1. What are the limitations of this jBoss Federated SSO framework.

Currently, the integration point for the SSO Token Management functions is inside of Tomcat. Hence, currently Tomcat depedency is needed. JBoss ships with Tomcat out-of-the-box so, you should be ok on this.

2. Does this support different apps in different domains.

Yes, the framework was designed with cross-domain integration from the ground up

3. Any support for XACML (1.0, 2.0).

XACML is in the Authorization domain. SSO primarily is associated with the Authentication aspect of security. As such XACL is out of scope for SSO. But integration is possible.
Hence, if you have an Authorization framework based on XACML then, integration point for SSO would be to generate the Principal used by XACML to enforce Authorization decisions

4. Can I get some reference implementations for federated SSO..other the one in the flash demo.

In its current form, the framework ships with the actual implementation of the two Seam apps that are featured in the flash demo.

It also has a test application that is used for testing scenarios during development

5. Do we need a portal (customized or any product driven like Oracle portal, weblogic etc).

No. portal or any custom thirdparty product is not a requirement. The only requirement at this point is Tomcat

We have 5 applications using different login mechanisms like JAAS, Database etc running in different servers including jBoss, Tomcat, web logic.

Can we use the beta Federated SSO beta for implementing SSO and SAML to support existing apps and also future apps..

Absolutely. Although I am not too familiar with WebLogic. As long as you run Tomcat you should be fine.

Also please refer here for more detailed documentation:

http://labs.jboss.com/portal/index.html?ctrl:cmd=render&ctrl:window=default.wiki.WikiPortletWindow&page=Jbosssso&language=EN

Thanks
Sohil
Project Lead, JBoss Federated SSO