Index: lams_central/build.properties
===================================================================
diff -u -r9da35349a62686e5112d5be703c9047c48d88467 -r6ac0dd279c712feae12fadb39e06990c5e7ee2dd
--- lams_central/build.properties	(.../build.properties)	(revision 9da35349a62686e5112d5be703c9047c48d88467)
+++ lams_central/build.properties	(.../build.properties)	(revision 6ac0dd279c712feae12fadb39e06990c5e7ee2dd)
@@ -10,4 +10,4 @@
 
 # a servlet extension that puts credentials into shared session to allows access for other modules
 # overrides default setting in lams_build/common.properties
-ssoClass=org.lamsfoundation.lams.integration.security.SsoProducer
\ No newline at end of file
+ssoClass=org.lamsfoundation.lams.integration.security.SsoProducer\norg.lamsfoundation.lams.integration.security.SsoConsumer
\ No newline at end of file
Index: lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java
===================================================================
diff -u -r1d2ff22c947ab0d5646bb02b8189ca668020bdbc -r6ac0dd279c712feae12fadb39e06990c5e7ee2dd
--- lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	(.../UniversalLoginModule.java)	(revision 1d2ff22c947ab0d5646bb02b8189ca668020bdbc)
+++ lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	(.../UniversalLoginModule.java)	(revision 6ac0dd279c712feae12fadb39e06990c5e7ee2dd)
@@ -100,7 +100,8 @@
 	protected boolean validatePassword(String inputPassword,
 			String expectedPassword) {
 		boolean isValid = false;
-		if (inputPassword != null) {
+		HttpSession sharedsession = SessionManager.getSession();
+		if (inputPassword != null && sharedsession != null) {
 			// empty password not allowed
 			if (inputPassword.length() == 0)
 				return false;
@@ -277,7 +278,6 @@
 						}
 					}
 
-					HttpSession sharedsession = SessionManager.getSession();
 					sharedsession.setAttribute(AttributeNames.USER, userDTO);
 				}
 			} catch (Exception e) {
Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoConsumer.java
===================================================================
diff -u -r9da35349a62686e5112d5be703c9047c48d88467 -r6ac0dd279c712feae12fadb39e06990c5e7ee2dd
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoConsumer.java	(.../SsoConsumer.java)	(revision 9da35349a62686e5112d5be703c9047c48d88467)
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoConsumer.java	(.../SsoConsumer.java)	(revision 6ac0dd279c712feae12fadb39e06990c5e7ee2dd)
@@ -59,7 +59,8 @@
 	    @Override
 	    public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext sc) {
 		ServletRequestContext requestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
-		if (requestContext == null) {
+		// pass authentication further if it is a non-processable request or the user is loggin in just now
+		if (requestContext == null || exchange.getRequestURI().endsWith("j_security_check")) {
 		    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
 		}