We slightly modified the http upload example to be deployed into two separate SA?s and secured the http consumer so that it will prompt users for username and password by adding ?authmethod=BASIC? attribute. When we deploy both SA?s on the same SMX container, we are able to get and display the security principal on the SMX console, however, when we deploy the SA?s on two physically separate but clustered SMX boxes, the security subject is null although the payload is successfully routed. We were under the impression that security subject will be propagated from one NMR to the other until it reaches its final destination. Is this a bug with FUSE ESB? Do we have to make some configuration changes to make the cluster aware of identity propagation?