"anil.saldhana(a)jboss.com" wrote : I think that strategy is correct. Sorry, but I disagree :) "anil.saldhana(a)jboss.com" wrote : Validation has to happen through pluggable login modules. Toward this, the STS login module seems appropriate. agreed. "anil.saldhana(a)jboss.com" wrote : When the ESB layer has to generate SAML tokens, it needs to contact the STS. Hence it needs some integration logic (satisfied by the STS Action). But it shouldn't be, if I understand things correctly. It should still be handled through the JAAS layer. "anil.saldhana(a)jboss.com" wrote : I am assuming that the token generation happens before the ESB layer is called. Once an entity gets hold of the token, the ESB call is made with the token. Now on the ESB side, the login module is fielded to validate. This action is within the ESB itself, directly linked to the SAML implementation. I want us to leverage the normal JAAS mechanisms. Kev View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4261289#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...