Current status of test development:
I have a test ready for WildFly which tests the authentication via authentication-context. Things seem to work there, although there's a potential issue where I chose a GSSAPI SASL mechanism to be used and everything worked despite me not configuring anything on the master host. That's being investigated by Ondrej Lukas. For those interested, the test is here: https://github.com/LittleJohnII/wildfly/tree/eap7-632
I'm currently trying to get SSL working and that resulted in JBEAP-10060. I'll continue with the test development as far as I can get with that, but I'll put this RFE into Failed QA because of it.
Some suggestions for the upstream documentation:
I don't think there's enough for the authentication-context and authentication-configuration. There's just a general description. Ideally, commands how to configure these elements and how to link it with the domain-controller should be included.
There are commands for server-side SSL, but ideally, for the master-slave case, there should also be commands for the client-side SSL (e.g. setting up client-ssl-context and tying it to the authentication-context).

Further update: Putting this to Awaiting Docs, TD is done, no blockers here. Note that the upstream documentation is only partially complete, see https://issues.jboss.org/browse/EAP7-632?focusedCommentId=13387379&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-13387379.
edit: re-reading the EAP Kanban Process doc, I see I have violated the process by putting the TD to Done right away and verifying the issue right away. It looks to me like it shouldn't matter though, I verified the issue with both DR18 and WFLY master. If you want me to set the states to what they should be, please let me know, I'll follow the process and verify the RFE with DR19 when it comes.