Hi Thanks for all your help I am configuring my web application 1) What I would like to know is why I have to setup the JAAS module I have written my own LoginProvider and I am authenticating user, also the roles changes quite frequently. As The Loginprovider getRoles method solves my purpose and i can fetch roles from Database or LDAP. 2) In the context.xml of my web application When I define the URL of my Logout page, Do I have to do anything specific in that page? 3) In the context.xml when I define assertingParty="{uniqueId to identify this web application in the federation}" Where exactly this unique id will be used? Is it something usind by apllication intenally 4) Is there any agent code whcih I can use in my web application whcih tells me if user is logged in or not ? I maen how can I find out if this user has already logged on some other web application 5) What exactly is this application-policy name="{your web application identifier}" What we have to define here. Thanks again for your help Nipun View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982500#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...