/** The login process starts from here. */
  public HttpResponse doCommenceLogin(
      StaplerRequest req,
      StaplerResponse rsp,
      @QueryParameter String from,
      @QueryParameter String ticket)
      throws ServletException, IOException {

    // TODO write login method
    String puid = authenticateInWwpass(ticket, certFile, keyFile);

    WwpassIdentity u;
    try {
      u = loadUserByUsername(puid);
    } catch (UsernameNotFoundException e) {
      if (allowsSignup()) {
        req.setAttribute("errorMessage", Messages.WwpassSecurityRealm_NoSuchUserAllowsSignup());
      } else {
        req.setAttribute("errorMessage", Messages.WwpassSecurityRealm_NoSuchUserDisableSignup());
      }
      req.getView(this, "login.jelly").forward(req, rsp);
      throw e;
    }
    if (!u.isAccountNonLocked() || !u.isEnabled()) {
      // throw new LockedException("Account is not activated for " + puid);
      throw new Failure(Messages.WwpassSecurityRealm_AccountNotActivated());
    }

    Authentication a = new WwpassAuthenticationToken(u.getNickname());
    a = this.getSecurityComponents().manager.authenticate(a);
    SecurityContextHolder.getContext().setAuthentication(a);

    return new HttpRedirect(Jenkins.getInstance().getRootUrl());
  }
 /** Creates a new user account by registering a password to the user. */
 public User createAccount(WwpassIdentity id) throws IOException {
   User user = User.get(id.getNickname());
   user.addProperty(id);
   return user;
 }