I had created a diagram for what I believe may be a working implementation but not sure if it is plausible and wanted to get advice. Looks like I cannot upload my diagram. Essentially the steps are as follows: 1) Https request (housing a SAML assetion) comes to the web server and onto the JBoss SSO Federation instance. 2) Based on this assertion - an LDAP lookup and binding takes place and is successful. A token is then generated (I guess this would be the perimeter authentication - but my perimeter is not large). 3) The request is then forwarded with the token where 'Some Other App Server' non-JBoss receives the request and based on the token determines the application entitlements - using a identity assertion provide within a JAAS module (ie a portion of the SAML assertion could be used as a token) all roles are identified. 4) Subsequent requests will directly go to the 'Some Other App Server' and will be serviced based on the previously generated session. Does this sound plausible? It seems to me that there should be a formal security service outside of applications. I cannot readily identify how to have this SSO/SAML assertion service integrate to our existing web applications. Any architectural knowledge would be much appreciated. Thank you in advance. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971053#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...