# Batch script to enable Elytron on the server for the netweaver application
# run before in cd ${WILDFLY_HOME}/standalone/configuration keytool -importcert -keystore netweaver.jks -storepass changeit -file SAPLogonTicketKeypair-cert.cert -alias netweaver -trustcacerts 
batch

/subsystem=elytron/key-store=jwt-key-store:add(type="JKS", relative-to=jboss.server.config.dir, path="netweaver.jks", credential-reference={clear-text="changeit"})
/subsystem=elytron/token-realm=jwt-realm:add(jwt={issuer=["http://localhost:8080/auth/realms/master"], audience=["wildfly"], key-store=jwt-key-store, certificate="netweaver"}, principal-claim="preferred_username")
/subsystem=elytron/security-domain=jwt-domain:add(realms=[{realm=jwt-realm}], permission-mapper=default-permission-mapper, default-realm=jwt-realm)
/subsystem=elytron/http-authentication-factory=jwt-http-authentication:add(security-domain=jwt-domain, http-server-mechanism-factory=global, mechanism-configurations=[{mechanism-name="BEARER_TOKEN", mechanism-realm-configurations=[{realm-name="jwt-realm"}]}])
/subsystem=undertow/application-security-domain=jwt-domain:add(http-authentication-factory=jwt-http-authentication)
/subsystem=ejb3/application-security-domain=jwt-domain:add(security-domain=jwt-domain)
run-batch

reload