The test client is setting the property java.security.auth.login.config to the file auth.conf that have the following content:
zert {
org.jboss.security.ClientLoginModule required;
};
Shouldn't that be enough? I don't have any security domain called zert in my login-confix.xml. Instead I have deployed the security config listed above in my EAR-file.