I thought this was working. I noticed that you raised a JIRA issue, and in it you said that you had looked into the Seam Security code and found the problem - where abouts is it? I should be able to take a look at this over the next few days.
Sorry for the late reply i've workaround this by manually adding groups in my authenticator so i'm working on another part of my project.
The first problem i noticed is when picketlink call JpaIdentityStore.getRelationshipNames. the criteria doesn't filter relationships with null name so got a NPE when doing:
I then look at HibernateIdentityStore and see that they are using a "%" restriction then i tried this :
Path<String> rolesOnly= root.get(relationshipNameProperty.getName());
It removes the NPE but no membership is loaded and i got a log message
"18:05:00,853 INFO [STDOUT] *** Invoked unimplemented method findIdentityObject()"
Hope this helps,
PS : The error is not a NPE but a
IllegalArgumentException: name cannot be nullwhen trying to create a role based on this list but it doesn't matter ;-)
ok i'll complete the jira