Hello, I have been searching information about the possibility to use the information about the authentication method a client has used to authenticate against the server... to use this information for a decision about the redirect to e.g. a Portlet Page. Example: There is a Portlet instance within a Portal Page that is accessed by the user that requires at least a client-certificate. But when the user has been challenged for authentication before, he was logged in using form-based authentication. Now the user should be challenged again, due to the fact of his low authentication strength. === Is there any possibility to set (and read at runtime) a required auth-strength for Portal resources? I could not find such a thing in the documentation but I know that it exists e.g. in the Apache WebServer. Furthermore, is there maybe an extension to handle the described scenario? Many thanks for any contribution!! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3966991#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...