diff --git a/pom.xml b/pom.xml
index 47d265e..59d29b6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -17,7 +17,8 @@
     </licenses>
 
     <properties>
-        <keycloak.version>25.0.6</keycloak.version>
+        <keycloak.version>26.0.7</keycloak.version>
+        <keycloak.client.version>26.0.3</keycloak.client.version>
     </properties>
 
     <dependencies>
@@ -48,7 +49,7 @@
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-admin-client</artifactId>
-            <version>${keycloak.version}</version>
+            <version>${keycloak.client.version}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
diff --git a/src/main/java/dev/sultanov/keycloak/multitenancy/authentication/authenticators/LoginWithSsoAuthenticator.java b/src/main/java/dev/sultanov/keycloak/multitenancy/authentication/authenticators/LoginWithSsoAuthenticator.java
index 44afa98..0dbe1c5 100644
--- a/src/main/java/dev/sultanov/keycloak/multitenancy/authentication/authenticators/LoginWithSsoAuthenticator.java
+++ b/src/main/java/dev/sultanov/keycloak/multitenancy/authentication/authenticators/LoginWithSsoAuthenticator.java
@@ -30,7 +30,7 @@ public void authenticate(AuthenticationFlowContext context) {
     public void action(AuthenticationFlowContext context) {
         MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
         var ssoId = formData.getFirst("sso-id");
-        var identityProviderModel = context.getRealm().getIdentityProvidersStream()
+        var identityProviderModel = context.getSession().identityProviders().getAllStream()
                 .filter(idp -> idp.getAlias().equals(ssoId))
                 .filter(IdentityProviderModel::isEnabled)
                 .filter(not(IdentityProviderModel::isLinkOnly))
diff --git a/src/main/java/dev/sultanov/keycloak/multitenancy/authentication/requiredactions/SelectActiveTenant.java b/src/main/java/dev/sultanov/keycloak/multitenancy/authentication/requiredactions/SelectActiveTenant.java
index c72f2ce..b59bce0 100644
--- a/src/main/java/dev/sultanov/keycloak/multitenancy/authentication/requiredactions/SelectActiveTenant.java
+++ b/src/main/java/dev/sultanov/keycloak/multitenancy/authentication/requiredactions/SelectActiveTenant.java
@@ -8,7 +8,6 @@
 import dev.sultanov.keycloak.multitenancy.model.TenantProvider;
 import dev.sultanov.keycloak.multitenancy.util.Constants;
 import jakarta.ws.rs.core.Response;
-import jakarta.ws.rs.core.Response.Status;
 import java.util.List;
 import java.util.Optional;
 import lombok.extern.jbosslog.JBossLog;
@@ -48,7 +47,7 @@ public void evaluateTriggers(RequiredActionContext context) {
     @Override
     public void requiredActionChallenge(RequiredActionContext context) {
         var tenantMemberships = getFilteredTenantMemberships(context);
-        if (tenantMemberships.size() == 0) {
+        if (tenantMemberships.isEmpty()) {
             context.success();
         } else if (tenantMemberships.size() == 1) {
             log.debugf("User is a member of a single tenant, setting active tenant automatically");
@@ -120,7 +119,7 @@ private List<TenantMembershipModel> getFilteredTenantMemberships(RequiredActionC
             var tenantMembershipModels = tenantMembershipsStream.filter(
                             membership -> idpTenantsConfig.get().getAccessibleTenantIds().contains(membership.getTenant().getId()))
                     .toList();
-            if (tenantMembershipModels.size() == 0) {
+            if (tenantMembershipModels.isEmpty()) {
                 throw new AuthenticationFlowException("User does not have access to any of IDP tenants", AuthenticationFlowError.ACCESS_DENIED);
             }
             return tenantMembershipModels;
@@ -137,7 +136,7 @@ private List<TenantMembershipModel> getFilteredTenantMemberships(RequiredActionC
      */
     private Optional<IdentityProviderTenantsConfig> getIdentityProviderTenantsConfig(RequiredActionContext context) {
         return getSessionNote(context, IDENTITY_PROVIDER_SESSION_NOTE)
-                .map(context.getRealm()::getIdentityProviderByAlias)
+                .map(context.getSession().identityProviders()::getByAlias)
                 .map(IdentityProviderTenantsConfig::of);
     }
 
diff --git a/src/main/resources/theme-resources/templates/create-tenant.ftl b/src/main/resources/theme-resources/templates/create-tenant.ftl
index c80c981..b4236dd 100644
--- a/src/main/resources/theme-resources/templates/create-tenant.ftl
+++ b/src/main/resources/theme-resources/templates/create-tenant.ftl
@@ -4,7 +4,9 @@
         ${kcSanitize(msg("createTenantHeader"))?no_esc}
     <#elseif section = "form">
         <form class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
-
+            <div class="${properties.kcFormGroupClass!}">
+                <p>${msg("createTenantInfo")}</p>
+            </div>
             <div class="${properties.kcFormGroupClass!}">
                 <div class="${properties.kcLabelWrapperClass!}">
                     <label for="tenantName" class="${properties.kcLabelClass!}">${msg("tenantName")}</label>
@@ -29,7 +31,5 @@
                 </div>
             </div>
         </form>
-    <#elseif section = "info" >
-        ${msg("createTenantInfo")}
     </#if>
 </@layout.registrationLayout>
diff --git a/src/main/resources/theme-resources/templates/login-with-sso.ftl b/src/main/resources/theme-resources/templates/login-with-sso.ftl
index 831a5a5..9599e61 100644
--- a/src/main/resources/theme-resources/templates/login-with-sso.ftl
+++ b/src/main/resources/theme-resources/templates/login-with-sso.ftl
@@ -5,7 +5,9 @@
     <#elseif section = "form">
         <form class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
             <div class="${properties.kcFormGroupClass!}">
-
+                <p>${msg("ssoInfo")}</p>
+            </div>
+            <div class="${properties.kcFormGroupClass!}">
                 <div class="${properties.kcLabelWrapperClass!}">
                     <label for="sso-id" class="${properties.kcLabelClass!}">${msg("ssoLabel")}</label>
                 </div>
@@ -27,7 +29,5 @@
                 </div>
             </div>
         </form>
-    <#elseif section = "info" >
-        ${msg("ssoInfo")}
     </#if>
 </@layout.registrationLayout>
\ No newline at end of file
diff --git a/src/main/resources/theme-resources/templates/review-invitations.ftl b/src/main/resources/theme-resources/templates/review-invitations.ftl
index d400889..388cbff 100644
--- a/src/main/resources/theme-resources/templates/review-invitations.ftl
+++ b/src/main/resources/theme-resources/templates/review-invitations.ftl
@@ -3,26 +3,34 @@
     <#if section = "header">
         ${kcSanitize(msg("reviewInvitationsHeader"))?no_esc}
     <#elseif section = "form">
-        <form class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
-            <div class="${properties.kcFormGroupClass!}">
-                <div class="${properties.kcFormOptionsClass!}">
-                    <div class="${properties.kcFormOptionsWrapperClass!}">
-                        <#list data.tenants as tenant>
-                            <div class="checkbox">
-                                <label class="${properties.kcLabelClass!}">
-                                    <input id="tenant-${tenant.id}" name="tenants" type="checkbox" value="${tenant.id}" checked> ${tenant.name}
-                                </label>
+        <div id="kc-form">
+            <div id="kc-form-wrapper">
+                <form class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
+
+                    <div class="${properties.kcFormGroupClass!}">
+                        <p>${msg("reviewInvitationsInfo")}</p>
+                    </div>
+                    <div class="${properties.kcFormGroupClass!}">
+                        <div class="${properties.kcFormOptionsClass!}">
+                            <div class="${properties.kcFormOptionsWrapperClass!}">
+                                <#list data.tenants as tenant>
+                                    <div class="checkbox">
+                                        <label class="${properties.kcLabelClass!}">
+                                            <input id="tenant-${tenant.id}" name="tenants" type="checkbox" value="${tenant.id}" checked> ${tenant.name}
+                                        </label>
+                                    </div>
+                                </#list>
                             </div>
-                        </#list>
+                        </div>
+                    </div>
+                    <div class="${properties.kcFormGroupClass!}">
+                        <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
+                            <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
+                                   name="accept" id="kc-accept" type="submit" value="${msg("doAccept")}"/>
+                        </div>
                     </div>
-                </div>
-                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
-                    <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
-                           name="accept" id="kc-accept" type="submit" value="${msg("doAccept")}"/>
-                </div>
+                </form>
             </div>
-        </form>
-    <#elseif section = "info" >
-        ${msg("reviewInvitationsInfo")}
+        </div>
     </#if>
 </@layout.registrationLayout>
diff --git a/src/main/resources/theme-resources/templates/select-tenant.ftl b/src/main/resources/theme-resources/templates/select-tenant.ftl
index 74b0374..eab0abb 100644
--- a/src/main/resources/theme-resources/templates/select-tenant.ftl
+++ b/src/main/resources/theme-resources/templates/select-tenant.ftl
@@ -4,6 +4,9 @@
         ${kcSanitize(msg("selectTenantHeader"))?no_esc}
     <#elseif section = "form">
         <form class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
+            <div class="${properties.kcFormGroupClass!}">
+                <p>${msg("selectTenantInfo")}</p>
+            </div>
             <div class="${properties.kcFormGroupClass!}">
                 <label class="${properties.kcLabelWrapperClass!}">
                     <select class="${properties.kcInputClass!}" name="tenant" required>
@@ -12,13 +15,13 @@
                         </#list>
                     </select>
                 </label>
+            </div>
+            <div class="${properties.kcFormGroupClass!}">
                 <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
                     <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}"
                            name="accept" id="kc-accept" type="submit" value="${msg("doLogIn")}"/>
                 </div>
             </div>
         </form>
-    <#elseif section = "info" >
-        ${msg("selectTenantInfo")}
     </#if>
 </@layout.registrationLayout>
diff --git a/src/test/java/dev/sultanov/keycloak/multitenancy/support/BaseIntegrationTest.java b/src/test/java/dev/sultanov/keycloak/multitenancy/support/BaseIntegrationTest.java
index c01306e..a38a256 100644
--- a/src/test/java/dev/sultanov/keycloak/multitenancy/support/BaseIntegrationTest.java
+++ b/src/test/java/dev/sultanov/keycloak/multitenancy/support/BaseIntegrationTest.java
@@ -18,7 +18,7 @@ public class BaseIntegrationTest {
     private static final Integer MAILHOG_HTTP_PORT = 8025;
 
     private static final Network network = Network.newNetwork();
-    private static final KeycloakContainer keycloak = new KeycloakContainer("quay.io/keycloak/keycloak:25.0.1")
+    private static final KeycloakContainer keycloak = new KeycloakContainer("quay.io/keycloak/keycloak:26.0.7")
             .withRealmImportFiles("/realm-export.json", "/idp-realm-export.json")
             .withProviderClassesFrom("target/classes")
             .withNetwork(network)
diff --git a/src/test/java/dev/sultanov/keycloak/multitenancy/support/browser/SelectTenantPage.java b/src/test/java/dev/sultanov/keycloak/multitenancy/support/browser/SelectTenantPage.java
index 258c83d..c8c5103 100644
--- a/src/test/java/dev/sultanov/keycloak/multitenancy/support/browser/SelectTenantPage.java
+++ b/src/test/java/dev/sultanov/keycloak/multitenancy/support/browser/SelectTenantPage.java
@@ -12,11 +12,11 @@ public class SelectTenantPage extends AbstractPage {
     }
 
     public List<String> availableOptions() {
-        return page.getByRole(AriaRole.OPTION).allTextContents();
+        return page.locator("select[name='tenant']").locator("option").allTextContents();
     }
 
     public SelectTenantPage select(String tenantName) {
-        page.getByRole(AriaRole.COMBOBOX).selectOption(new SelectOption().setLabel(tenantName));
+        page.locator("select[name='tenant']").selectOption(new SelectOption().setLabel(tenantName));
         return this;
     }
 
diff --git a/src/test/resources/idp-realm-export.json b/src/test/resources/idp-realm-export.json
index 4af5c1d..cb430f3 100644
--- a/src/test/resources/idp-realm-export.json
+++ b/src/test/resources/idp-realm-export.json
@@ -26,7 +26,7 @@
   "oauth2DeviceCodeLifespan" : 600,
   "oauth2DevicePollingInterval" : 5,
   "enabled" : true,
-  "sslRequired" : "external",
+  "sslRequired" : "none",
   "registrationAllowed" : false,
   "registrationEmailAsUsername" : true,
   "rememberMe" : false,
@@ -511,7 +511,7 @@
     "protocol" : "openid-connect",
     "attributes" : { },
     "authenticationFlowBindingOverrides" : { },
-    "fullScopeAllowed" : false,
+    "fullScopeAllowed" : true,
     "nodeReRegistrationTimeout" : 0,
     "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
     "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
diff --git a/src/test/resources/realm-export.json b/src/test/resources/realm-export.json
index 74bc39c..6512205 100644
--- a/src/test/resources/realm-export.json
+++ b/src/test/resources/realm-export.json
@@ -26,7 +26,7 @@
   "oauth2DeviceCodeLifespan": 600,
   "oauth2DevicePollingInterval": 5,
   "enabled": true,
-  "sslRequired": "external",
+  "sslRequired": "none",
   "registrationAllowed": true,
   "registrationEmailAsUsername": true,
   "rememberMe": false,