Hi! I miss couple of things in the design of JBoss Federated SSO. As I understand, browser sends the SAML based token to each application that participated in SSO. 1) When the SAML based token is added to browser? After the authentication of a user? 2) How the token is added to browsers? Which browsers support today storing of the SAML based token? 3) How the token is sends to an HTTP client? As an HTTP parameter? As an HTTP header? Something else? I will appreciate any explanation. Best regards, Michael View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4204566#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...