Really, you only need to trick the CAS AuthenticationFilter in order to get into your application. The AuthenticationFilter checks for the presence of the CAS Assertion in the session using a well-known key name (AbstractCasFilter.CONST_CAS_ASSERTION), so you could simply install a dummy Assertion in the session in an upstream filter that handles PeopleSoft cookies. This keeps you from having to customize CAS filters. In the CAS authentication case, that filter wouldn't be doing anything, and the AuthenticationFilter would correctly redirect you to the CAS server on initial access.
M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
