Hi, anonymous wrote : Is it a configuration problem or just a bug? I'd say this might depend on how you are using the CertificateLoginModule. Are you using the login module as the moduleName for a ESB service like this: | <security moduleName="CertLogin" rolesAllowed="worker" callbackHandler="org.jboss.soa.esb.services.security.auth.login.CertCallbackHandler"> | <property name="alias" value="certtest"/> | </security> | This is from the security_cert quickstart. In this case the JBossRemotingGatewayListener's message composer is responsible for extracting the certificate from the incoming request. An AuthenticationRequest is created using the certificate and this instance is attached to the ESB Message context so that it is available to the ESB to authenticate the call. The credentials are specified in org.jboss.soa.esb.services.security.auth.AuthenticationRequest: public interface AuthenticationRequest | { | public abstract Set<?> getCredentials(); | ... | } I should not be possible that the getCredentials method does not return a Set<?> as far as I can tell. Could you show me your jboss-esb.xml configuration specially the security element on the esb service? Regards, /Daniel I View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259117#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...