When we try to "stack" login modules in an <application-policy> it works almost fine. The problem is that only the roles obtained by the last login module are associated to the user. The roles from the former modules are lost (despite they completed with success). Any idea?
The jboss login modules do not merge roles. You would have to override the jboss login module to provide this behavior. Its a feature I could look at supporting, what is you usecase?