As confirmed on another thread we can not rely on connections between the client and the domain controller being maintained, this means that we can not authenticate a user once when they connect and keep this associated with the connection - some form of authentication would need to happen on every connection. I have started to consider a couple of options here for how the authenticated identity can be cached: - http://community.jboss.org/wiki/DesignConsideration-ManagementAPIAuthenti... Probably best to keep the discussion on this e-mail thread so it is all in one place. Regards, Darran Lofthouse.