I find out there is another authentication after the CAS authentication. I write a custom DBIdentityLoginModule class . Object sharedStatepassword = sharedState.get("javax.security.auth.login.password"); The value of sharedStatepassword is null in the DBIdentityLoginModule after CAS authentication. After redirect to the portal's login page,input username and password,the value of sharedStatepassword is correct. why after the cas authentication sharedStatepassword lost the value? It's a problem. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4173216#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...