I'd like to report a bug at the method "private String getDomain(String serverName)" of the class org.jboss.security.valve.SSOTokenManager
(there is a method just like this one in the class org.jboss.security.federation.servlet.SSOFederationServer, but I think it's never called).
This method must return the domain of a given server name. The logic implemented returns "." + the last two words of the server name.
So if the server name is www.jboss.com, it returns ".jboss.com".
That would work if the server names are always like www.jboss.com, node1.jboss.org. But, there are server names, like here in Brazil, where the pattern is "www.something.com.br". So, that method would return the domain ".com.br".
Consequence: JBoss Federated doesn't work for Internet Explorer when the the server name is like "www.something.com.br".
I rewrote this method, returning as the domain of the server name everything that is after the first ".". Now it is working for any pattern of server names for IE and Firefox.