diff --git a/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml b/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml
index 094e4268d43..59ae243e0c9 100755
--- a/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml
+++ b/distribution/adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml
@@ -27,4 +27,10 @@
             <outputDirectory>modules</outputDirectory>
         </fileSet>
     </fileSets>
+    <files>
+        <file>
+             <source>../../shared-cli/adapter-install.cli</source>
+             <outputDirectory>bin</outputDirectory>
+        </file>
+    </files>
 </assembly>
diff --git a/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml b/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml
index 4e29b1b9c37..0f6c4627719 100755
--- a/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml
+++ b/distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml
@@ -27,4 +27,10 @@
             <outputDirectory>modules/system/layers/base</outputDirectory>
         </fileSet>
     </fileSets>
+    <files>
+        <file>
+             <source>../../shared-cli/adapter-install.cli</source>
+             <outputDirectory>bin</outputDirectory>
+        </file>
+    </files>
 </assembly>
diff --git a/distribution/adapters/shared-cli/adapter-install.cli b/distribution/adapters/shared-cli/adapter-install.cli
new file mode 100644
index 00000000000..b4a396ba7a8
--- /dev/null
+++ b/distribution/adapters/shared-cli/adapter-install.cli
@@ -0,0 +1,4 @@
+/subsystem=security/security-domain=keycloak/:add
+/subsystem=security/security-domain=keycloak/authentication=classic/:add(login-modules=[{ "code" => "org.keycloak.adapters.jboss.KeycloakLoginModule","flag" => "required"}])
+/extension=org.keycloak.keycloak-adapter-subsystem/:add(module=org.keycloak.keycloak-adapter-subsystem)
+/subsystem=keycloak:add
\ No newline at end of file
diff --git a/distribution/adapters/wf8-adapter/wf8-adapter-zip/assembly.xml b/distribution/adapters/wf8-adapter/wf8-adapter-zip/assembly.xml
index 3f5d8878d96..da4e127bc41 100755
--- a/distribution/adapters/wf8-adapter/wf8-adapter-zip/assembly.xml
+++ b/distribution/adapters/wf8-adapter/wf8-adapter-zip/assembly.xml
@@ -28,4 +28,10 @@
             <outputDirectory>modules/system/layers/base</outputDirectory>
         </fileSet>
     </fileSets>
+    <files>
+        <file>
+             <source>../../shared-cli/adapter-install.cli</source>
+             <outputDirectory>bin</outputDirectory>
+        </file>
+    </files>
 </assembly>
diff --git a/distribution/adapters/wf9-adapter/wf9-adapter-zip/assembly.xml b/distribution/adapters/wf9-adapter/wf9-adapter-zip/assembly.xml
index e81d4e4e0f9..764b76dbba4 100755
--- a/distribution/adapters/wf9-adapter/wf9-adapter-zip/assembly.xml
+++ b/distribution/adapters/wf9-adapter/wf9-adapter-zip/assembly.xml
@@ -27,4 +27,10 @@
             <outputDirectory>modules/system/layers/base</outputDirectory>
         </fileSet>
     </fileSets>
+    <files>
+        <file>
+             <source>../../shared-cli/adapter-install.cli</source>
+             <outputDirectory>bin</outputDirectory>
+        </file>
+    </files>
 </assembly>
diff --git a/docbook/reference/en/en-US/modules/jboss-adapter.xml b/docbook/reference/en/en-US/modules/jboss-adapter.xml
index 52877de44fb..9e2d4a1ce9a 100755
--- a/docbook/reference/en/en-US/modules/jboss-adapter.xml
+++ b/docbook/reference/en/en-US/modules/jboss-adapter.xml
@@ -48,6 +48,15 @@ $ unzip keycloak-as7-adapter-dist.zip
         After adding the Keycloak modules, you must then enable the Keycloak Subsystem within your app server's server configuration:
         <literal>domain.xml</literal> or <literal>standalone.xml</literal>.
     </para>
+    <para>
+        There is a CLI script that will help you modify your server configuration.  Start the server and run the script 
+        from the server's bin directory:
+<programlisting>
+$ cd $JBOSS_HOME/bin
+$ jboss-cli.sh -c --file=adapter-install.cli
+</programlisting>
+        The script will add the extension, subsystem, and optional security-domain as described below.
+    </para>
     <para>
 <programlisting><![CDATA[
 <server xmlns="urn:jboss:domain:1.4">
@@ -65,8 +74,7 @@ $ unzip keycloak-as7-adapter-dist.zip
 </programlisting>
     </para>
         <para>
-            Finally, you must specify a shared keycloak security domain.
-            This security domain should be used with EJBs and other components when you need the security context created
+            The keycloak security domain should be used with EJBs and other components when you need the security context created
             in the secured web tier to be propagated to the EJBs (other EE component) you are invoking.  Otherwise
             this configuration is optional.
         </para>