/subsystem=elytron/filesystem-realm=fileSystemRealm:add(path=/tmp/fs-realm-users)

/subsystem=elytron/filesystem-realm=fileSystemRealm:add-identity(identity=jduke)
/subsystem=elytron/filesystem-realm=fileSystemRealm:add-identity-attribute(identity=jduke, name=Roles, value=["JBossAdmin"])
/subsystem=elytron/filesystem-realm=fileSystemRealm:add-identity(identity=hnelson)
/subsystem=elytron/filesystem-realm=fileSystemRealm:add-identity-attribute(identity=hnelson, name=Roles, value=["Guest"])
/subsystem=elytron/filesystem-realm=fileSystemRealm:add-identity(identity=fallback_user)
/subsystem=elytron/filesystem-realm=fileSystemRealm:set-password(identity=fallback_user, clear={password="password"})
/subsystem=elytron/filesystem-realm=fileSystemRealm:add-identity-attribute(identity=fallback_user, name=Roles, value=["JBossAdmin"])


/system-property=java.security.krb5.conf:add(value=/tmp/krb.conf)
/system-property=gsstestserver.principal:add(value=gsstestserver/xxx@EXAMPLE.COM)

/subsystem=elytron/kerberos-security-factory=kerberosSecurityFactory:add( principal=HTTP/localhost@EXAMPLE.COM, path=/tmp/ktest.keytab, mechanism-oids=[1.2.840.113554.1.2.2, 1.3.6.1.5.5.2], debug=true)


/subsystem=elytron/simple-role-decoder=simpleRoleDecoder:add(attribute=Roles)

/subsystem=elytron/regex-principal-transformer=principalTransformer:add(pattern="@.*", replacement="")

/subsystem=elytron/security-domain=securityDomain:add(default-realm=fileSystemRealm, realms=[{realm => fileSystemRealm, role-decoder => simpleRoleDecoder}], pre-realm-principal-transformer=principalTransformer, permission-mapper=default-permission-mapper)

/subsystem=elytron/configurable-http-server-mechanism-factory=ConfigurableHttpServerMechanismFactory:add(http-server-mechanism-factory=global, properties={org.wildfly.security.http.state-scopes => NONE})

/subsystem=elytron/http-authentication-factory=HttpFactorySPNEGO:add(security-domain=securityDomain, http-server-mechanism-factory=ConfigurableHttpServerMechanismFactory, mechanism-configurations=[{mechanism-name => SPNEGO, credential-security-factory => kerberosSecurityFactory, mechanism-realm-configurations => [{realm-name => fileSystemRealm}]}, {mechanism-name => FORM}])


/subsystem=elytron/authentication-configuration=application-configuration:add(security-domain=securityDomain)
/subsystem=elytron/authentication-context=application-context:add(match-rules=[{authentication-configuration => application-configuration}])

/subsystem=elytron:write-attribute(name=default-authentication-context, value=application-context)

/subsystem=undertow/application-security-domain=ApplicationSecurityDomain:add(http-authentication-factory=HttpFactorySPNEGO)



/system-property=sun.security.krb5.debug:add(value=true)
/system-property=com.ibm.security.jgss.debug:add(value=all)
/system-property=com.ibm.security.krb5.Krb5Debug:add(value=all)

reload