlClass!}"<#if realm.internationalizationEnabled> lang="${locale.currentLanguageTag}"</#if>>
 
 <head>
-  <meta charset="utf-8">
-  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-  <meta name="robots" content="noindex, nofollow">
+    <meta charset="utf-8">
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta name="robots" content="noindex, nofollow">
 
-  <meta name="viewport" content="width=device-width,initial-scale=1">
+    <#if properties.meta?has_content>
+        <#list properties.meta?split(' ') as meta>
+            <meta name="${meta?split('==')[0]}" content="${meta?split('==')[1]}"/>
+        </#list>
+    </#if>
 
-  <title>${msg("loginTitle",(realm.displayName!''))}</title>
+    <title>${msg("loginTitle",(realm.displayName!''))}</title>
 
-  <link rel="icon" href="${url.resourcesPath}/img/pub.solar.svg" />
+    <link rel="icon" href="${url.resourcesPath}/img/pub.solar.svg" />
 
-  <link href="${url.resourcesPath}/css/index.css?v4" rel="stylesheet" />
+    <link href="${url.resourcesPath}/css/index.css?v4" rel="stylesheet" />
 
-  <script defer src="${url.resourcesPath}/js/background.js" type="text/javascript"></script>
-  <script defer src="${url.resourcesPath}/js/i18n.js" type="text/javascript"></script>
+    <script defer src="${url.resourcesPath}/js/background.js" type="text/javascript"></script>
+    <script defer src="${url.resourcesPath}/js/i18n.js" type="text/javascript"></script>
 
-  <#if properties.stylesCommon?has_content>
-    <#list properties.stylesCommon?split(' ') as style>
-      <link href="${url.resourcesCommonPath}/${style}" rel="stylesheet" />
-    </#list>
-  </#if>
-  <#if properties.styles?has_content>
-    <#list properties.styles?split(' ') as style>
-      <link href="${url.resourcesPath}/${style}" rel="stylesheet" />
-    </#list>
-  </#if>
-  <#if properties.scripts?has_content>
-    <#list properties.scripts?split(' ') as script>
-      <script defer src="${url.resourcesPath}/${script}" type="text/javascript"></script>
-    </#list>
-  </#if>
-  <#if properties.scriptsCommon?has_content>
-    <#list properties.scriptsCommon?split(' ') as script>
-      <script defer src="${url.resourcesCommonPath}/${script}" type="text/javascript"></script>
-    </#list>
-  </#if>
+    <#if properties.stylesCommon?has_content>
+        <#list properties.stylesCommon?split(' ') as style>
+            <link href="${url.resourcesCommonPath}/${style}" rel="stylesheet" />
+        </#list>
+    </#if>
+    <#if properties.styles?has_content>
+        <#list properties.styles?split(' ') as style>
+            <link href="${url.resourcesPath}/${style}" rel="stylesheet" />
+        </#list>
+    </#if>
+    <#if properties.scripts?has_content>
+        <#list properties.scripts?split(' ') as script>
+            <script src="${url.resourcesPath}/${script}" type="text/javascript"></script>
+        </#list>
+    </#if>
+    <script type="importmap">
+        {
+            "imports": {
+                "rfc4648": "${url.resourcesCommonPath}/node_modules/rfc4648/lib/rfc4648.js"
+            }
+        }
+    </script>
+    <script src="${url.resourcesPath}/js/menu-button-links.js" type="module"></script>
+    <#if scripts??>
+        <#list scripts as script>
+            <script src="${script}" type="text/javascript"></script>
+        </#list>
+    </#if>
+    <script type="module">
+        import { checkCookiesAndSetTimer } from "${url.resourcesPath}/js/authChecker.js";
+
+        checkCookiesAndSetTimer(
+          "${url.ssoLoginInOtherTabsUrl?no_esc}"
+        );
+    </script>
 </head>
 
 <body class="ps-main ps-main_full">
diff --git a/login/theme.properties b/login/theme.properties
index 04e01f7..1092c27 100644
--- a/login/theme.properties
+++ b/login/theme.properties
@@ -16,3 +16,10 @@ kcInputErrorMessageClass=ps-form-group--error
 kcInputClass=ps-input
 
 kcWebAuthnKeyIcon=pficon pficon-key
+
+kcAuthenticatorPasswordClass=ps-button
+kcAuthenticatorWebAuthnClass=ps-button
+kcAuthenticatorWebAuthnPasswordlessClass=ps-button
+
+kcFormPasswordVisibilityIconShow=fa fa-eye
+kcFormPasswordVisibilityIconHide=fa fa-eye-slash
diff --git a/login/update-email.ftl b/login/update-email.ftl
index e63b012..1650e25 100644
--- a/login/update-email.ftl
+++ b/login/update-email.ftl
@@ -1,27 +1,12 @@
 <#import "template.ftl" as layout>
 <#import "password-commons.ftl" as passwordCommons>
-<@layout.registrationLayout displayMessage=!messagesPerField.existsError('email'); section>
+<#import "user-profile-commons.ftl" as userProfileCommons>
+<@layout.registrationLayout displayMessage=messagesPerField.exists('global') displayRequiredFields=true; section>
     <#if section = "header">
         ${msg("updateEmailTitle")}
     <#elseif section = "form">
         <form id="kc-update-email-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
-            <div class="${properties.kcFormGroupClass!}">
-                <div class="${properties.kcLabelWrapperClass!}">
-                    <label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
-                </div>
-                <div class="${properties.kcInputWrapperClass!}">
-                    <input type="text" id="email" name="email" value="${(email.value!'')}"
-                           class="${properties.kcInputClass!}"
-                           aria-invalid="<#if messagesPerField.existsError('email')>true</#if>"
-                    />
-
-                    <#if messagesPerField.existsError('email')>
-                        <span id="input-error-email" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
-                            ${kcSanitize(messagesPerField.get('email'))?no_esc}
-                        </span>
-                    </#if>
-                </div>
-            </div>
+            <@userProfileCommons.userProfileFormFields/>
 
             <div class="${properties.kcFormGroupClass!}">
                 <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
diff --git a/login/user-profile-commons.ftl b/login/user-profile-commons.ftl
index 140eea3..8aa885d 100644
--- a/login/user-profile-commons.ftl
+++ b/login/user-profile-commons.ftl
@@ -3,27 +3,31 @@
 	
 	<#list profile.attributes as attribute>
 
-		<#assign groupName = attribute.group!"">
-		<#if groupName != currentGroup>
-			<#assign currentGroup=groupName>
-			<#if currentGroup != "" >
-				<div class="${properties.kcFormGroupClass!}">
+		<#assign group = (attribute.group)!"">
+		<#if group != currentGroup>
+			<#assign currentGroup=group>
+			<#if currentGroup != "">
+				<div class="${properties.kcFormGroupClass!}"
+				<#list group.html5DataAnnotations as key, value>
+					data-${key}="${value}"
+				</#list>
+				>
 	
-					<#assign groupDisplayHeader=attribute.groupDisplayHeader!"">
+					<#assign groupDisplayHeader=group.displayHeader!"">
 					<#if groupDisplayHeader != "">
-						<#assign groupHeaderText=advancedMsg(attribute.groupDisplayHeader)!groupName>
+						<#assign groupHeaderText=advancedMsg(groupDisplayHeader)!group>
 					<#else>
-						<#assign groupHeaderText=groupName>
+						<#assign groupHeaderText=group.name!"">
 					</#if>
 					<div class="${properties.kcContentWrapperClass!}">
-						<label id="header-${groupName}" class="${kcFormGroupHeader!}">${groupHeaderText}</label>
+						<label id="header-${attribute.group.name}" class="${kcFormGroupHeader!}">${groupHeaderText}</label>
 					</div>
 	
-					<#assign groupDisplayDescription=attribute.groupDisplayDescription!"">
+					<#assign groupDisplayDescription=group.displayDescription!"">
 					<#if groupDisplayDescription != "">
-						<#assign groupDescriptionText=advancedMsg(attribute.groupDisplayDescription)!"">
+						<#assign groupDescriptionText=advancedMsg(groupDisplayDescription)!"">
 						<div class="${properties.kcLabelWrapperClass!}">
-							<label id="description-${groupName}" class="${properties.kcLabelClass!}">${groupDescriptionText}</label>
+							<label id="description-${group.name}" class="${properties.kcLabelClass!}">${groupDescriptionText}</label>
 						</div>
 					</#if>
 				</div>
@@ -53,6 +57,10 @@
 		</div>
 		<#nested "afterField" attribute>
 	</#list>
+
+	<#list profile.html5DataAnnotations?keys as key>
+		<script type="module" src="${url.resourcesPath}/js/${key}.js"></script>
+	</#list>
 </#macro>
 
 <#macro inputFieldByType attribute>
@@ -69,16 +77,22 @@
 		<@inputTagSelects attribute=attribute/>
 		<#break>
 	<#default>
-		<@inputTag attribute=attribute/>
+		<#if attribute.multivalued && attribute.values?has_content>
+			<#list attribute.values as value>
+				<@inputTag attribute=attribute value=value!''/>
+			</#list>
+		<#else>
+			<@inputTag attribute=attribute value=attribute.value!''/>
+		</#if>
 	</#switch>
 </#macro>
 
-<#macro inputTag attribute>
-	<input type="<@inputTagType attribute=attribute/>" id="${attribute.name}" name="${attribute.name}" value="${(attribute.value!'')}" class="${properties.kcInputClass!}"
+<#macro inputTag attribute value>
+	<input type="<@inputTagType attribute=attribute/>" id="${attribute.name}" name="${attribute.name}" value="${(value!'')}" class="${properties.kcInputClass!}"
 		aria-invalid="<#if messagesPerField.existsError('${attribute.name}')>true</#if>"
 		<#if attribute.readOnly>disabled</#if>
 		<#if attribute.autocomplete??>autocomplete="${attribute.autocomplete}"</#if>
-		<#if attribute.annotations.inputTypePlaceholder??>placeholder="${attribute.annotations.inputTypePlaceholder}"</#if>
+		<#if attribute.annotations.inputTypePlaceholder??>placeholder="${advancedMsg(attribute.annotations.inputTypePlaceholder)}"</#if>
 		<#if attribute.annotations.inputTypePattern??>pattern="${attribute.annotations.inputTypePattern}"</#if>
 		<#if attribute.annotations.inputTypeSize??>size="${attribute.annotations.inputTypeSize}"</#if>
 		<#if attribute.annotations.inputTypeMaxlength??>maxlength="${attribute.annotations.inputTypeMaxlength}"</#if>
@@ -86,6 +100,10 @@
 		<#if attribute.annotations.inputTypeMax??>max="${attribute.annotations.inputTypeMax}"</#if>
 		<#if attribute.annotations.inputTypeMin??>min="${attribute.annotations.inputTypeMin}"</#if>
 		<#if attribute.annotations.inputTypeStep??>step="${attribute.annotations.inputTypeStep}"</#if>
+		<#if attribute.annotations.inputTypeStep??>step="${attribute.annotations.inputTypeStep}"</#if>
+		<#list attribute.html5DataAnnotations as key, value>
+    		data-${key}="${value}"
+		</#list>
 	/>
 </#macro>
 
@@ -128,13 +146,14 @@
 		<#assign options=attribute.validators[attribute.annotations.inputOptionsFromValidation].options>
 	<#elseif attribute.validators.options?? && attribute.validators.options.options??>
 		<#assign options=attribute.validators.options.options>
+	<#else>
+		<#assign options=[]>
 	</#if>
 
-	<#if options??>
-		<#list options as option>
+	<#list options as option>
 		<option value="${option}" <#if attribute.values?seq_contains(option)>selected</#if>><@selectOptionLabelText attribute=attribute option=option/></option>
-		</#list>
-	</#if>	
+	</#list>
+
 	</select>
 </#macro>
 
@@ -144,21 +163,22 @@
 		<#assign classDiv=properties.kcInputClassRadio!>
 		<#assign classInput=properties.kcInputClassRadioInput!>
 		<#assign classLabel=properties.kcInputClassRadioLabel!>
-	<#else>	
+	<#else>
 		<#assign inputType='checkbox'>
 		<#assign classDiv=properties.kcInputClassCheckbox!>
 		<#assign classInput=properties.kcInputClassCheckboxInput!>
 		<#assign classLabel=properties.kcInputClassCheckboxLabel!>
 	</#if>
-	
+
 	<#if attribute.annotations.inputOptionsFromValidation?? && attribute.validators[attribute.annotations.inputOptionsFromValidation]?? && attribute.validators[attribute.annotations.inputOptionsFromValidation].options??>
 		<#assign options=attribute.validators[attribute.annotations.inputOptionsFromValidation].options>
 	<#elseif attribute.validators.options?? && attribute.validators.options.options??>
 		<#assign options=attribute.validators.options.options>
+	<#else>
+		<#assign options=[]>
 	</#if>
 
-	<#if options??>
-		<#list options as option>
+	<#list options as option>
 		<div class="${classDiv}">
 			<input type="${inputType}" id="${attribute.name}-${option}" name="${attribute.name}" value="${option}" class="${classInput}"
 				aria-invalid="<#if messagesPerField.existsError('${attribute.name}')>true</#if>"
@@ -167,9 +187,7 @@
 			/>
 			<label for="${attribute.name}-${option}" class="${classLabel}<#if attribute.readOnly> ${properties.kcInputClassRadioCheckboxLabelDisabled!}</#if>"><@selectOptionLabelText attribute=attribute option=option/></label>
 		</div>
-		</#list>
-	</#if>	
-	</select>
+	</#list>
 </#macro>
 
 <#macro selectOptionLabelText attribute option>
@@ -184,4 +202,4 @@
 		</#if>
 	</#if>
 	</#compress>
-</#macro>
\ No newline at end of file
+</#macro>
diff --git a/login/webauthn-authenticate.ftl b/login/webauthn-authenticate.ftl
index 00eb269..8148e80 100644
--- a/login/webauthn-authenticate.ftl
+++ b/login/webauthn-authenticate.ftl
@@ -1,168 +1,102 @@
-  <#import "template.ftl" as layout>
-  <@layout.registrationLayout; section>
-  <#if section = "title">
-   title
-  <#elseif section = "header">
-    ${kcSanitize(msg("webauthn-login-title"))?no_esc}
-  <#elseif section = "form">
-    <div id="kc-form-webauthn" class="${properties.kcFormClass!}">
-      <form id="webauth" action="${url.loginAction}" method="post">
-        <input type="hidden" id="clientDataJSON" name="clientDataJSON"/>
-        <input type="hidden" id="authenticatorData" name="authenticatorData"/>
-        <input type="hidden" id="signature" name="signature"/>
-        <input type="hidden" id="credentialId" name="credentialId"/>
-        <input type="hidden" id="userHandle" name="userHandle"/>
-        <input type="hidden" id="error" name="error"/>
-      </form>
+<#import "template.ftl" as layout>
+<@layout.registrationLayout displayInfo=(realm.registrationAllowed && !registrationDisabled??); section>
+    <#if section = "title">
+     title
+    <#elseif section = "header">
+        ${kcSanitize(msg("webauthn-login-title"))?no_esc}
+    <#elseif section = "form">
+        <div id="kc-form-webauthn" class="${properties.kcFormClass!}">
+            <form id="webauth" action="${url.loginAction}" method="post">
+                <input type="hidden" id="clientDataJSON" name="clientDataJSON"/>
+                <input type="hidden" id="authenticatorData" name="authenticatorData"/>
+                <input type="hidden" id="signature" name="signature"/>
+                <input type="hidden" id="credentialId" name="credentialId"/>
+                <input type="hidden" id="userHandle" name="userHandle"/>
+                <input type="hidden" id="error" name="error"/>
+            </form>
 
-      <div class="${properties.kcFormGroupClass!} no-bottom-margin">
-        <#if authenticators??>
-          <form id="authn_select" class="${properties.kcFormClass!}">
-            <#list authenticators.authenticators as authenticator>
-              <input type="hidden" name="authn_use_chk" value="${authenticator.credentialId}"/>
-            </#list>
-          </form>
-
-          <#if shouldDisplayAuthenticators?? && shouldDisplayAuthenticators>
-            <#if authenticators.authenticators?size gt 1>
-              <p class="${properties.kcSelectAuthListItemTitle!}">${kcSanitize(msg("webauthn-available-authenticators"))?no_esc}</p>
-            </#if>
-
-            <div class="${properties.kcFormClass!}">
-              <#list authenticators.authenticators as authenticator>
-                <div id="kc-webauthn-authenticator" class="${properties.kcSelectAuthListItemClass!}">
-                  <div class="${properties.kcSelectAuthListItemIconClass!}">
-                    <i class="${(properties['${authenticator.transports.iconClass}'])!'${properties.kcWebAuthnDefaultIcon!}'} ${properties.kcSelectAuthListItemIconPropertyClass!}"></i>
-                  </div>
-                  <div class="${properties.kcSelectAuthListItemBodyClass!}">
-                    <div id="kc-webauthn-authenticator-label"
-                       class="${properties.kcSelectAuthListItemHeadingClass!}">
-                      ${kcSanitize(msg('${authenticator.label}'))?no_esc}
-                    </div>
-
-                    <#if authenticator.transports?? && authenticator.transports.displayNameProperties?has_content>
-                      <div id="kc-webauthn-authenticator-transport"
-                         class="${properties.kcSelectAuthListItemDescriptionClass!}">
-                        <#list authenticator.transports.displayNameProperties as nameProperty>
-                          <span>${kcSanitize(msg('${nameProperty!}'))?no_esc}</span>
-                          <#if nameProperty?has_next>
-                            <span>, </span>
-                          </#if>
+            <div class="${properties.kcFormGroupClass!} no-bottom-margin">
+                <#if authenticators??>
+                    <form id="authn_select" class="${properties.kcFormClass!}">
+                        <#list authenticators.authenticators as authenticator>
+                            <input type="hidden" name="authn_use_chk" value="${authenticator.credentialId}"/>
                         </#list>
-                      </div>
+                    </form>
+
+                    <#if shouldDisplayAuthenticators?? && shouldDisplayAuthenticators>
+                        <#if authenticators.authenticators?size gt 1>
+                            <p class="${properties.kcSelectAuthListItemTitle!}">${kcSanitize(msg("webauthn-available-authenticators"))?no_esc}</p>
+                        </#if>
+
+                        <div class="${properties.kcFormClass!}">
+                            <#list authenticators.authenticators as authenticator>
+                                <div id="kc-webauthn-authenticator-item-${authenticator?index}" class="${properties.kcSelectAuthListItemClass!}">
+                                    <div class="${properties.kcSelectAuthListItemIconClass!}">
+                                        <i class="${(properties['${authenticator.transports.iconClass}'])!'${properties.kcWebAuthnDefaultIcon!}'} ${properties.kcSelectAuthListItemIconPropertyClass!}"></i>
+                                    </div>
+                                    <div class="${properties.kcSelectAuthListItemBodyClass!}">
+                                        <div id="kc-webauthn-authenticator-label-${authenticator?index}"
+                                             class="${properties.kcSelectAuthListItemHeadingClass!}">
+                                            ${kcSanitize(msg('${authenticator.label}'))?no_esc}
+                                        </div>
+
+                                        <#if authenticator.transports?? && authenticator.transports.displayNameProperties?has_content>
+                                            <div id="kc-webauthn-authenticator-transport-${authenticator?index}"
+                                                 class="${properties.kcSelectAuthListItemDescriptionClass!}">
+                                                <#list authenticator.transports.displayNameProperties as nameProperty>
+                                                    <span>${kcSanitize(msg('${nameProperty!}'))?no_esc}</span>
+                                                    <#if nameProperty?has_next>
+                                                        <span>, </span>
+                                                    </#if>
+                                                </#list>
+                                            </div>
+                                        </#if>
+
+                                        <div class="${properties.kcSelectAuthListItemDescriptionClass!}">
+                                            <span id="kc-webauthn-authenticator-createdlabel-${authenticator?index}">
+                                                ${kcSanitize(msg('webauthn-createdAt-label'))?no_esc}
+                                            </span>
+                                            <span id="kc-webauthn-authenticator-created-${authenticator?index}">
+                                                ${kcSanitize(authenticator.createdAt)?no_esc}
+                                            </span>
+                                        </div>
+                                    </div>
+                                    <div class="${properties.kcSelectAuthListItemFillClass!}"></div>
+                                </div>
+                            </#list>
+                        </div>
                     </#if>
+                </#if>
 
-                    <div class="${properties.kcSelectAuthListItemDescriptionClass!}">
-                      <span id="kc-webauthn-authenticator-created-label">
-                        ${kcSanitize(msg('webauthn-createdAt-label'))?no_esc}
-                      </span>
-                      <span id="kc-webauthn-authenticator-created">
-                        ${kcSanitize(authenticator.createdAt)?no_esc}
-                      </span>
-                    </div>
-                  </div>
-                  <div class="${properties.kcSelectAuthListItemFillClass!}"></div>
+                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
+                    <input id="authenticateWebAuthnButton" type="button" autofocus="autofocus"
+                           value="${kcSanitize(msg("webauthn-doAuthenticate"))}"
+                           class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"/>
                 </div>
-              </#list>
             </div>
-          </#if>
-        </#if>
-
-        <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
-          <input id="authenticateWebAuthnButton" type="button" onclick="webAuthnAuthenticate()" autofocus="autofocus"
-               value="${kcSanitize(msg("webauthn-doAuthenticate"))}"
-               class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"/>
         </div>
-      </div>
-    </div>
 
-  <script type="text/javascript" src="${url.resourcesCommonPath}/node_modules/jquery/dist/jquery.min.js"></script>
-  <script type="text/javascript" src="${url.resourcesPath}/js/base64url.js"></script>
-  <script type="text/javascript">
-    function webAuthnAuthenticate() {
-      let isUserIdentified = ${isUserIdentified};
-      if (!isUserIdentified) {
-        doAuthenticate([]);
-        return;
-      }
-      checkAllowCredentials();
-    }
+    <script type="module">
+        import { authenticateByWebAuthn } from "${url.resourcesPath}/js/webauthnAuthenticate.js";
+        const authButton = document.getElementById('authenticateWebAuthnButton');
+        authButton.addEventListener("click", function() {
+            const input = {
+                isUserIdentified : ${isUserIdentified},
+                challenge : '${challenge}',
+                userVerification : '${userVerification}',
+                rpId : '${rpId}',
+                createTimeout : ${createTimeout},
+                errmsg : "${msg("webauthn-unsupported-browser-text")?no_esc}"
+            };
+            authenticateByWebAuthn(input);
+        });
+    </script>
 
-    function checkAllowCredentials() {
-      let allowCredentials = [];
-      let authn_use = document.forms['authn_select'].authn_use_chk;
-
-      if (authn_use !== undefined) {
-        if (authn_use.length === undefined) {
-          allowCredentials.push({
-            id: base64url.decode(authn_use.value, {loose: true}),
-            type: 'public-key',
-          });
-        } else {
-          for (let i = 0; i < authn_use.length; i++) {
-            allowCredentials.push({
-              id: base64url.decode(authn_use[i].value, {loose: true}),
-              type: 'public-key',
-            });
-          }
-        }
-      }
-      doAuthenticate(allowCredentials);
-    }
-
-
-  function doAuthenticate(allowCredentials) {
-
-    // Check if WebAuthn is supported by this browser
-    if (!window.PublicKeyCredential) {
-      $("#error").val("${msg("webauthn-unsupported-browser-text")?no_esc}");
-      $("#webauth").submit();
-      return;
-    }
-
-    let challenge = "${challenge}";
-    let userVerification = "${userVerification}";
-    let rpId = "${rpId}";
-    let publicKey = {
-      rpId : rpId,
-      challenge: base64url.decode(challenge, { loose: true })
-    };
-
-    let createTimeout = ${createTimeout};
-    if (createTimeout !== 0) publicKey.timeout = createTimeout * 1000;
-
-    if (allowCredentials.length) {
-      publicKey.allowCredentials = allowCredentials;
-    }
-
-    if (userVerification !== 'not specified') publicKey.userVerification = userVerification;
-
-    navigator.credentials.get({publicKey})
-      .then((result) => {
-        window.result = result;
-
-        let clientDataJSON = result.response.clientDataJSON;
-        let authenticatorData = result.response.authenticatorData;
-        let signature = result.response.signature;
-
-        $("#clientDataJSON").val(base64url.encode(new Uint8Array(clientDataJSON), { pad: false }));
-        $("#authenticatorData").val(base64url.encode(new Uint8Array(authenticatorData), { pad: false }));
-        $("#signature").val(base64url.encode(new Uint8Array(signature), { pad: false }));
-        $("#credentialId").val(result.id);
-        if(result.response.userHandle) {
-          $("#userHandle").val(base64url.encode(new Uint8Array(result.response.userHandle), { pad: false }));
-        }
-        $("#webauth").submit();
-      })
-      .catch((err) => {
-        $("#error").val(err);
-        $("#webauth").submit();
-      })
-    ;
-  }
-
-  </script>
-  <#elseif section = "info">
-
-  </#if>
-  </@layout.registrationLayout>
+    <#elseif section = "info">
+        <#if realm.registrationAllowed && !registrationDisabled??>
+            <div id="kc-registration">
+                <span>${msg("noAccount")} <a tabindex="6" href="${url.registrationUrl}">${msg("doRegister")}</a></span>
+            </div>
+        </#if>
+    </#if>
+</@layout.registrationLayout>
diff --git a/login/webauthn-register.ftl b/login/webauthn-register.ftl
index 3083ce5..af4c950 100644
--- a/login/webauthn-register.ftl
+++ b/login/webauthn-register.ftl
@@ -1,11 +1,11 @@
-    <#import "template.ftl" as layout>
-    <#import "password-commons.ftl" as passwordCommons>
+<#import "template.ftl" as layout>
+<#import "password-commons.ftl" as passwordCommons>
 
-    <@layout.registrationLayout; section>
+<@layout.registrationLayout; section>
     <#if section = "title">
         title
     <#elseif section = "header">
-        <span class="${properties.kcWebAuthnKeyIcon}"></span>
+        <span class="${properties.kcWebAuthnKeyIcon!}"></span>
         ${kcSanitize(msg("webauthn-registration-title"))?no_esc}
     <#elseif section = "form">
 
@@ -21,179 +21,44 @@
             </div>
         </form>
 
-        <script type="text/javascript" src="${url.resourcesPath}/js/base64url.js"></script>
-        <script type="text/javascript">
-
-            function registerSecurityKey() {
-
-                // Check if WebAuthn is supported by this browser
-                if (!window.PublicKeyCredential) {
-                    document.getElementById('error').value = '${msg("webauthn-unsupported-browser-text")?no_esc}';
-                    document.getElementById('register').submit();
-                    return;
-                }
-
-                // mandatory parameters
-                let challenge = "${challenge}";
-                let userid = "${userid}";
-                let username = "${username}";
-
-                let signatureAlgorithms =[<#list signatureAlgorithms as sigAlg>${sigAlg},</#list>]
-                let pubKeyCredParams = getPubKeyCredParams(signatureAlgorithms);
-
-                let rpEntityName = "${rpEntityName}";
-                let rp = {name: rpEntityName};
-
-                let publicKey = {
-                    challenge: base64url.decode(challenge, {loose: true}),
-                    rp: rp,
-                    user: {
-                        id: base64url.decode(userid, {loose: true}),
-                        name: username,
-                        displayName: username
-                    },
-                    pubKeyCredParams: pubKeyCredParams,
+        <script type="module">
+            import { registerByWebAuthn } from "${url.resourcesPath}/js/webauthnRegister.js";
+            const registerButton = document.getElementById('registerWebAuthn');
+            registerButton.addEventListener("click", function() {
+                const input = {
+                    challenge : '${challenge}',
+                    userid : '${userid}',
+                    username : '${username}',
+                    signatureAlgorithms : [<#list signatureAlgorithms as sigAlg>${sigAlg?c},</#list>],
+                    rpEntityName : '${rpEntityName}',
+                    rpId : '${rpId}',
+                    attestationConveyancePreference : '${attestationConveyancePreference}',
+                    authenticatorAttachment : '${authenticatorAttachment}',
+                    requireResidentKey : '${requireResidentKey}',
+                    userVerificationRequirement : '${userVerificationRequirement}',
+                    createTimeout : ${createTimeout},
+                    excludeCredentialIds : '${excludeCredentialIds}',
+                    initLabel : "${msg("webauthn-registration-init-label")?no_esc}",
+                    initLabelPrompt : "${msg("webauthn-registration-init-label-prompt")?no_esc}",
+                    errmsg : "${msg("webauthn-unsupported-browser-text")?no_esc}"
                 };
-
-                // optional parameters
-                let rpId = "${rpId}";
-                publicKey.rp.id = rpId;
-
-                let attestationConveyancePreference = "${attestationConveyancePreference}";
-                if (attestationConveyancePreference !== 'not specified') publicKey.attestation = attestationConveyancePreference;
-
-                let authenticatorSelection = {};
-                let isAuthenticatorSelectionSpecified = false;
-
-                let authenticatorAttachment = "${authenticatorAttachment}";
-                if (authenticatorAttachment !== 'not specified') {
-                    authenticatorSelection.authenticatorAttachment = authenticatorAttachment;
-                    isAuthenticatorSelectionSpecified = true;
-                }
-
-                let requireResidentKey = "${requireResidentKey}";
-                if (requireResidentKey !== 'not specified') {
-                    if (requireResidentKey === 'Yes')
-                        authenticatorSelection.requireResidentKey = true;
-                    else
-                        authenticatorSelection.requireResidentKey = false;
-                    isAuthenticatorSelectionSpecified = true;
-                }
-
-                let userVerificationRequirement = "${userVerificationRequirement}";
-                if (userVerificationRequirement !== 'not specified') {
-                    authenticatorSelection.userVerification = userVerificationRequirement;
-                    isAuthenticatorSelectionSpecified = true;
-                }
-
-                if (isAuthenticatorSelectionSpecified) publicKey.authenticatorSelection = authenticatorSelection;
-
-                let createTimeout = ${createTimeout};
-                if (createTimeout !== 0) publicKey.timeout = createTimeout * 1000;
-
-                let excludeCredentialIds = "${excludeCredentialIds}";
-                let excludeCredentials = getExcludeCredentials(excludeCredentialIds);
-                if (excludeCredentials.length > 0) publicKey.excludeCredentials = excludeCredentials;
-
-                navigator.credentials.create({publicKey})
-                    .then(function (result) {
-                        window.result = result;
-                        let clientDataJSON = result.response.clientDataJSON;
-                        let attestationObject = result.response.attestationObject;
-                        let publicKeyCredentialId = result.rawId;
-
-                        document.getElementById('clientDataJSON').value = base64url.encode(new Uint8Array(clientDataJSON), {pad: false});
-                        document.getElementById('attestationObject').value = base64url.encode(new Uint8Array(attestationObject), {pad: false});
-                        document.getElementById('publicKeyCredentialId').value = base64url.encode(new Uint8Array(publicKeyCredentialId), {pad: false});
-
-                        if (typeof result.response.getTransports === "function") {
-                            let transports = result.response.getTransports();
-                            if (transports) {
-                                document.getElementById('transports').value = getTransportsAsString(transports);
-                            }
-                        } else {
-                            console.log("Your browser is not able to recognize supported transport media for the authenticator.");
-                        }
-
-                        let initLabel = "WebAuthn Authenticator (Default Label)";
-                        let labelResult = window.prompt("Please input your registered authenticator's label", initLabel);
-                        if (labelResult === null) labelResult = initLabel;
-                        document.getElementById("authenticatorLabel").value = labelResult;
-
-                        document.getElementById('register').submit();
-
-                    })
-                    .catch(function (err) {
-                        document.getElementById("error").value = err;
-                        document.getElementById("register").submit();
-
-                    });
-            }
-
-            function getPubKeyCredParams(signatureAlgorithmsList) {
-                let pubKeyCredParams = [];
-                if (signatureAlgorithmsList === []) {
-                    pubKeyCredParams.push({type: "public-key", alg: -7});
-                    return pubKeyCredParams;
-                }
-
-                for (let i = 0; i < signatureAlgorithmsList.length; i++) {
-                    pubKeyCredParams.push({
-                        type: "public-key",
-                        alg: signatureAlgorithmsList[i]
-                    });
-                }
-                return pubKeyCredParams;
-            }
-
-            function getExcludeCredentials(excludeCredentialIds) {
-                let excludeCredentials = [];
-                if (excludeCredentialIds === "") return excludeCredentials;
-
-                let excludeCredentialIdsList = excludeCredentialIds.split(',');
-
-                for (let i = 0; i < excludeCredentialIdsList.length; i++) {
-                    excludeCredentials.push({
-                        type: "public-key",
-                        id: base64url.decode(excludeCredentialIdsList[i],
-                        {loose: true})
-                    });
-                }
-                return excludeCredentials;
-            }
-
-            function getTransportsAsString(transportsList) {
-                if (transportsList === '' || transportsList.constructor !== Array) return "";
-
-                let transportsString = "";
-
-                for (let i = 0; i < transportsList.length; i++) {
-                    transportsString += transportsList[i] + ",";
-                }
-
-                return transportsString.slice(0, -1);
-            }
+                registerByWebAuthn(input);
+            });
         </script>
 
-        <button
-          type="submit"
-          class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
-          id="registerWebAuthn"
-          onclick="registerSecurityKey()"
-         >${msg("doRegister")}</button>
+        <input type="submit"
+               class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
+               id="registerWebAuthn" value="${msg("doRegisterSecurityKey")}"/>
 
         <#if !isSetRetry?has_content && isAppInitiatedAction?has_content>
             <form action="${url.loginAction}" class="${properties.kcFormClass!}" id="kc-webauthn-settings-form"
                   method="post">
-                <button
-                  type="submit"
-                  class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
-                  id="cancelWebAuthnAIA"
-                  name="cancel-aia"
-                  value="true"
-                >${msg("doCancel")}</button>
+                <button type="submit"
+                        class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
+                        id="cancelWebAuthnAIA" name="cancel-aia" value="true">${msg("doCancel")}
+                </button>
             </form>
         </#if>
 
     </#if>
-    </@layout.registrationLayout>
+</@layout.registrationLayout>