Solved the application-policy name. My login module code uses the full JNDI name, and it should be using just the unqualified name without the JNDI prefixes. Then the login-config.xml and web.xml references to the name can also leave off the JNDI prefixes and everything works (except for the role, still). Also, I replaced the login form in web.xml with BASIC authentication and the two properties files, and that worked with no problems--myHome.faces came up just fine. So I really don't think this is a Faces problem. I'm now trying the DatabaseServerLoginModule instead of the custom module as I figured out a way to convert our version of roles into the standard query for that module. It isn't properly comparing the password somehow ("Password Incorrect/Password Required"), looks like I'll have to try debugging with source. Any comments welcome :). It's increasingly looking like my custom login module is missing something basic that registers the authentication with the container. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171378#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...