I started studying openAM recently and need to go deep into its infrastructure.
I have learned that openAM provides some authentication APIs such as
Post: http://mywebsite/openam/json/authenticate
headers: X-OpenAM-Username:xxx , X-OpenAM-Password:xxx
Basically I want to learn more about how openAM handles such a request, where is the controller? how does it validate the username and password? Can anyone give a hint where to start in openAM's source ?
If you have the privilege of having access to the OpenAM/AM source code, then you could start to look at AuthenticationServiceV1 and the various RESTAuth*CallbackHandler classes to get a closer look at the REST side of things.
If you are interested in the authentication framework in its all glory, then AMLoginContext, AuthContext, LoginState and AMLoginModule are the classes you should take a look at.