Hi Pavan,
You would need to edit the 'OTK USER AUTHENTICATION' encap. Turn on the comments and under the 'Authentication' branch you can add a new 'All assertions must evaluate to true' branch that includes the logic.
If you are basing authentication solely on the HTTPresponse from passing the query parameters to the server you can do something along these lines:
Add a route via HTTP(s) assertion (ie: to https://yourAuthServer/auth?username=admin&password=7layer).
If ${httpRouting.reasonCode} = 200 succeed, else fail.
The variable ${current.username} should also be set to the name of the user you are authenticating.
Regards,
Joe