diff --git a/roles/svc-db-postgres/tasks/01_core.yml b/roles/svc-db-postgres/tasks/01_core.yml
index 34b436ae..ea0776d5 100644
--- a/roles/svc-db-postgres/tasks/01_core.yml
+++ b/roles/svc-db-postgres/tasks/01_core.yml
@@ -25,3 +25,5 @@
   community.general.pacman:
     name: python-psycopg2
     state: present
+
+- include_tasks: utils/run_once.yml
\ No newline at end of file
diff --git a/roles/svc-db-postgres/tasks/main.yml b/roles/svc-db-postgres/tasks/main.yml
index a1cdca47..f4b6d572 100644
--- a/roles/svc-db-postgres/tasks/main.yml
+++ b/roles/svc-db-postgres/tasks/main.yml
@@ -1,6 +1,5 @@
 - block:
   - include_tasks: 01_core.yml
-  - include_tasks: utils/run_once.yml
     vars:
       # Force the flush of the pg handler on the first run
       flush_handlers: true
diff --git a/roles/sys-svc-cdn/tasks/01_core.yml b/roles/sys-svc-cdn/tasks/01_core.yml
index 5a9786b6..d54800d4 100644
--- a/roles/sys-svc-cdn/tasks/01_core.yml
+++ b/roles/sys-svc-cdn/tasks/01_core.yml
@@ -27,4 +27,5 @@
     group: "{{ NGINX.USER }}"
     mode:  "0755"
   loop: "{{ CDN_DIRS_GLOBAL }}"
+
 - include_tasks: utils/run_once.yml
\ No newline at end of file
diff --git a/roles/web-app-xwiki/tasks/01_core.yml b/roles/web-app-xwiki/tasks/01_core.yml
index 8865b009..5c2c26bc 100644
--- a/roles/web-app-xwiki/tasks/01_core.yml
+++ b/roles/web-app-xwiki/tasks/01_core.yml
@@ -22,7 +22,7 @@
 - name: "Wait until XWiki REST is ready"
   uri:
     url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/xwiki/rest/"
-    status_code: [200, 401]
+    status_code: [200, 401, 302]
     return_content: no
   register: xwiki_rest_up
   retries: 60
@@ -38,7 +38,7 @@
     user: "{{ XWIKI_ADMIN_USER }}"
     password: "{{ XWIKI_ADMIN_PASS }}"
     force_basic_auth: yes
-    status_code: [200,404]
+    status_code: [200, 404, 302]
   register: xwiki_oidc_ext
   when: XWIKI_OIDC_ENABLED | bool
 
@@ -49,7 +49,7 @@
     user: "{{ XWIKI_ADMIN_USER }}"
     password: "{{ XWIKI_ADMIN_PASS }}"
     force_basic_auth: yes
-    status_code: [200,404]
+    status_code: [200, 404, 302]
   register: xwiki_ldap_ext
   when: XWIKI_LDAP_ENABLED | bool
 
@@ -67,4 +67,4 @@
     - (XWIKI_OIDC_ENABLED | bool and xwiki_oidc_ext.status == 404) or
       (XWIKI_LDAP_ENABLED | bool and (xwiki_ldap_ext is not skipped) and xwiki_ldap_ext.status == 404)
 
-- include_tasks: utils/run_once.yml
\ No newline at end of file
+- include_tasks: utils/run_once.yml
diff --git a/roles/web-app-xwiki/tasks/02_bootstrap_admin.yml b/roles/web-app-xwiki/tasks/02_bootstrap_admin.yml
index e3259aad..01b03e09 100644
--- a/roles/web-app-xwiki/tasks/02_bootstrap_admin.yml
+++ b/roles/web-app-xwiki/tasks/02_bootstrap_admin.yml
@@ -1,32 +1,33 @@
 ---
-# Wait until REST endpoint is available (01_core usually ensures this, but we add safety)
+# Wait until REST endpoint is available (01_core usually ensures this, but add safety)
 - name: "XWIKI | Wait until REST answers"
   uri:
     url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/xwiki/rest/"
-    status_code: [200,401]
+    status_code: [200, 401]
   register: _rest_ping
   retries: 60
   delay: 5
   until: _rest_ping is succeeded
 
-# Check if the target admin already exists (404 = missing)
+# Check if the target admin already exists
+# 404 => missing, 302 => DW redirect (treat as missing for bootstrap)
 - name: "XWIKI | Check if target admin user exists"
   uri:
     url: "{{ XWIKI_REST_GENERAL }}/users/{{ XWIKI_ADMIN_USER | urlencode }}"
     method: GET
     user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
-    password: "{{ XWIKI_SUPERADMIN_PASSWORD  }}"
+    password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
     force_basic_auth: true
-    status_code: [200,404]
+    status_code: [200, 404, 302]
   register: _admin_exists
 
-# Create admin user if not existing
+# Create admin user if not existing (or DW still redirecting)
 - name: "XWIKI | Create admin user via REST"
   uri:
     url: "{{ XWIKI_REST_GENERAL }}/users"
     method: POST
     user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
-    password: "{{ XWIKI_SUPERADMIN_PASSWORD  }}"
+    password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
     force_basic_auth: true
     status_code: 201
     headers:
@@ -39,4 +40,4 @@
         <username>{{ XWIKI_ADMIN_USER }}</username>
         <password>{{ XWIKI_ADMIN_PASS }}</password>
       </user>
-  when: _admin_exists.status == 404
+  when: _admin_exists.status in [404, 302]
diff --git a/roles/web-app-xwiki/templates/xwiki.cfg.j2 b/roles/web-app-xwiki/templates/xwiki.cfg.j2
index f2c9a651..69f8d43f 100644
--- a/roles/web-app-xwiki/templates/xwiki.cfg.j2
+++ b/roles/web-app-xwiki/templates/xwiki.cfg.j2
@@ -18,3 +18,6 @@ xwiki.authentication.ldap.update_user=1
 # Fallback: Native XWiki Auth
 # xwiki.authentication.authclass=com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl
 {% endif %}
+
+# ---- Superadmin must live in xwiki.cfg (not in xwiki.properties)
+xwiki.superadminpassword={{ XWIKI_SUPERADMIN_PASSWORD }}
diff --git a/roles/web-app-xwiki/templates/xwiki.properties.j2 b/roles/web-app-xwiki/templates/xwiki.properties.j2
index faaba1e4..e310a103 100644
--- a/roles/web-app-xwiki/templates/xwiki.properties.j2
+++ b/roles/web-app-xwiki/templates/xwiki.properties.j2
@@ -14,4 +14,9 @@ oidc.userinfoclaims={{ XWIKI_OIDC_GROUPS_CLAIM }}
 oidc.groups.claim={{ XWIKI_OIDC_GROUPS_CLAIM }}
 oidc.groups.mapping=XWiki.XWikiAdminGroup={{ XWIKI_OIDC_ADMIN_PROVIDER_GROUP }}
 {% endif %}
-xwiki.superadminpassword={{ XWIKI_SUPERADMIN_PASSWORD }}
+
+############################################
+# Distribution Wizard
+# Disable automatic start so REST is reachable during automation
+distribution.automaticStartOnMainWiki=false
+distribution.automaticStartOnWiki=false