Handling of the absence of legacy security in the RA and DS subsystems can be improved.
Biggest thing is ConnectionDefinitionAdd not having adding service deps on legacy security services just because elytron is not configured for the connection-def. Only add those if legacy security is available. If not and the config clearly requires legacy security (security domain names were configured) then fail with a clear explanation instead of waiting for MSC to detect a missing service dep.
Beyond that tweak other places that add these deps to check if legacy security is available and if not fail with a clearer message instead of waiting for MSC to detect a missing service dep.