Authenticator.login approach, the following seems to work ok (once not-logged-inexception occurs, not the postAuthenticate as that event does not seem to be happening): @In public Identity identity; @Resource private javax.ejb.SessionContext webContext; .... Principal caller = webContext.getCallerPrincipal(); System.out.println(caller.getName()); System.out.println(identity.getJaasConfigName()); But, all other identity.get*** methods are empty, while the Principal only contains the username but no other information. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4110888#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...