When Security Manager is enabled, Remoting requires additional FilePermissions to read SASL chalenge, see the stacktrace:
The exception comes from org.wildfly.security.sasl.localuser.LocalUserClient#evaluateMessage()#L92:
Although the invocation involves PrivilegedSaslClient, its accessControlContext cached by the constructor represents a client ACC and thus fails to read the file mentioned above.
One option to fix this is to invoke the PrivilegedSaslClient's constructor inside of a privileged block, as there already is a permission check in org.jboss.remoting3.EndpointImpl#connect() around that code, see:
Another option might be to invoke the entire EndpointImpl.construct() within doPrivileged().