I have a several WAB packages with JSF pages. I know how to create simple JSF login page. The problem is how the WAB packages can share the user sessions? I want one login menu to register sessions for all WAB packages.
Each WAB is deployed as a separate web application. I'm not sure which container you are deploying the WABs to but some servlet engines (eg. Tomcat or Jetty) can be configured to share session data between different web applications (WARs). (see sharing session between WARs)
Another option is to develop your own single-sign-on service. This service can be deployed as an OSGi bundle and used by each WAB. The first WAB that logs in registers the user and a secret with the service. The secret is also stored encrypted in a secure cookie that's valid for the whole domain (no path). Once another WAB notice the cookie it can sign-in the user immediately. Each WAB would still have its own session, though. But the single-sign-on service can also be used to share additional data between WABs. The service should also implement some clean-up handling to discard old data. There are also additional security options you can implement to adapt the service to your needs.