LDAP integration vs SSO

Hello,

I am not yet an user of Openfire so forgive me in case question is answered somewhere.

In short - we would like to use Openfire integrated with LDAP and be able to create user session from a web application (to use with browser based communicator like for example Candy - http://candy-chat.github.io/candy) without knowing the users’s password and authorize the user in the communicator so that he wouldn’t have to log on.

Details:

We have a system that authorizes users basing on some “token” given from lets say proxy element, that puts it in request header before the request reaches web application. Basing on this token the web application knows user login (1:1 with LDAP), but knows nothing about his password, that is why we are not able to create a session for user and log him automatically from the web application using standard mechanisms (like: http://metajack.im/2008/10/03/getting-attached-to-strophe/).

I think what we need is a possibility to create a session for given user by providing administrative credentials. Does such functionality exist in Openfire?

Best Regards,

Pawel