@RunAs/@RunAsPrincipal does not work when multiple security domains are involved in JBoss EAP 6.4 and 7

Issue

• When one EJB calls the other, the following error is logged:

  15:18:07,394 ERROR [invocation] [] (default task-28) WFLYEJB0034: EJB Invocation failed on component <ComponentName>
  15:18:07,390 INFO  [ActiveDirectoryLoginModule] [] (default task-28) login for <UserName> failed [FAILED_SYSTEM_USER_ACCOUNT_NOT_FOUND]
  15:18:07,392 TRACE [audit] [] (default task-28) [Failure]principal=<UserName>;Action=authentication;Source=org.jboss.as.security.service.SimpleSecurityManager;
  15:18:07,393 TRACE [security] [] (default task-28) PBOX00354: Setting security roles ThreadLocal: null
  15:18:07,394 ERROR [invocation] [] (default task-28) WFLYEJB0034: EJB Invocation failed on component <ComponentName>Bean for method public java.lang.String com.example.ExampleBean.sayHello(java.lang.String): javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User
  

  Or

  javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User
      at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:69)
      at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49)
      at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:97)
      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
      at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
      at org.wada.adams.sso.keycloak.KeycloakSecurityInterceptor.aroundInvoke(KeycloakSecurityInterceptor.java:112)
      at sun.reflect.GeneratedMethodAccessor265.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:45005)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at