I have created a custom security valve for my SSO requirements. It successfully populates the JAAS subject and puts in into the session. This allows users to log in and have the correct roles. However, the user principal of the HttpServiceRequest is never populated. So, for example, the Logout link is not displayed by header.vm, which checks for the presence of the user principal.
My question is, besides providing my own security valve, what do I have to do to ensure that the basic security mechanisms work as expected? I've read previous threads on the security valve which were quite helpful, but didn't address this issue. Thanks!
