I use CAS and I have this working. You may want to review this thread http://www.jboss.com/index.html?module=bb&op=viewtopic&t=119167. I use a different approach than the CAS Filter for authentication, but the process should be the same because by the time Seam steps in to the request processing cycle, your CAS Filter should already have authenticated the user (with the user-Principal being available in the HttpServletRequest - request.getUserPrincipal()). Here is part of my pages config and the relevant code of my authenticator for integrating with Seam identity. <?xml version="1.0" encoding="UTF-8"?> | <pages xmlns="http://jboss.com/products/seam/pages" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd" | | no-conversation-view-id="/index.xhtml"> | | <page view-id="/index.xhtml" action="#{ssoAuthenticator.checkLogin}" login-required="false"/> | | <page view-id="/*" login-required="true"/> | | <exception class="org.jboss.seam.security.NotLoggedInException"> | <redirect view-id="/index.xhtml"> | <message>Please log in first</message> | </redirect> | </exception> | | ... | | </pages> and here is the authenticator @Name("ssoAuthenticator") | @Scope(ScopeType.SESSION) | public class SSOAuthenticator { | | @Logger | private Log log; | | private UserPrincipal userPrincipal; | | // see http://www.jboss.com/index.html?module=bb&op=viewtopic&t=119167 | // This method is configured in pages.xml as an action called for all pages: | // <page view-id="/*" login-required="true" action="#{authenticator.checkLogin}"/> | public void checkLogin() { | Identity identity = Identity.instance(); | final boolean isLoggedIn = identity.isLoggedIn(); | // user may already be logged in - check | if (!isLoggedIn) { | authenticate(); | } /* else { | do nothing - user is logged in from identity perspective | } */ | } | | public boolean authenticate() { | Identity identity = Identity.instance(); | boolean authenticated = !(userPrincipal == null); | if (!authenticated) { | try { | // Obtain authenticated UserPrincipal from Servlet container | FacesContext facesContext = FacesContext.getCurrentInstance(); | Principal rawPrincipal = facesContext.getExternalContext().getUserPrincipal(); | userPrincipal = (UserPrincipal) rawPrincipal; | | // trigger the identity login sequence and add roles | if (userPrincipal != null) { | // Identity must have 'fresh' credentials for authenticat() call to proceed | identity.setUsername(userPrincipal.getUserid()); | identity.setPassword(userPrincipal.getUserid()); | identity.authenticate(); | // in my case, our system makes roles available in the UserPrincipal - do what's right for your system | Group[] roleGroups = userPrincipal.getUserRoles(); | if (roleGroups != null) { | for (Group group : userPrincipal.getUserRoles()) { | Enumeration<? extends Principal> roles = group.members(); | while (roles.hasMoreElements()) { | identity.addRole(roles.nextElement().getName()); | } | } | } | authenticated = true; | } | } catch (Exception e) { | log.error(e, e); | } | } | return authenticated; | } | } You'll need to work out which URL's the CASFilter handles; you may also need to tweak a bit with security constraints (in web.xml). But the code above illustrates a basic approach to integrating Seam identity with any solution in which the user-Principal has somehow been pre-set on the HttpServletRequest. Hope this helps. Brad Smith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4090702#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...