vparmar, I had forgotten that I made this inquiry, it seems you found a really old post. I appreciate the response though. What I ended up doing here was creating a custom LoginModule instead of an Authenicator class. That ended up doing what I needed. The way I set it up was to require that an HTTP server with a valid Siteminder agent be in front of JBoss as a reverse proxy. My LoginModule would then take the encrypted SMSESSION cookie from the HTTP server and I could validate it with the Siteminder Policy Server and retrieve identity and authorization information from the Policy Server in order to create a user Principal. If there is no valid SMSESSION cookie present the login fails. This doesn't create a true Siteminder 'agent' for JBoss, but it does allow integration with Siteminder through a reverse proxy. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210690#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...