Is it possible to inject the user and role information from an external authentication engine through HTTP headers? I want to somehow configure the portal to blindly use the user/role that are being passed as HTTP headers in the first request.

From what I have been reading so far, I believe it's possible to write a custom login module and override validatePassword method to not verify the password in portal's data source. But I am not sure how I can make the portal blindly use the user/role strings in the HTTP header of the incoming request?