Hi ,
We have an issues with seam authentication in Tomcat 7 and Red Hat enviroment. We created an extension of identity that have a new attribute and the problem is:
We have a page (index.xhtml) that has a login form
Index has an own .page:
<page xmlns="http://jboss.com/products/seam/pages"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.2.xsd">

   <navigation from-action="#{identity.login}">
      <rule if="#{identity.loggedIn and identity.hasRole('cliente')}">
         <redirect view-id="/cliente/home"/>
      </rule>
      <rule if="#{identity.loggedIn and identity.hasRole('estabelecimento')}">
          <redirect view-id="/#{usuarioLogado.estabelecimentoAtual.url}/home"/>
      </rule>
      <rule if="#{not identity.loggedIn}">
          <redirect view-id="/login"/>
      </rule>
   </navigation>

</page>
The first time index.seam is executed, seam render the index page correctly.
When we submit login form first time, seam authenticate correctely and add cliente role to the identity, but apparently when seam execute the page navigation <navigation from-action="#{identity.login}">, the rule <rule if="#{identity.loggedIn and identity.hasRole('cliente')}"> its not evaluated, and it redirects to the page configured as login-view-id="/index.xhtml in the global page.xml
The most interesting is that the second time (when we try again) everything works fine.
In our development enviroments we didn't reproduce the problem (the same tomcat version, the same jvm version, windows machines)


Best Regards
Kloss CWB-BRA