How do I go about getting a persistent clientAuthentication session with switchyard?

I'm creating SPA with a form login page and lots of ajax REST queries to the back end.  I'd like to only have to log in once and not have the client hold on to password information and authenticate with each request.ord information to continually authenticate.  And it's SOA so I'd like to be authenticated to all of the switchyard services.

I was able to configure a JAAS security domain in my jboss environment and was able to log in to both a switchyard service as well as a form based html using that domain.  The next hurdle was to get it to remember my authentication status since every subsequent REST query to Switchyard wanted to re-authenticate me.

• I tried connecting to a switchyard service within the same war as my form based jsp that authenticated but it still wanted authentication.

• I tried turning on SSO in by updating standalone.xml to have the following subsystem:

<subsystem xmlns="urn:jboss:domain:web:1.4" default-virtual-server="default-host" native="false">

      <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>

      <virtual-server name="default-host" enable-welcome-root="true">

      <alias name="localhost"/>

      <sso domain="localhost" reauthenticate="false"/>

      </virtual-server>

</subsystem>

And updating my war’s jboss-web.xml to include:

              <valve>

                    <class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>

             </valve>

Is there another piece that needs to be configured so that the  Switchyard Runtime knows about already authenticated users?

Even if I had the client hold onto username/password, it looks like I wouldn’t be able to since REST can’t authenticate currently: https://issues.jboss.org/browse/SWITCHYARD-1864