From the online docs on the org.jboss.security.srp.jaas.SRPLoginModule. This module supports the following configuration options:

* principalClassName: This option is no longer supported. The principal class is now always org.jboss.security.srp.jaas.SRPPrincipal.
* srpServerJndiName: The JNDI name of the SRPServerInterface object to use for communicating with the SRP authentication server. If both srpServerJndiName and srpServerRmiUrl options are specified, the srpServerJndiName is tried before srpServerRmiUrl.
* srpServerRmiUrl: The RMI protocol URL string for the location of the SRPServerInterface proxy to use for communicating with the SRP authentication server.
* externalRandomA: A true/false flag indicating if the random component of the client public key A should come from the user callback. This can be used to input a strong cyrptographic random number coming from a hardware token for example.
* hasAuxChallenge: A true/false flag indicating an that a string will be sent to the server as an additional challenge for the server to validate. If the client session supports an encryption cipher then a temporary cipher will be created using the session private key and the challenge object sent as a javax.crypto.SealedObject.
* multipleSessions: a true/false flag indicating if a given client may have multiple SRP login sessions active simultaneously.