arjan tijms [https://community.jboss.org/people/atijms] created the discussion "WebJASPIAuthenticator ignores GroupPrincipalCallback but requires PasswordValidationCallback" To view the discussion, visit: https://community.jboss.org/message/739801#739801 -------------------------------------------------------------- In JBoss AS 7.1.1, if a user provided ServerAuthModule provides a GroupPrincipalCallback, this is ignored by WebJASPIAuthenticator. The provider handler copies the GroupPrincipalCallback, but the authenticator then does nothing with it. Simulteanously, if the ServerAuthModule does not provide a PasswordValidationCallback to the handler, then this will result in a null pointer exception in the authenticator. I wonder is this is correct? Reading about JASPI/JSR 196 it seems a GroupPrincipalCallback should be processed when provided and a PasswordValidationCallback should not be required. -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/739801#739801] Start a new discussion in PicketBox Development at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]