I haven't been able to find in the Wildfly documentation how to have a slave host controller send its credentials to authenticate its connection the domain controller using Elytron. In the regular way you can use the secret element with the value returned from the add-user.sh script in the ManagementRealm:
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
But if you're going to use Elytron instead of the old security extension I don't know how to specify that server identity value. I assume it would involve the "authentication-context" part of the domain-controller /host=seans-mac-pro.local:write-remote-domain-controller(authentication-context=<???>) to point to an authentication-context in the Elytron extension configuration section but I'm not sure where you'd put the base64 encoded password secret from the add-user.sh script.