Is something like below possible? We're trying to support guest users or authentication from another source. When I'm trying to work this, it seems that when I try to authenticate through a freezone, the picketlink redirects are still kicking in. So, is there a way to provide guest access to the areas that can also be served by logged-in (via PicketLink)? In other words, the first part isn't necessarily required, just would be a nice to have as this is how chained authenticatino in JBoss is described.
<deployment>
<application-policy xmlns="urn:jboss:security-beans:1.0" name="sp">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="sufficient">
<module-option name="usersProperties">props/jmx-console-users.properties</module-option>
<module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
</login-module>
<login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule"
flag="sufficient">
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</authentication>
</application-policy>
</deployment>