diff --git a/plugins/stoa/controllers/stoa_plugin_controller.rb b/plugins/stoa/controllers/stoa_plugin_controller.rb
index ffb1d8a..eede9b2 100644
--- a/plugins/stoa/controllers/stoa_plugin_controller.rb
+++ b/plugins/stoa/controllers/stoa_plugin_controller.rb
@@ -3,7 +3,13 @@ class StoaPluginController < PublicController
 
   def authenticate
     if request.ssl? && request.post?
-      user = User.authenticate(params[:login], params[:password], environment)
+      if params[:login].blank?
+        person = Person.find_by_usp_id(params[:usp_id])
+        login = person ? person.user.login : nil
+      else
+        login = params[:login]
+      end
+      user = User.authenticate(login, params[:password], environment)
       if user
         result = {
           :username => user.login,
diff --git a/plugins/stoa/test/functional/stoa_plugin_controller_test.rb b/plugins/stoa/test/functional/stoa_plugin_controller_test.rb
index 18ce095..4fa0288 100644
--- a/plugins/stoa/test/functional/stoa_plugin_controller_test.rb
+++ b/plugins/stoa/test/functional/stoa_plugin_controller_test.rb
@@ -90,6 +90,23 @@ class StoaPluginControllerTest < ActionController::TestCase
     assert !json_response['exists']
   end
 
+  should 'authenticate with usp_id' do
+    @request.stubs(:ssl?).returns(true)
+    post :authenticate, :usp_id => user.person.usp_id.to_s, :password => '123456'
+
+    assert_nil json_response['error']
+    assert_equal user.login, json_response['username']
+  end
+
+  should 'not crash if usp_id is invalid' do
+    @request.stubs(:ssl?).returns(true)
+    assert_nothing_raised do
+      post :authenticate, :usp_id => 12321123, :password => '123456'
+    end
+    assert_not_nil json_response['error']
+    assert_match /user/,json_response['error']
+  end
+
   private
 
   def json_response
--
libgit2 0.21.2