Users cannot register but their account is created through the default admin module. Therefore the password is a password created by the admin. Unfortunately the provided email validation does not qualify. I have to implement a forced password change on first login. It was silly that I did not mention it in my previous post. I was hoping to save development time with an off the shelf solution but it seems I will have to develop it. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154369#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...