0 Replies Latest reply on Nov 19, 2013 11:01 PM by moje2920

    QuickStarter Login Mechanism

    moje2920

      Hi all,

       

      I'm currently working on a SSO project. But I'm a bit confused about the login mechanism in the quickstart.

       

      First, I found that the user input Username and Password can be only retrieved once by UsernamePasswordLoginModule.getUsernameAndPassword(). If you try to access the password second time, then password will be EMPTY_STR, but the username is still there. I don't quite understand why.

       

      Second, since the user entered password is EMPTY_STR, the login function will convert the password saved in IdP to EMPTY_STR in order to match it.

       

      I don't quite understand firstly why the login() will be called twice (and actually which class extend AbstractServerLoginModule and be used while login besides UsernamePasswordLoginModule), and why the password would become EMPTY_STR in we access it for the second time?

       

      Thanks in advance!

       

      Lee