diff --git a/config/example-config.php b/config/example-config.php
index 5e2665af..fbb3bd7e 100644
--- a/config/example-config.php
+++ b/config/example-config.php
@@ -162,6 +162,9 @@ $c->collections_always_exist = false;
 * and he used to authenticate the user should be at least 'password,user_no'
 * awl/inc/AuthPlugins.php is a sample file not used by showing what could be
 * a hook
+*
+* $c->authenticate_hook['optional'] = true; can be set to try default authentication
+* as well in case the configured hook should report a failure.
 */
 
 /********************************/
diff --git a/inc/HTTPAuthSession.php b/inc/HTTPAuthSession.php
index 0d952df1..963b54a2 100644
--- a/inc/HTTPAuthSession.php
+++ b/inc/HTTPAuthSession.php
@@ -221,7 +221,15 @@ class HTTPAuthSession {
       * It can expect that:
       *   - Configuration data will be in $c->authenticate_hook['config'], which might be an array, or whatever is needed.
       */
-      return call_user_func( $c->authenticate_hook['call'], $username, $password );
+      $hook_response = call_user_func( $c->authenticate_hook['call'], $username, $password );
+      /**
+       * make the authentication hook optional: if the flag is set, ignore a return value of 'false'
+       */
+      if (isset($c->authenticate_hook['optional']) && $c->authenticate_hook['optional']) {
+        if ($hook_response !== false) { return $hook_response; }
+      } else {
+	return $hook_response;
+      }
     }
 
     if ( $usr = getUserByName($username) ) {