Thanks for the files, I have just had a look at the logs. I see the following output when the spnego-roles.properties file is read: - 2008-07-31 16:44:11,259 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Loaded properties, users=[hausberger@MYDOMAIN] The format of the 'spnego-roles.properties' file should actually be. hausberger@MYDOMAIN=Users So the user principal comes first and then after the '=' is a comma separated list of the users roles which in this example is just the 'Users' role. I also see in the configuration for the UsersRoleLoginModule you have: - <module-option name="principal">hausberger@MYDOMAIN</module-option> This is not required and should be removed. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4168150#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...