Attribute identity-mapping.otp-credential-mapper from Elytron ldap-realm should include Object which should contain four required attributes - algorithm-from, hash-from, seed-from, sequence-from. All of these attributes are set as nillable=false.
However CLI allows to run command where otp-credential-mapper attribute is added without any attributes which is inconsistent with their nillable=false. See following command:
Moreover, this command results to configuration xml without any otp-credential-mapper:
In case when at least one of otp-credential-mapper required attribute is added, then CLI command correctly fails:
Do not allow to add identity-mapping.otp-credential-mapper without required attributes.