Chapter "Configure Java Authentication SPI for Containers (JASPI) Security" is not sufficient. An important piec of configuration is missing there. Please fix following two points: 1) There has to be information about configuration of Valve which enables JASPI authentication. You can use community wiki as a starting point: https://community.jboss.org/wiki/JBossAS7EnablingJASPIAuthenticationForWebApplications 2) Use CLI commands instead of XML fragments to describe how to configure a security domain with JASPI authentication. E.g: /subsystem=security/security-domain=jaspi-test:add(cache-type=default) /subsystem=security/security-domain=jaspi-test/authentication=jaspi:add /subsystem=security/security-domain=jaspi-test/authentication=jaspi/auth-module=basic-auth-module:add(code="org.jboss.as.web.security.jaspi.modules.HTTPBasicServerAuthModule", flag="required", login-module-stack-ref="lm-stack") /subsystem=security/security-domain=jaspi-test/authentication=jaspi/login-module-stack=lm-stack:add /subsystem=security/security-domain=jaspi-test/authentication=jaspi/login-module-stack=lm-stack/login-module=users:add(code="UsersRoles", flag="required", module-options=[("usersProperties"=>"${jboss.server.config.dir}/jaspi-users.properties"), ("rolesProperties"=>"${jboss.server.config.dir}/jaspi-roles.properties")]) reload
Reassigning all EAP 6 bugs to Dawn as the new strategist.
Moved to JIRA: https://issues.jboss.org/browse/JBEAP-1670