I was looking at your sample for using the remote-ejb and I noticed that the client is using JBOSS-LOCAL-USER to establish its remoting connection.

If I add to the jboss-ejb-client.properties file:

remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

the connection from the client to the server fails.

TRACE [org.jboss.remoting.remote.connection] (Remoting "config-based-ejb-client-endpoint" I/O-1) Connection error detail: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:

Have you been able to use KeyCloak tokens to call remote EJBs from a client running on a separate machine (or without the JBOSS-LOCAL-USER mechanism)?

Thanks,

Eric