Reading the "Credential Delegation" section in the white paper "Single Sign-on Using Kerberos in Java" (http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.html), I wonder if there is such a thing as a forwarded TGT that get send from the client to the server during the browser negotiation...If that is not the case, I doubt that I will ever be succesful delegating any credential with only the server TGT obtained from the keytab... Any comment welcome. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4212210#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...