Hello, Assuming we have 2 applications
One application providing authentication and second application configured to be redirected to the first application for authentication. Lets call page in the second application which does the redirection to first application as SignInPage. Below is the code in SignInPage which sets a cookie to redirect to the url that was requested after login. // The following lines ensure redirection back to the second application page that was requested. Response resp = getRequestCycle().getResponse(); if (resp instanceof WebResponse) { WebResponse webResp = (WebResponse) resp; Cookie cookie = WicketApplication.get().getIamHelper().getIamSecurityHelper().getRedirectURLCookie(second app url); webResp.addCookie(cookie); } // The following line redirects to first application for login. getRequestCycle().scheduleRequestHandlerAfterCurrent(new RedirectRequestHandler("../firstApplcation/login")); Now mounting SignInPage class in org.apache.wicket.protocol.http.WebApplication#init() in the following order getSecuritySettings().setCryptFactory(new KeyInSessionSunJceCryptFactory()); setRootRequestMapper(new CryptoMapper(getRootRequestMapperAsCompound(), this)); mountPage("/login", SignInPage.class); The above setting works fine where the user is correctly redirected to ../firstApplcation/login to login, however swapping CryptoMapper and mountPage as follows breaks and the user is not redirected to First app for authentication, url seen in the browser is "secondApplication/xxxxxxxxxxx" versus ../firstApplcation/login getSecuritySettings().setCryptFactory(new KeyInSessionSunJceCryptFactory()); mountPage("/login", SignInPage.class); setRootRequestMapper(new CryptoMapper(getRootRequestMapperAsCompound(), this)); Why does the order of mountPage and CryptoMapper change behavior ? Thanks & Regards Satish Gutta Notice: This communication, including any attachments, is intended solely for the use of the individual or entity to which it is addressed. This communication may contain information that is protected from disclosure under State and/or Federal law. Please notify the sender immediately if you have received this communication in error and delete this email from your system. If you are not the intended recipient, you are requested not to disclose, copy, distribute or take any action in reliance on the contents of this information.