I can make a branch of the application I linked, which would use the Window scoped identity. It should be just a matter of replacing all @SessionScoped for @WindowScoped and adding a SecurityConfigurationEvent handler which enables the Window-Scoped identity using the SecurityConfigurationBuilder.