so let me understand this correctly. you have a university portal and you are creating a JSR168 portlet and integrating this into the university portal? If thats the case, when a user signs on to the university portal using the so called blue-stem method you described, the portlet running inside this university portal will be running in the authenticated state. Again, based on your explanation, i am assuming the portlet is running inside the university portal where the user is logging in. Is this assumption correct? Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4020325#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...