deltaspike-authorization uses servlet security declared in web.xml. Therefore, it requires the declared users and roles to be configured in the application server.
On openshift it is currently not possible add custom users or groups.
The quickstart should use a different way of user authentication, e.g. a custom security domain with DB login module, or a different authentication mechanism.