Thanks Anil. That looks really cool but it turns out that I don't need the full-blown federation stuff - I just need a one-time, cross-application login on the same server. And i can accomplish that by simply tuning on the Valve: | <Host name="localhost" ...> | ... | <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> | ... | </Host> | More info at: http://tomcat.apache.org/tomcat-5.5-doc/config/host.htm thanks. BTW, It would be handy to include a JDBC version of a LoginProvider to go along with the LDAP one that's provided in the sample. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4216254#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...