"Kevin.Conner(a)jboss.com" wrote : And it is a bad example as the only thing that the current SSO does is configure the normal security access inherent in the app server so that each console uses the same credentials. Pure jaas, nothing more, in the current SOA-P. And, unless I am mistaken, the EAP productisation team make very similar changes when creating EAP. I don't believe this is unusual in SOA-P. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4153625#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...