I changed the org.jboss.soa.esb.services.security.auth.login.CertificateLoginModule to org.jboss.security.auth.spi.BaseCertLoginModule just to see if i can get the authentication working. I have placed the following application-policy in login-config.xml: | <application-policy name = "CertLogin"> | <authentication> | <login-module code="org.jboss.security.auth.spi.BaseCertLoginModule" | flag = "required"> | <module-option name="password-stacking">false</module-option> | <module-option name="securityDomain">java:/jaas/CertLogin</module-option> | <module-option name="verifier">org.jboss.security.auth.certs.AnyCertVerifier</module-option> | </login-module> | <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" | flag = "required"> | <module-option name="password-stacking">false</module-option> | <module-option name="usersProperties">props/certlogin-users.properties</module-option> | <module-option name="rolesProperties">props/certlogin-roles.properties</module-option> | </login-module> | </authentication> | </application-policy> | When authentication takes place a few things go wrong: - The name of the Certificate Should be the value of CN but it's the complete dname value => "CN=test, OU=test, O=test, L=test, ST=test, C=NL". - If do not declare a org.jboss.security.auth.certs.AnyCertVerifier (always true) for my Certificate validation, the validation uses the dname as an alias to get a Certificate from my Truststore. Because an alias is not the same as a dname this never returns a Certificate from my Truststore. So my Certificate is never valid this way. Am I using the classes the wrong way? Or is this the same issue as the problem with the org.jboss.soa.esb.services.security.auth.login.CertificateLoginModule? Regards, Hans View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259357#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...