Hi Dmitry,
On Tue, 2018-08-14 at 03:59 +0300, Dmitry Telegin wrote: > Hi, > > As per the document [1], to pre-authenticate a user in the Sling > tier, one needs to do the following: > > > 1. verify the identity in the layer on top of the JCR repository > > (e.g. in a custom Sling Authentication Handler) > > 2. pass a custom, non-public Credentials implementation to the > > repository login > > The 1st step is clear, I was able to create a custom > AuthenticationHandler and verify the identity. But how exactly do I > pass custom Credentials implementation to the repository login? My reading of the Oak page is that you should do that in step 3. "create a custom login module that only supports these dedicated credentials". If you look at the code example on that page, it does exactly that sharedState.put(SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(userId)); sharedState.put(SHARED_KEY_CREDENTIALS, new SimpleCredentials(userId, new char[0])); sharedState.put(SHARED_KEY_LOGIN_NAME, userId); And the credential implementation seems to the SimpleCredentials with an empty password. Does that work for you? Robert