Security projects provide authentication and authorization capabilities to JBoss products, most notably JBoss Application Server. In addition to standard J2EE security they also provide identity management functionality and single sign-on behaviour across multiple applications.

JBoss Security and Identity Management provides J2EE and custom security to JBoss products in addition to identity management. Authentication of users can be achieved using pluggable JAAS login modules with the resulting JAAS Subjects used for authorization. Support for a wide range of datastores is provided out-of-the-box and can be easily extended to meet the most demanding requirements.

JBoss Federated SSO (a sub-project of JBoss Security) provides a collection of components that software developers can easily integrate within their existing web applications to create a federation of trusted websites. Support for the SAML standard is included, in the form of a token marshaller, to securely propagate Federation Tokens over the network. Based on a pluggable architecure this can easily be changed for a different type of marshaller if required. By default the product ships with a provider to connect to an LDAP based Identity Store, although this too is pluggable if your identities reside elsewhere.