Please have a look at http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169032#... Falback mechanisms is something I am currently considering at the moment. The issue here is that with SPNEGO the authentication process is completely managed by the container, if you provide your own login form then you are reducing the involvement of the container. There is an option for programatic authentication if you have obtained the username and password from the user but then there is an issue as the security domain for the web application only supports SPNEGO and not username / password authentication. This is a problem I am currently working on so hopefully will have some progress shortly. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169033#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...