Seam: login using external SSO application

I have a Seam app that needs to use an external one to sign in. The logic is as follows:

• My app sends user to external SSO url
• The user does whatever is required for authentication.
• On success, the external application redirects the user back to my application with a random token
• My code should contact an external application via HTTP with the passed token and get the full information about the user in response

Pretty simple. But I'm stuck.

The redirection goes to / seam / resources / token. I intended to get the Identity from the session, populate it with a token, and authenticate. But in the resource handler, the user session is apparently not visible: the session context is null. :(

I tried to make LifeCycle.beginCall in there, and it works in a certain sense: the authentication logic works, but the result is never made available to the user (the user session still has an empty identity).

What am I doing wrong?

PS Here is more or less complete code for my resource handler. Logging and other unrelated material removed for brevity.

@Scope(ScopeType.APPLICATION)
@Name("tokenResource")
// @BypassInterceptors
public class TokenResource extends AbstractResource {
    @Override
    public String getResourcePath() {
        return "/token";
    }

    @Override
    public void getResource(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
        String token = request.getParameter("token");

        // woot?
        Lifecycle.beginCall();

        Identity identity = Identity.instance(); 
        MyIdentity mid = (MyIdentity) identity;
        mid.setToken(token);
        mid.login();

        response.sendRedirect("/home.seam");
    }