Rule matcher match-user in authentication-context in Elytron subsystem internally uses org.wildfly.security.auth.client.MatchUserRule. This matcher works based on passed userinfo. However naming of match-user in Elytron subsystem indicates that just user part of userinfo should be used in matching.
Also description in CLI is not correct, it says: The user to match against.
It means one of following should be changed:
- name of match-user
- functionality of MatchUserRule
Since Elytron client configuration file includes for the same matcher with name match-userinfo then I suggest to rename attribute match-user in authentication-context in Elytron subsystem to match-userinfo and improve description in CLI and XSD.