Description of problem: If a web app and ejb belong to the same security-domain, the user is unnecessarily reauthenticated when the web app invokes an ejb. This can cause issues when the web app is configured to use JASPI.
6.4.x PR https://github.com/jbossas/jboss-eap/pull/2480 Upstream is already merged https://github.com/wildfly/wildfly/pull/7469
New 6.4.x PR https://github.com/jbossas/jboss-eap/pull/2544 Upstream is already merged https://github.com/wildfly/wildfly/pull/7469
Verified in EAP 6.4.4.CP.CR3.
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.