...
This information is meant to be used in conjunction with the Creating Custom IdP Extensions - General Overview guide.
Overview of Authentication Process
This diagram describes the relationship of various components during the authentication process. It is intended to give LoginHandler developers an idea of the flow of control within the IdP, and thus see where their code fits in.
A common technique used is to have the LoginHandler redirect the user to a servlet or JSP page that either handles the authentication directly (e.g. X.509 client certificate) or prompts the user to provide credentials.
In the latter case, a servlet is used to handle the credential input (e.g. form POST). Once authentication is complete, the servlet should return control to the AuthenticationEngine after setting the various properties such as principal name or authentication method (using httpRequest.setAttribute(LoginHandler.*_KEY, value)).
Classes, Schema Types, and Schema Files
...