This works perfectly for correctly authenticated users. Problem is when I return false from myAuthenticator (user does not have proper credentials for the app) the website goes into a loop, spawning multiple infinite cid=nnn and page loops.
Obviously (I think) using the event notLoggedIn is not the correct place to start a "Automated Login".
From what I have learned, the identity.login needs to be outside my authenticator, in order to properly have the authenticate-method in Components.xml work correctly.
Or, possibly I need to override some default behavior someplace?
Is there a better choice, a better framework location to be calling "identity.login" from?
For an automated login perspective, (like Single Sign On) where do folks make the initial identity.login call from?