/subsystem=undertow/application-security-domain=other:remove()
/subsystem=undertow/application-security-domain=other:add(http-authentication-factory="keycloak-http-authentication")
/subsystem=ejb3/application-security-domain=other:write-attribute(name=security-domain, value=KeycloakDomain)

# Keycloak configuration for Kie server
/subsystem=keycloak/secure-deployment=${keycloak.deployment.name.kie.server}:add(realm=${keycloak.realm},realm-public-key=${keycloak.public.key},auth-server-url=${keycloak.auth.server.url},ssl-required=external,resource=${keycloak.deployment.resource.kie.server},enable-basic-auth=true,principal-attribute=preferred_username)
/subsystem=keycloak/secure-deployment=${keycloak.deployment.name.kie.server}/credential=secret:add(value=${keycloak.client.password})

# Keycloak configuration for Business central
/subsystem=keycloak/secure-deployment=${keycloak.deployment.name.business.central}:add(realm=${keycloak.realm},realm-public-key=${keycloak.public.key},auth-server-url=${keycloak.auth.server.url},ssl-required=external,resource=${keycloak.deployment.resource.business.central},enable-basic-auth=true,principal-attribute=preferred_username)
/subsystem=keycloak/secure-deployment=${keycloak.deployment.name.business.central}/credential=secret:add(value=${keycloak.client.password})

# Keycloak system properties
/system-property=org.uberfire.ext.security.management.api.userManagementServices:add(value=KCAdapterUserManagementService)
/system-property=org.uberfire.ext.security.management.keycloak.authServer:add(value=${keycloak.auth.server.url})
/system-property=org.uberfire.ext.security.keycloak.keycloak-config-file:add(value=${cargo.resources.dir}/cargo/keycloak/kie_git_config.json)