A number of resources expose 'security-domain' or similarly named attributes, the value of which is a legacy picketbox-based security domain. Referential integrity and value completion cannot be used for the attributes because the subsystem=security/security-domain resources do not expose a capability.
This also relates to
WFLY-3858 which was fixed via addition of a private capability to subsystem=security/security-domain for use by the infinispan subsystem. Better would be a normal public capability.
Doing this will also mean tightening up the API exposed by the legacy security domain to remove methods that should not be available to callers outside the security subsystem.