custom authentication

I’m looking for the “cleaner” way to manage a custom authentication with LDAP and with a SSO provider (keeping a mysql user table also).

Should I make another User class that implements IdentityInterface ?

In LoginForm, getUser() does this : $this->_user = User::findByUsername($this->username);

I’m surprised User is hardcoded and that the identityClass defined in the config is not userd instead.