I need advice in getting the CAS Client Filter to play nice with our internal Auth Filter.
We have an Auth Filter that validates requests against both PeopleSoft and OpenSSO tokens. I would like to allow our applications to accept CAS tickets for authentication. One requirement is that the CAS ticket be checked last. We want to use this order: OpenSSO, PeopleSoft, CAS. My first thought was to simply add CAS filters in the filter chain after our AuthFilter, but if no CAS ticket is present the CAS filter naturally presents the CAS login screen evn if our Auth filter has successfully validated the request. I haven't been able to figure out a way to break the filter chain and skip the CAS filters if our Auth Filter successfully validated. (a redirect in our filter is not really feasible due to the design of some legacy applications that are pure servlets) So my next thought was to modify the CAS authentication filter. Our Auth Filter puts principal information on the request upon successful validation. I could have the CAS filter look for this data and if it is present the CAS filter would simply exit. I think this would be a simple mod to the doFilter() method. I have also considered trying to make a direct method call into the CAS client jar to validate the request and get the principal. But looking at the source code I realized this would take quite a bit of reverse engineering on my part. I would appreciation any thoughts or ideas. Thanks, Bryan -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
