Instead of the LDAP query described above, an external HTTP server (web server) is queried for user information. The query has two parts: password verification and user data query.