My advice would be to utilize the Validation Filter from the CAS client to handle validation and write a custom filter to place higher in the chain that checks if any of the authentication methods succeeded (or if there is a CAS ticket) and if not redirects.
Cheers, Scott On Fri, Sep 18, 2009 at 11:25 AM, Bryan Wooten <[email protected]> wrote: > I need advice in getting the CAS Client Filter to play nice with our > internal Auth Filter. > > > > We have an Auth Filter that validates requests against both PeopleSoft and > OpenSSO tokens. I would like to allow our applications to accept CAS > tickets for authentication. One requirement is that the CAS ticket be > checked last. We want to use this order: OpenSSO, PeopleSoft, CAS. > > > > My first thought was to simply add CAS filters in the filter chain after > our AuthFilter, but if no CAS ticket is present the CAS filter naturally > presents the CAS login screen evn if our Auth filter has successfully > validated the request. I haven’t been able to figure out a way to break the > filter chain and skip the CAS filters if our Auth Filter successfully > validated. (a redirect in our filter is not really feasible due to the > design of some legacy applications that are pure servlets) > > > > So my next thought was to modify the CAS authentication filter. Our Auth > Filter puts principal information on the request upon successful > validation. I could have the CAS filter look for this data and if it is > present the CAS filter would simply exit. I think this would be a simple > mod to the doFilter() method. > > > > I have also considered trying to make a direct method call into the CAS > client jar to validate the request and get the principal. But looking at > the source code I realized this would take quite a bit of reverse > engineering on my part. > > > > I would appreciation any thoughts or ideas. > > > > Thanks, > > > > Bryan > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
