I'm interested in the concepts promoted by the JBOSSSSO project. However, it seems to me that you have to build your own Identity Connector inside the jbosssso.sar directory in order to allow your-preferred-flavour authentication.
Is there any provision to de-couple the ssso modules from the idm ones? This way, any update to the jbosssso module would have no impact on the home-made idm code.
I think it would be effective to have a jbosssso.sar supplying the core SSO functionality, then one can write, say, a my-own.mdc directory or archive, putting into there the mdc code needed to authenticate through the wanted method/protocol.