Hi Karel, Sorry for the late reply. I think you can proceed with the way you described. If you put your classes inside a module in AS/EAP, you can use the attribute "module" of the identity store element to specify the module from which classes should be loaded from. This can be useful to consider the module's classloader when loading these classes: <ldap-store module="org.karel.types" .../> Then, to configure your custom credential handler you need to: <lda-store ...> <credential-handlers> <credential-handler class="org.karel.credential.CustomCredentialHandler"/> </credential-handlers> </lda-store> Please, take a look at the following file for examples how to use our domain model: https://github.com/picketlink/picketlink-as-subsystem/blob/master/src/tes... Regards. Pedro Igor ----- Original Message ----- From: "Karel Piwko" <kpiwko(a)redhat.com&gt; To: security-dev(a)lists.jboss.org Sent: Wednesday, November 6, 2013 11:55:55 AM Subject: [security-dev] How to use PicketLink IDM with custom account type configured on AS/EAP? Hi All, I'm looking for recommended setup for $subject. My use case is: * LDAP server contains data mapped to class Developer that extends org.picketlink.idm.model.basic.User * I want to configure PL IDM on AS/EAP level - in standalone.xml * I want to be to map Developer from RESTEasy from JSON POST request So far, I'm thinking of: * Creating an jar/sar, that will contain classes I need to map deployed to AS/EAP => Would PL submodule see these entities? Or do I need to make it a submodule? * Map JSON to Developer POJO - using different Developer the => Is there a way how to reuse Developer POJO from classes in sar? * Create a custom CredentialsHandler I'm wondering whether such approach is correct or I should use something different. Many thanks, Karel _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev