I am writing a custom Sling Authentication Handler and am having trouble understanding where the actual "authentication" to sling takes place.
Currently my Authentication Handler validates credentials against a third party system, creates a user in JCR as necessary, gets an AuthenticationInfo object based on that user ,and returns that AuthenticationInfo object. I was under the impression that returning a non-null AuthenticationInfo object was enough for sling to authenticate the user, however this does not appear to be the case (unless I my Authentication Info obj isnt properly formed i suppose). Should all I have to do is return an AuthenticationInfo obj from extractCredentials in my Custom Authenication Handler to authenticate the user to Sling? Or is there something else I have to do? If not, is there anything special in how the AuthenticationInfo is created? Many thanks in advance!
