Turns out the scope of my applcation is going to be a lot smaller. I only need to host a "partner" app that receives a SAML token and gives access to my secured application using POST response. Questions: 1. Can I use any of the Test-sso source code for this? What classes would be of use to me? 2. Can I integrate the certificate at this level? Does the basic framework exist for me to write that? 3. I understand that SAML (I'm using 1.1) is a SOAP protocol, yet it's sent as an HTTP POST. Does that mean I have to use a web service to process it? Or are there simple classes for receiving the POST with SOAP in Tomcat that allow me to parse the SAML and make use of its attributes? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4174659#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...