def login(self, SAMLRequest, RelayState='', *args, **kw):
    if config.get('apps.use_header_auth'):
      # header auth
      # retrieve user name from header
      key = config.get('apps.auth_header_key')
      user_name = cherrypy.request.headers.get(key, None)
      if user_name is None:
        raise errors.GheimdallException('Can not retrieve user name.')

      ret = utils.createLoginDict(SAMLRequest, RelayState, user_name)
      ret['tg_template'] = 'gheimdall.templates.gheimdall-login-success'
      return ret

    remember_me = None
    authenticated = None
    remember_me = cherrypy.session.get('remember_me', False)
    authenticated = cherrypy.session.get('authenticated', False)
    if remember_me and authenticated:
      auth_time = cherrypy.session.get('auth_time', 0)
      valid_time = cherrypy.session.get('valid_time', 0)
      now = time.time()
      if auth_time < now and now < valid_time:
        ret = utils.createLoginDict(SAMLRequest, RelayState,
                                    cherrypy.session.get('user_name'),
                                    set_time=False)
        ret['tg_template'] = 'gheimdall.templates.gheimdall-login-success'
        return ret

    tg_exception = kw.get('tg_exceptions', None)
    if tg_exception is not None:
      log.error(tg_exception)
    return dict(form=login_form_widget,
                values=dict(SAMLRequest=SAMLRequest,RelayState=RelayState))
          return dict(user_name=user_name,
                      tg_template="gheimdall.templates.gheimdall-nopasswd")
        # save user_name to session
        cherrypy.session['user_name'] = user_name
        return dict(tg_template="gheimdall.templates.gheimdall-passwd",
                    form=passwd_form_widget,
                    values=dict(backURL='',
                                user_name=user_name,
                                old_password=password,
                                SAMLRequest=SAMLRequest,
                                RelayState=RelayState))
      # Failed.
      flash(_('Can not login'))
      time.sleep(config.get('apps.sleep_time', 3))
      raise errors.GheimdallException(e.reason)
    return utils.createLoginDict(SAMLRequest, RelayState, user_name)

  @expose(template="gheimdall.templates.gheimdall-login-success")
  @error_handler(login)
  @exception_handler(
    login,
    rules="isinstance(tg_exceptions,errors.GheimdallException)")
  @validate(form=login_form_widget)
  @strongly_expire
  def login_do(self, SAMLRequest, RelayState, user_name, password, **kw):
    if config.get('always_remember_me', False):
      cherrypy.session['remember_me'] = True
    else:
      cherrypy.session['remember_me'] = kw.get('remember_me', False)
    if config.get('apps.use_header_auth', False):
      raise errors.GheimdallException(