Yes, you can set an existing Principal (obtained from somewhere else) into an Identity objecting by calling:
Thank you for the responses.
The real problem is that Seam's identity is not container authentication. My Seam application calls remote EJBs that use @RolesAllowed and get the principal from session context. So what I really need to do is to set the container's principal to Seam's identity. This is doable on JBoss using some JBoss specific classes but is not portable across application servers.
So I'm trying to do it opposite way - authenticate in container using form based authentication and then based on that set seam's identity. Chapter 15.4 would be the answer how to do it in proper seam way. However at the moment I use Seam 2.0.2.SP1 which does not support identity manager yet (according to documentation).
Thanks, I will try that also. At the moment I use the approach described here: http://sdudzin.blogspot.com/2007/12/windows-sso-with-jboss-seam.html. In my autoLogin() method I get the principal from the request and set the username on Identity and some fake password (the user is authenticated already). Beside that I just get the roles of the user from database and set them on identity. So far it looks like it works.