Instead of changing realms and other configuration considering integrating your custom Login Module via the jboss-portal.sar/conf/login-config.xml file
Changing the entire Portal security realm can probably lead to other unpredictable issues.
Thanks Sohil. This is what I did -
* Modified portal-server.war/WEB-INF/login-config.xml and added a new security realm, "myrealm".
* This security realm uses a bunch of custom, stacked login modules that another application (say, app1) deployed to JBoss uses. App1 works fine and user is authenticated successfully.
* I modified jboss-web.xml and changed the security realm name from "portal" to "myrealm".
* However, authentication to app2 (JBoss Portal) fails and I don't see anything useful even when I turn on DEBUG level logging (for Apache and JBoss). It just says "authentication failed" and I don't see the request go as far as my custom login module implementations (debug stmts in those class files are not logged).
One last thing, after I am authenticated against app1, if I try to login to app2, it seems to go through except that I can't access the Portlet configuration screens etc, that are SSL enabled (redirect happens to a different SSL port, and I get a "resource not found" exception.
Thanks for your help.