Index: lams_central/build.properties
===================================================================
RCS file: /usr/local/cvsroot/lams_central/build.properties,v
diff -u -r1.8.2.1 -r1.8.2.2
--- lams_central/build.properties	19 Sep 2014 10:55:13 -0000	1.8.2.1
+++ lams_central/build.properties	14 Oct 2014 12:49:48 -0000	1.8.2.2
@@ -10,4 +10,4 @@
 
 # a servlet extension that puts credentials into shared session to allows access for other modules
 # overrides default setting in lams_build/common.properties
-ssoClass=org.lamsfoundation.lams.integration.security.SsoProducer
\ No newline at end of file
+ssoClass=org.lamsfoundation.lams.integration.security.SsoProducer\norg.lamsfoundation.lams.integration.security.SsoConsumer
\ No newline at end of file
Index: lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java
===================================================================
RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java,v
diff -u -r1.29.2.2 -r1.29.2.3
--- lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	30 Sep 2014 13:11:24 -0000	1.29.2.2
+++ lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	14 Oct 2014 12:49:48 -0000	1.29.2.3
@@ -100,7 +100,8 @@
 	protected boolean validatePassword(String inputPassword,
 			String expectedPassword) {
 		boolean isValid = false;
-		if (inputPassword != null) {
+		HttpSession sharedsession = SessionManager.getSession();
+		if (inputPassword != null && sharedsession != null) {
 			// empty password not allowed
 			if (inputPassword.length() == 0)
 				return false;
@@ -277,7 +278,6 @@
 						}
 					}
 
-					HttpSession sharedsession = SessionManager.getSession();
 					sharedsession.setAttribute(AttributeNames.USER, userDTO);
 				}
 			} catch (Exception e) {
Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoConsumer.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/integration/security/Attic/SsoConsumer.java,v
diff -u -r1.1.2.1 -r1.1.2.2
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoConsumer.java	19 Sep 2014 10:55:11 -0000	1.1.2.1
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoConsumer.java	14 Oct 2014 12:49:49 -0000	1.1.2.2
@@ -59,7 +59,8 @@
 	    @Override
 	    public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext sc) {
 		ServletRequestContext requestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
-		if (requestContext == null) {
+		// pass authentication further if it is a non-processable request or the user is loggin in just now
+		if (requestContext == null || exchange.getRequestURI().endsWith("j_security_check")) {
 		    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
 		}