[ https://issues.jboss.org/browse/AS7-6833?page=com.atlassian.jira.plugin.s... ] arjan tijms commented on AS7-6833: ---------------------------------- About the new JASPIC 1.1 feature where a SAM can indicate it wants the container to establish an authentication session: The spec is not entirely clear on this, but in an email exchange with Ron Monzillo I got some explanations, which may be useful to share. I've added them to a blog article about this feature here: http://arjan-tijms.blogspot.com/2013/04/whats-new-in-java-ee-7s-authentic... See also: https://java.net/jira/browse/GLASSFISH-20317 Note that this new feature may require some extra attention for the JBoss implementation, since JBoss is already remembering the authenticated identity without the SAM asking for it, and without the SAM being asked to re-authenticate (which I think is not entirely spec compliant). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira