11.3. Supported Authentication Schemes

Role-Based Access Control works with the standard authentication providers that are included with JBoss EAP 6.2. The standard authentication providers are: username/password, client certificate, and local user.

Users are authenticated using a username and password combination which is verified against either the mgmt-users.properties file, or an LDAP server.
Client Certificate

Using the Trust Store.
Local User

jboss-cli.sh authenticates automatically as Local User if the server that is running on the same machine. By default Local User is a member of the SuperUser group.
Regardless of which provider is used, JBoss EAP is responsible for the assignment of roles to users. However when authenticating with the mgmt-users.properties file or an LDAP server, those systems can supply user group information. This information can also be used by JBoss EAP to assign roles to users.