Hi all,

I'm currently working on a SSO project. But I'm a bit confused about the login mechanism in the quickstart.

First, I found that the user input Username and Password can be only retrieved once by UsernamePasswordLoginModule.getUsernameAndPassword(). If you try to access the password second time, then password will be EMPTY_STR, but the username is still there. I don't quite understand why.

Second, since the user entered password is EMPTY_STR, the login function will convert the password saved in IdP to EMPTY_STR in order to match it.

I don't quite understand firstly why the login() will be called twice (and actually which class extend AbstractServerLoginModule and be used while login besides UsernamePasswordLoginModule), and why the password would become EMPTY_STR in we access it for the second time?

Thanks in advance!

Lee