Do we need this? 

<subsystem xmlns="urn:jboss:domain:keycloak:1.0">
            <auth-server name="main-auth-server">
                <enabled>true</enabled>
                <web-context>auth</web-context>
            </auth-server>
</subsystem>

If I have this, I get this error:


11:17:29,821 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014613: Operation ("deploy") failed - address: ([("deployment" => "auth-server.war")]) - failure description: {"JBAS014671: Failed services" => {"jboss.deployment.unit.\"auth-server.war\".POST_MODULE" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"auth-server.war\".POST_MODULE: JBAS018733: Failed to process phase POST_MODULE of deployment \"auth-server.war\"
    Caused by: org.jboss.msc.service.DuplicateServiceException: Service jboss.naming.context.java.module.auth.auth.ValidatorFactory is already registered”}}


If I don’t have this, I get this error when deploying the demo app.

Caused by: java.lang.RuntimeException: UT010039: Unknown authentication mechanism KEYCLOAK"}}