// login with token only must succeed as well.
TokenCredentials tokenOnly = new TokenCredentials(token);
tokenOnly.setAttribute(TOKEN_ATTRIBUTE + ".any", "any");
s = repo.login(tokenOnly);
try {
assertEquals(creds.getUserID(), s.getUserID());
Set<TokenCredentials> tokenCreds = ((SessionImpl) s).getSubject().getPublicCredentials(TokenCredentials.class);
assertFalse(tokenCreds.isEmpty());