how to activate mutualSSL on keycloak with Wildfly 26

Question

I want to activate mutual SSL for keycloak. Within the keycloak admin guide [https://www.keycloak.org/docs/latest/server_admin/#_enable-mtls-wildfly] I found, that I have add the following to standalone.xml

<security-realms>
    <security-realm name="ssl-realm">
        <server-identities>
            <ssl>
                <keystore path="servercert.jks"
                          relative-to="jboss.server.config.dir"
                          keystore-password="servercert password"/>
            </ssl>
        </server-identities>
        <authentication>
            <truststore path="truststore.jks"
                        relative-to="jboss.server.config.dir"
                        keystore-password="truststore password"/>
        </authentication>
    </security-realm>
</security-realms>

but I do not know where. I have tried to integrate it into the security realms below subsystem=elytron, but I got:

| > Message: WFLYCTL0377: Unexpected element
| >   '{urn:wildfly:elytron:15.0}security-realm' encountered. Valid elements
| >   are: 'custom-modifiable-realm, aggregate-realm, failover-realm,
| >   ldap-realm, token-realm, filesystem-realm, custom-realm,
| >   identity-realm, caching-realm, properties-realm, key-store-realm,
| >   distributed-realm, jdbc-realm, jaas-realm'

Answer 1

This has changed in Wildfly 25. See this blog post for details.

This change is also mentioned in Keycloak's upgrade guide for version 16.0.0 which is based on Wildfly 25. You will need to configure the Elytron subsystem. Please refer to the Wildfly documentation for details.