Error while configuring testing with a sample clustered domain in v16.1.0

While configuring simple clustered domain in v16.1.0 I have face this error on host-slave.xml

[Host Controller]
[Host Controller] OPVDX001: Validation error in host-slave.xml -----------------------------------
[Host Controller] |
[Host Controller] |   8: </extensions>
[Host Controller] |   9: <management>
[Host Controller] |  10:     <security-realms>
[Host Controller] |                           ^^^^ 'security-realms' isn't an allowed element here
[Host Controller] |
[Host Controller] |                                Elements allowed here are: audit-log, configuration-changes, identity,
[Host Controller] |                                  management-interfaces
[Host Controller] |
[Host Controller] |  11:         <security-realm name="ManagementRealm">
[Host Controller] |  12:             <server-identities>
[Host Controller] |  13:                 <secret value="UEAkJHcwcmQ="/>
[Host Controller] |
[Host Controller] | The primary underlying error message was:
[Host Controller] | > ParseError at [row,col]:[10,26]
[Host Controller] | > Message: WFLYCTL0198: Unexpected element
[Host Controller] | >   '{urn:jboss:domain:19.0}security-realms' encountered
[Host Controller] |
[Host Controller] |-------------------------------------------------------------------------------
[Host Controller]
[Host Controller] 08:16:34,735 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0033: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: WFLYCTL0085: Failed to parse configuration

Any one have an idea on this please kindly assist me.

Hello @bete24,

this validation error refers to the meanwhile legacy security subsystem, which is being fully replaced by Elytron.
(as of 16.0.0)
(‘Keycloak 16.0.0 released’ @ Keycloak blog)

Care for some of the significant changes at configuration like

(i) domain.xml:

• application-security-domains @ ejb3 subsystem (https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Using_WildFly_Elytron_with_WildFly)

• http-authentication-factory @ elytron subsystem http (Migrate_Legacy_Security_to_Elytron_Security @ WildFly Elytron Security guide)
  where directory path is challenged now @ sasl

Generally (attribute) sasl-authentication-factory instead of former security-realm @ remoting subsystem http-connector or @ undertow subsystem http-invoker, for example.

(i) host.xml:

• very essential to add authentication-client (https://docs.wildfly.org/26/Admin_Guide.html#host-controller-configuration) @ elytron subsystem.

No guarantees here without working it through, which I am still on.

Deeply hope, this helps.

Best regards,
Ash

Hey @AshSO and @bete24 Did you ever get this to work?

Hello @anovinger1 ,

from my side I can say, it worked very well.

But it’s become obsolete with v17 and related deprecation of Wildfly/switch to Quarkus as Keycloaks build platform.

Beste regards

Hey @AshSO

Thanks for the info. Yes we are planning to migrate to Quarkus, but we are having some issues with our custom SPI Adapter, and we need an additional JDBC connection pool which it doesn’t appear that Quarkus Keycloak supports yet. So for now I am just trying to get Wildfly Keycloak 19 up and running so we can fix our custom SPI Adapter code, while I am trying to figure out how to get a second JDBC connection pool with Quarkus Keycloak.

Thanks again