I managed to make my login module usable.
I've removed the realm restriction for remoting so no the line in standalone.xml is like this:
<connector name="remoting-connector" socket-binding="remoting" />
In the security domain the configuration is like this:
<security-domains>
<security-domain name="asf-jaas" cache-type="default">
<authentication-jaspi>
<login-module-stack name="asf-jaas-stack">
<login-module code="com.asf.security.server.jaas.LdapFallbackJdbcLoginModule" flag="required">
<module-option name="debug" value="true"/>
</login-module>
</login-module-stack>
<auth-module code="com.asf.security.server.jaas.JdbcLoginModule" login-module-stack-ref="asf-jaas-stack"/>
</authentication-jaspi>
</security-domain>
</security-domains>
And I think the biggest mistake I made was the jboss.xml file name which I renamed it jboss-app.xml to store my security-domain.
Now the validateUser method is getting called. I am now facing a new challange with the usernames and passwords because they are encrypted by JBoss.
Are they reversible ? Or should I alter my login module ?