Why are you not leveraging Seam security ? You just need to implement a custom authenticate method that runs your custom authentication routine. If you dont do so you lose alot of useful features as described here: Seam security
Here's a guideline for Windows SSO with Seam security integration
Windows SSO With Seam
It is very similar to what you are trying to accomplish, just ignore the NTLM auth code and replace this with your JOSSO specific auth code. NTLM auth and JOSSO auth fulfill the same goal anyways.