Additional challenges exist when using JAAS in a stand-alone Java client environment. In particular, integration options with third-party SSO providers can be limited or unavailable. In many cases, third-party JAAS Login Modules might be provided that work well when executing within a Java EE container, but cease to work when running in a stand-alone Java environment. The stand-alone Java environment might not support the application-server-specific trust mechanisms needed to produce valid JAAS subjects for the target application server.
Login Modules that allow the use of user name and password credentials from a stand-alone client are available from the individual application server vendors. In some cases, a Login Module that allows the use of PKI certificates with two-way SSL might also be available. Support for other authentication options in a thick Java client environment will most likely require a custom integration. Clients of the FileNet® P8 Content Platform Engine Java API can use a JAAS Subject that they have obtained themselves, or pass in user name and password credentials to the API, which will then attempt to obtain a JAAS Subject for them, using Login Modules specified in the operative JAAS configuration.