After reading this anonymous wrote : Once authenticated, the roles associated with this user will be utilized for access control decisions across all of the associated web applications, without challenging the user to authenticate themselves to each application individually. on this page http://wiki.jboss.org/wiki/Wiki.jsp?page=SingleSignOn I've come to the conclusion that the single sign-on valve is not the way to go. Let me rephrase the question simply: using Form based auth, how do I have users login to a server once, but give them different roles in different ears (without having them login again)? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4119033#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...