if i am not going wrong,
you was saying that, if user a has already logged in/ authenticated on machine A, now if he accessed the data of Machine B, he should be authenticated for machine B as well, he should not asked for authentication for machine B also.
if i am right,
sso:- Providing a single sign-on, so that users can access multiple accounts and applications with a single password, eliminates the need for multiple passwords for users and simplifies management of user accounts and passwords for system administrators.
1. Shared security. You want the authentication to be done before the apps are invoked and for that security realm to be then propagated to the apps. That is SSO (Single Signon).
2. You want to share the same user session between the 2 separate webapps.
3. You want to physically embed the output of one user webapp in the display of the other webapp.
SSO can be provided by using an SSO Tomcat security realm to JBoss. Tomcat is the embedded webapp server component used by JBoss. JBoss adds the missing J2EE stack components, such as EJBs, and jacks the Tomcat security Realm into them.
Sharing a session between 2 different webapps is a Tomcat application configuration option and I commend you to the kind mercies of the Tomcat and JBoss documentation.
Embedding output is the trickiest part. JSF doesn't take too kindly to frames. A better solution would be to use a standard JSR-288/JSR-238 Portal server such as LifeRay and deploy that into JBoss.
Sometimes the only way things ever got fixed is because people became uncomfortable.