We are currently running JBoss AS 4.2.1 and having difficulty configuring the login-config.xml to use a login module that was written for tomcat 5.5. In particular, the authentication aspect seems to be working. It only lets valid usernames/passwords through as we expect from our login module. However, our web application is not able to retrieve our custom principal object out of the request; instead we get a org.jboss.security.SimplePrincipal object. We don't have direct access to the source code for the login module code, should AS 4.2.1 (default all configuration) be able to use a tomcat 5.5 login module without modification? I have seen http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingCustomPrincpalsWith which seems to state the the custom principal must have a constructor with a string username, or be installed under the Subject using a java.security.acl.group named "CallerPrincipal". I don't think our custom login module does either of these, but I could be wrong as the login-module is not under our control. In our login-conf.xml we are specifying the following module-options for our custom login-module: appName, principalClass, userClassNames, roleClassNames. I would provide the files but they are on a non accessible network. Any help in this matter would greatly be appreciated! Also is there any way to turn up more debug login framework? Thanks, Jeff View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131178#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...