Description of problem: The changes for EAP6-191 are bringing the bulk of the security realm implementation in-line with upstream - this is good as it simplifies future ports from WildFly to EAP - however there are a couple of bug fixes implemented upstream only that should be backported, this is one of them. The schema definition for username-to-dn contains an attribute 'force' with a default value defined - the XML parser however is assuming this attribute is required and throwing an exception if it is omitted from the configuration.
Verified on EAP 6.4.0.DR1.1