I would like to see more flexibility for JBossSX to interact with client for obtaining various type of credentials. When doing SSO, it's almost impossible to avoid doing HTTP redirects, set and delete cookies and other HTTP operations. It is therefore very beneficial to add a HTTP Callback to enable a JAAS Login Module to do all these stuff. At the moment, there's only username password call back. So developers have to workaround it using valves to interact with the user. SAP WebAS' JAAS API is an example that has this HTTP Callback. Developing custom sso authentication module for SAP WebAS is a breeze because of this. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137257#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...