Index: axis/src/webapp/SakaiLogin.jws
===================================================================
--- axis/src/webapp/SakaiLogin.jws	(revision 46362)
+++ axis/src/webapp/SakaiLogin.jws	(working copy)
@@ -7,6 +7,7 @@
 import org.sakaiproject.tool.cover.SessionManager;
 
 import org.sakaiproject.user.api.User;
+import org.sakaiproject.user.api.UserNotDefinedException;
 import org.sakaiproject.user.cover.UserDirectoryService;
 
 import org.sakaiproject.component.cover.ServerConfigurationService;
@@ -41,7 +42,28 @@
 		throw new AxisFault("Web Services Login Disabled");
 	}
 
-        User user = UserDirectoryService.authenticate(id,pw);
+        // see if container authentication is enabled
+	boolean containerLogin = ServerConfigurationService.getBoolean("container.login", false);
+
+        // if container authentication used, user can't get access to tomcat unless already authenticated at the container level,
+        // therefore no need to authenticate user via UserDirectoryService.authenticate(id,pw), 
+        // just need to get user details via UserDirectoryService.getUserByEid(id). 
+        // This also implies there is no need to implement UserDirectoryProvider.authenticateUser(..) as equivalent is done at the container level.
+
+	User user = null;
+        if (containerLogin) {
+	    try {
+		user = UserDirectoryService.getUserByEid(id);
+	    } catch(UserNotDefinedException e) {
+		String errMsg = "Failed Web Services Login id="+id+" ip="+ipAddress + " user is not defined in UserDirectoryService, but user was able to successfully authenticate using container authentication";
+		LOG.warn(errMsg);
+		throw new AxisFault(errMsg);
+	    }
+        } else {
+           // No container authentication, therefore do normal sakai authentication
+           user = UserDirectoryService.authenticate(id,pw); 
+        }
+
 	if ( user != null ) {
                 Session s = SessionManager.startSession();
                 SessionManager.setCurrentSession(s);