diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index afd6ea2..ace4743 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -10,6 +10,7 @@
         port: 16667
       - host: myhost2
         port: 16668
+    keycloak_jboss_port_offset: 10
     keycloak_log_target: /tmp/keycloak
   roles:
     - role: keycloak
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
index 36f49b1..ba0e01f 100644
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -4,8 +4,9 @@
   vars:
     keycloak_admin_password: "remembertochangeme"
     keycloak_jvm_package: java-11-openjdk-headless
-    keycloak_uri: http://localhost:8080
-    keycloak_management_port: http://localhost:9990
+    keycloak_uri: "http://localhost:{{ 8080 + ( keycloak_jboss_port_offset | default(0) ) }}"
+    keycloak_management_port: "http://localhost:{{ 9990 + ( keycloak_jboss_port_offset | default(0) ) }}"
+    keycloak_jboss_port_offset: 10
   tasks:
     - name: Populate service facts
       ansible.builtin.service_facts:
diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md
index ed10963..17149f7 100644
--- a/roles/keycloak/README.md
+++ b/roles/keycloak/README.md
@@ -104,14 +104,15 @@ Role Defaults
 |`keycloak_download_url_9x` | Download URL for keycloak (deprecated) | `https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}` |
 |`keycloak_installdir` | Installation path | `{{ keycloak_dest }}/keycloak-{{ keycloak_version }}` |
 |`keycloak_jboss_home` | Installation work directory | `{{ keycloak_rhsso_installdir }}` |
+|`keycloak_jboss_port_offset` | Port offset for the JBoss socket binding | `0` |
 |`keycloak_config_dir` | Path for configuration | `{{ keycloak_jboss_home }}/standalone/configuration` |
 |`keycloak_config_path_to_standalone_xml` | Custom path for configuration | `{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}` |
 |`keycloak_config_override_template` | Path to custom template for standalone.xml configuration | `''` |
 |`keycloak_auth_realm` | Name for rest authentication realm | `master` |
 |`keycloak_auth_client` | Authentication client for configuration REST calls | `admin-cli` |
 |`keycloak_force_install` | Remove pre-existing versions of service | `False` |
-|`keycloak_url` | URL for configuration rest calls | `http://{{ keycloak_host }}:{{ keycloak_http_port }}` |
-|`keycloak_management_url` | URL for management console rest calls | `http://{{ keycloak_host }}:{{ keycloak_management_http_port }}` |
+|`keycloak_url` | URL for configuration rest calls | `http://{{ keycloak_host }}:{{ keycloak_http_port + keycloak_jboss_port_offset }}` |
+|`keycloak_management_url` | URL for management console rest calls | `http://{{ keycloak_host }}:{{ keycloak_management_http_port + keycloak_jboss_port_offset }}` |
 |`keycloak_frontend_url_force` | Force backend requests to use the frontend URL | `False` |
 |`keycloak_db_background_validation` | Enable background validation of database connection | `False` |
 |`keycloak_db_background_validation_millis`| How frequenly the connection pool is validated in the background | `10000` if background validation enabled |
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index 124250e..2b5cc35 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -12,6 +12,7 @@ keycloak_jvm_package: java-1.8.0-openjdk-headless
 keycloak_java_home:
 keycloak_dest: /opt/keycloak
 keycloak_jboss_home: "{{ keycloak_installdir }}"
+keycloak_jboss_port_offset: 0
 keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
 keycloak_config_standalone_xml: "keycloak.xml"
 keycloak_config_path_to_standalone_xml: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml
index 5b64fe9..2e93667 100644
--- a/roles/keycloak/meta/argument_specs.yml
+++ b/roles/keycloak/meta/argument_specs.yml
@@ -54,6 +54,10 @@ argument_specs:
                 default: "{{ keycloak_installdir }}"
                 description: "Installation work directory"
                 type: "str"
+            keycloak_jboss_port_offset:
+                default: 0
+                description: "Port offset for the JBoss socket binding"
+                type: "int"
             keycloak_config_dir:
                 # line 26 of keycloak/defaults/main.yml
                 default: "{{ keycloak_jboss_home }}/standalone/configuration"
@@ -280,12 +284,12 @@ argument_specs:
                 type: "str"
             keycloak_url:
                 # line 12 of keycloak/vars/main.yml
-                default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
+                default: "http://{{ keycloak_host }}:{{ keycloak_http_port + keycloak_jboss_port_offset }}"
                 description: "URL for configuration rest calls"
                 type: "str"
             keycloak_management_url:
                 # line 13 of keycloak/vars/main.yml
-                default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
+                default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port + keycloak_jboss_port_offset }}"
                 description: "URL for management console rest calls"
                 type: "str"
             keycloak_service_name:
diff --git a/roles/keycloak/templates/15.0.8/standalone-infinispan.xml.j2 b/roles/keycloak/templates/15.0.8/standalone-infinispan.xml.j2
index be61837..2d84f3f 100644
--- a/roles/keycloak/templates/15.0.8/standalone-infinispan.xml.j2
+++ b/roles/keycloak/templates/15.0.8/standalone-infinispan.xml.j2
@@ -737,7 +737,7 @@
             <inet-address value="{{ keycloak_bind_address }}"/>
         </interface>
     </interfaces>
-    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:{{ keycloak_jboss_port_offset }}}">
         <socket-binding name="ajp" port="{{ keycloak_ajp_port }}"/>
         <socket-binding name="http" port="{{ keycloak_http_port }}"/>
         <socket-binding name="https" port="{{ keycloak_https_port }}"/>
diff --git a/roles/keycloak/templates/15.0.8/standalone.xml.j2 b/roles/keycloak/templates/15.0.8/standalone.xml.j2
index e2f6a76..de175f2 100644
--- a/roles/keycloak/templates/15.0.8/standalone.xml.j2
+++ b/roles/keycloak/templates/15.0.8/standalone.xml.j2
@@ -638,7 +638,7 @@
             <inet-address value="{{ keycloak_bind_address }}"/>
         </interface>
     </interfaces>
-    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:{{ keycloak_jboss_port_offset }}}">
         <socket-binding name="ajp" port="{{ keycloak_ajp_port }}"/>
         <socket-binding name="http" port="{{ keycloak_http_port }}"/>
         <socket-binding name="https" port="{{ keycloak_https_port }}"/>
diff --git a/roles/keycloak/templates/9.0.2/standalone-infinispan.xml.j2 b/roles/keycloak/templates/9.0.2/standalone-infinispan.xml.j2
index 9e0ae66..4f90ad8 100644
--- a/roles/keycloak/templates/9.0.2/standalone-infinispan.xml.j2
+++ b/roles/keycloak/templates/9.0.2/standalone-infinispan.xml.j2
@@ -734,7 +734,7 @@
             <inet-address value="${jboss.bind.address:127.0.0.1}"/>
         </interface>
     </interfaces>
-    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:{{ keycloak_jboss_port_offset }}}">
         <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
         <socket-binding name="http" port="${jboss.http.port:8080}"/>
         <socket-binding name="https" port="${jboss.https.port:8443}"/>
diff --git a/roles/keycloak/templates/9.0.2/standalone.xml.j2 b/roles/keycloak/templates/9.0.2/standalone.xml.j2
index 823357f..4188e92 100644
--- a/roles/keycloak/templates/9.0.2/standalone.xml.j2
+++ b/roles/keycloak/templates/9.0.2/standalone.xml.j2
@@ -598,7 +598,7 @@
             <inet-address value="${jboss.bind.address:127.0.0.1}"/>
         </interface>
     </interfaces>
-    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:{{ keycloak_jboss_port_offset }}}">
         <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
         <socket-binding name="http" port="${jboss.http.port:8080}"/>
         <socket-binding name="https" port="${jboss.https.port:8443}"/>
diff --git a/roles/keycloak/templates/standalone-ha.xml.j2 b/roles/keycloak/templates/standalone-ha.xml.j2
index 98e26f6..99399f3 100644
--- a/roles/keycloak/templates/standalone-ha.xml.j2
+++ b/roles/keycloak/templates/standalone-ha.xml.j2
@@ -674,7 +674,7 @@
             <inet-address value="{{ keycloak_bind_address }}"/>
         </interface>
     </interfaces>
-    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:{{ keycloak_jboss_port_offset }}}">
         <socket-binding name="ajp" port="{{ keycloak_ajp_port }}"/>
         <socket-binding name="http" port="{{ keycloak_http_port }}"/>
         <socket-binding name="https" port="{{ keycloak_https_port }}"/>
diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2
index 38fbfec..0b0c8af 100644
--- a/roles/keycloak/templates/standalone-infinispan.xml.j2
+++ b/roles/keycloak/templates/standalone-infinispan.xml.j2
@@ -712,7 +712,7 @@
             <inet-address value="{{ keycloak_bind_address }}"/>
         </interface>
     </interfaces>
-    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:{{ keycloak_jboss_port_offset }}}">
         <socket-binding name="ajp" port="{{ keycloak_ajp_port }}"/>
         <socket-binding name="http" port="{{ keycloak_http_port }}"/>
         <socket-binding name="https" port="{{ keycloak_https_port }}"/>
diff --git a/roles/keycloak/templates/standalone.xml.j2 b/roles/keycloak/templates/standalone.xml.j2
index bf2d528..72fe4d6 100644
--- a/roles/keycloak/templates/standalone.xml.j2
+++ b/roles/keycloak/templates/standalone.xml.j2
@@ -604,7 +604,7 @@
             <inet-address value="{{ keycloak_bind_address }}"/>
         </interface>
     </interfaces>
-    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:{{ keycloak_jboss_port_offset }}}">
         <socket-binding name="ajp" port="{{ keycloak_ajp_port }}"/>
         <socket-binding name="http" port="{{ keycloak_http_port }}"/>
         <socket-binding name="https" port="{{ keycloak_https_port }}"/>
diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml
index 5fe498d..b03a1a5 100644
--- a/roles/keycloak/vars/main.yml
+++ b/roles/keycloak/vars/main.yml
@@ -2,8 +2,8 @@
 # internal variables below
 
 # locations
-keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
-keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
+keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port + keycloak_jboss_port_offset }}"
+keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port + keycloak_jboss_port_offset }}"
 
 
 keycloak:
diff --git a/roles/keycloak_realm/meta/argument_specs.yml b/roles/keycloak_realm/meta/argument_specs.yml
index 4345af6..da3eca1 100644
--- a/roles/keycloak_realm/meta/argument_specs.yml
+++ b/roles/keycloak_realm/meta/argument_specs.yml
@@ -83,12 +83,12 @@ argument_specs:
                 type: "list"
             keycloak_url:
                 # line 14 of keycloak_realm/vars/main.yml
-                default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
+                default: "http://{{ keycloak_host }}:{{ keycloak_http_port + ( keycloak_jboss_port_offset | default(0) ) }}"
                 description: "URL for configuration rest calls"
                 type: "str"
             keycloak_management_url:
                 # line 15 of keycloak_realm/vars/main.yml
-                default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
+                default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port + ( keycloak_jboss_port_offset | default(0) ) }}"
                 description: "URL for management console rest calls"
                 type: "str"
     downstream:
diff --git a/roles/keycloak_realm/vars/main.yml b/roles/keycloak_realm/vars/main.yml
index 076a8a9..cbb9435 100644
--- a/roles/keycloak_realm/vars/main.yml
+++ b/roles/keycloak_realm/vars/main.yml
@@ -5,5 +5,5 @@
 keycloak_realm:
 
 # other settings
-keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
-keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
+keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port + ( keycloak_jboss_port_offset | default(0) ) }}"
+keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port + ( keycloak_jboss_port_offset | default(0) ) }}"