I'm looking at using ELY to replace some of the custom auth code we have for the MP-JWT implementation in thorntail and elsewhere. While looking at using the org.wildfly.security.auth.realm.token.TokenSecurityRealm, I see that the claim used to extract the principal name from the token is a fixed claim name. In the MP-JWT spec we allow for a series of claims to be checked in a given order to attempt to obtain the principal name. What is needed is a BiFunction<BearerTokenEvidence,Attributes,String> or perhaps just a Funtion<Attributes,String> principalClaimNameFunction() method on the Builder to externalize the claim to principal name mapping.
I'll look at creating a pull request for this.