First, I know this most likely won't ever be fixed because it has been end of lifed, but the Gatein project is still in Beta, as thus not a viable alternative.
Anyway, I have been having problems where my Single Sign-On users can't access their dashboard after login. I have tracked the problem down to Kerberos users having a realm (ssoUser@REALM). If I just use ssoUser, then everything works fine.
In reviewing the code, I find that after logging in as ssoUser@REALM, that the code in PageCustomizerInterceptor:197
User user = controllerCtx.getUser();
only returns ssoUser, not ssoUser@REALM.
This is the username that is used for checking my security level in the PortalObjectPermission:295-299
Principal user = (Principal)i.next();
String userName = user.getName();
//
return userName.equals(i2.next());
This evaluates to ssoUser@REALM.equals(ssoUser), since the Principal still has the correct user@REALM, but i2.next() is taken from the 'path:/username', which is dashboard:/ssoUser.