Jboss-web.xml <security-domain> and @SecurityDomain

I’ve already asked this on stackoverflow without success, sorry for cross-posting, but I’d like to try my luck here as well:

I am currently securing some (legacy) JEE webapps running in WildFly 10 with Keycloak using the JBoss EAP/WildFly Adapter.

Most of the webapps have a <security-domain> defined in their jboss-web.xml and some EJBs are annotated with @SecurityDomain .

Even if I change the value of <security-domain> to “keycloak”, I get WFLYSEC0027: Invalid User . Since the Keycloak docs don’t mention the use of <security-domain> , I have removed it and all appears to work fine.

@SecurityDomain seems to be ignored, it seems I can set any value I want, and the Keycloak docs say:

The security context is propagated to the EJB tier automatically.

So, with a webapp secured with Keycloak, are <security-domain> and @SecurityDomain redundant and can be removed?