Look at the Reference Guide: http://docs.jboss.com/jbportal/v2.6.4/referenceGuide/html/sso.html You configure valve in context.xml file. If you login using your IdP site then you probably have some kind of token present in request (cookie or something) right? Recognize this in a valve and then authenticate user. You can see the code I showed you to check what is needed. For example: http://anonsvn.jboss.org/repos/portal/modules/identity/branches/JBP_IDENT... Just swap opensso api calls with stuff specific for your provider. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135530#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...