Why can't you just set the username and password once the question has been answered correctly and then call login?
You have obviously gone off and retrieved the user's details anyway. So, I'm not sure why this wouldn't work.
If all else fails take a look inside the Identity.login method and just make the appropriate calls to do your authentication.
Well, it does not help to set the user/pass, seam initialize the Principal object via invoking the auth method you define,
I wanted to know if there's a 'correct way' to perform auth without invoking the auth method/hacking into the identity class,
Principal principal = new SimplePrincipal(username); identity.acceptExternallyAuthenticatedPrincipal(principal);
Hope it helps!