For those interested I found the answer. For IBMs RAD7 development environment, WebSphere version 6.0.23, running on windows the session management default session-fixation-protection( migrateSession ) is the offending culprit. The copied session is not a deep copy or, WebSphere is using weak references in the session and they are not being copied. As a result, the redirect url that cas is expecting to be there, is not and your application loses its context.
The quickest fix, is to set session-fixation-protection=none i.e <sec:http entry-point-ref="casProcessingFilterEntryPoint" session-fixation-protection="none"> If you do this, be sure the LogoutFilter is nulling out the session. Another option would be to write your own filter and insert it in the appropriate place. Interestingly enough, Tomcat, Apache, and Jetty seen to copy the session as expected, along with the stand-alone WebSphere. This problem only manifested for me in the RAD7 ide, running the embedded WebSphere. -- View this message in context: http://jasig.275507.n4.nabble.com/CAS-Spring-Security-IBMWebSphere-Struts2-tp2017781p2065322.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
