We typically drop a jar containing the authenticator in the default/lib directory so that all application deployed on the server have access to it but are not forced to use it by default. Each application that wants to use the authenticator will include it as defined in the "Configuring the ExtendedFormAuthenticator for an Application" section of http://wiki.jboss.org/wiki/ExtendedFormAuthenticator. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4163718#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...