Following on from the vote from Thomas I have been working on the following issue to enable SPNEGO authentication with JBoss Portal: - https://jira.jboss.org/jira/browse/SECURITY-353 In general apart from a couple of small exceptions the majority of this relates to configuration, the purpose of this thread is to identify these changes and decide the way forward to allow this integration to be used. This work so far has been against the latest code in JBoss_Portal_Branch_2_7. JBoss Negotiation itself is a pluggable authenticator to make plugging it into existing web applications fairly simple, for the Portal integration I have needed to extend this to be able to call: - request.setAttribute("ssoEnabled", "true"); This is to change the 'Login' link to only perform a redirect without prompting the user for their password. When using SPNEGO the client does not pass in their username instead this is identified as part of the negotiation process, I have extended the 'IdentityLoginModule' to override how the username is obtained so if this module is chained after the SPNEGOLoginModule the users identity can be established. The final code change is that I have extended the 'LDAPExtUserModuleImpl' so that I can override the 'validatePassword' method to return true is the SPNEGO process was successful. Beyond this everything is achieved using configuration and the existing approach that would be used for Active Directory can be followed. The real question is how should this be provided for users to install? My opinion is that this should be an integration library distributed with JBoss Negotiation as to get this to work it is essential to get JBoss Negotiation configured first, then enabling for Portal is fairly simple. If we take this approach I can then add a new chapter to the JBoss Negotiation user guide to be followed after the preceding chapters. One thing I will need for the build is to get the 'portal-identity-lib.jar' available from the Maven repository, if we can agree a group and artifact ID can we get version 1.0.8 of this jar in the repo? Beyond this I still need to work on a fallback mechanism for username/password based authentication - once that is available then maybe any integration code could move across to Portal? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4231663#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...