In IdentityLoginModule, | protected boolean validatePassword(final String inputPassword, String expectedPassword) | { | HttpServletRequest request = null; | try | { | request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest"); | } | catch(Exception e) | { | log.error(this,e); | throw new RuntimeException(e); | } | | Object ssoSuccess = request.getAttribute("ssoSuccess"); | if(ssoSuccess != null) | { | return true; | } | | I think I find it. If sso,just return true. So I can do the same in the DBIdentityLoginModule. yes or no? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4173489#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...