It seems like when we moved to JBoss Portal 2.6 and the login link became injected as part of the navigation at the top of the page, we lost the ability to have it use SSL to encrypt user credentials. If there is no way to accomplish this now, I'd like to propose modifying the class that generates the login link (org.jboss.portal.core.aspects.controller.PageCustomizerInterceptor.java ?) to check for a new configuration setting (perhaps in jboss-portal.sar/conf/config.xml) to setSecure on the link generated to login. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4102771#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...