Current quickstart display legacy picketbox API for switching identities and it is mixing new and old API.
Elytron itself has better API for doing this kind of things.
Same functionality is display in two new quickstarts ejb-security-programmatic-auth and ejb-security-context-propagation.

from sguilhen

there is a new qs named ejb-security-programmatic-auth that shows how to setup different auth contexts in the client app to invoke the same bean using different identities. No need to use an interceptor or any special JAAS based config. There's another one, ejb-security-context-propagation that shows a client using a default context from wildfly-config.xml and then overriding that context with another one to propagate a different identity all the way to the remote EJB. So I think we have good examples that highlight identity switching without the interceptors QS