Well, the problem seems to come from the new JBoss Web Server since everything works fine with JBoss 4.0.5 (tomcat 5.5 embedded).
Hope it will be patched in the new versions ...
The apache SSO valve does not really depend on the JBoss security domain but rather than having the WAR files deployed to the same HOST.
It should be seamless.
The principal that is coming from a different WAR/domain should make sense to the current WAR.