// instead, if SSO is active, the authentication mechanism is provided by the SSO itself, so SpagoBI does not make
// any authentication, just creates the user profile object and puts it into Spago permanent container
if (!activeSoo) {
String pwd=(String)request.getAttribute("password");
try {
Object ris=supplier.checkAuthentication(userId, pwd);
if (ris==null){
logger.error("pwd uncorrect");
EMFUserError emfu = new EMFUserError(EMFErrorSeverity.ERROR, 501);
errorHandler.addError(emfu);
return;