There are some topics for revising in allow-all-mechanisms, allow-sasl-mechanisms, forbid-sasl-mechanisms and sasl-mechanism-selector of Elytron subsystem and client config file.

1) Since selectors have been introduced in EAP 7.1.0.DR19 what is the reason for allow-all-mechanisms, allow-sasl-mechanisms and forbid-sasl-mechanisms? AFAIK they just provides the subset of configuration which can be set by sasl-mechanism-selector. It that case allow-all-mechanisms, allow-sasl-mechanisms and forbid-sasl-mechanisms can be completely removed from Elytron configuration because they just duplicates another configuration. Or they provide something which cannot be configured by selectors?

2) These options are mutually exclusive in Elytron subsystem, but all of them can be configured together in Elytron client configuration file. There should be added some check for mutually exclusivity of these options in Elytron client configuration file.