Colin, I have this filter order (I should have included this earlier):
Authentication Validation Wrapper Filters are applied in the order they are listed in web.xml. There is no mechanism to skip nor go backwards. One must authenticate before validate. Note: if you want to use a logout filter, it would precede authenticate. Ray On Mon, 2024-11-25 at 14:38 -0500, Colin Ryan wrote: You don't often get email from col...@caveo.ca. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Ray, Changed to the following: <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/ldapconn/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/ldapconn/*</url-pattern> </filter-mapping> Same issue Thanks On 2024-11-25 1:55 PM, Ray Bon wrote: Colin, The filters are ordered. Authentication filter must be listed before validation filter. Ray On Fri, 2024-11-22 at 13:40 -0500, Colin Ryan wrote: [You don't often get email from col...@caveo.ca<mailto:col...@caveo.ca>. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Folks, CAS Client 3.6.4 Filter is starting in the logs, but I only want CAS to be in play for 1 specific WebApp installed on this Tomcat 9 instance. If I change the url-patterns in the web.xml file to "/*" everything works, but if I try to scope CAS down to the specific App the filter's appear to never be "invoked". I have a simple .jsp file in /ldapconn/casverify.jsp for confirming CAS. If I in a freshly started browser go to /ldapconn/casverify.jsp I do not get redirected to CAS for authentication and get errors obviously in my JSP. Even if I go to CAS directly and login and then go to /ldapconn/casverify.jsp I get the same error. If I change the url-patterns to just "/*" it all works as expected. Here is my web.xml <!-- CAS Validation Filter --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>Warning this link may be malicious, it actually goes to the site "ssoservice.mydomain.net" while displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fssoservice.mydomain.net%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376066536%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=OfsE9HMJzlE4fkcoP83ShfURURxqDMcJ6wksYw%2Ft7wk%3D&reserved=0<https://ssoservice.mydomain.net/cas></param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>Warning this link may be malicious, it actually goes to the site "ldapconn.mydomain.net:8080" while displaying:https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fldapconn.mydomain.net%3A8080%2F&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376086761%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=pChxlFSf6aasE1D4Lq037Rv6nzPIU4WHqjPAtS0i%2FdE%3D&reserved=0<http://ldapconn.mydomain.net:8080/></param-value> </init-param> </filter> <!-- Cas Filter/Wrapper --> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>Warning this link may be malicious, it actually goes to the site "ssoservice.mydomain.net" while displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fssoservice.mydomain.net%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376097782%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=XS%2BgBACgj1tp16bY3db3ohSw94WajWupQnxRXB3ehEs%3D&reserved=0<https://ssoservice.mydomain.net/cas></param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>Warning this link may be malicious, it actually goes to the site "ldapconn.mydomain.net:8080" while displaying:https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fldapconn.mydomain.net%3A8080%2F&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376110255%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=adVzJR7CAYa7QVdyIIey%2B3iJNmJVikxwj5%2Bn%2BpNMPCc%3D&reserved=0<http://ldapconn.mydomain.net:8080/></param-value> </init-param> </filter> <!-- CAS Wrapper --> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/ldapconn/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/ldapconn/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/ldapconn/*</url-pattern> </filter-mapping> -- - Website: Warning this link may be malicious, it actually goes to the site "apereo.github.io" while displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376121285%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=xuxlHxU%2BKrXYJA3i%2BlDGbDBY0DqpnwpnRqDfbUTwzz4%3D&reserved=0<https://apereo.github.io/cas> - List Guidelines: Warning this link may be malicious, it actually goes to the site "goo.gl" while displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376132089%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ghQQ69ubKIsO564UuW8kOjc44w0pEuvhW8tSD98monc%3D&reserved=0<https://goo.gl/1VRrw7> - Contributions: Warning this link may be malicious, it actually goes to the site "goo.gl" while displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376142745%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ZEJVa97c2Fq1tA7WrXU2p5whAp%2B6TVkp%2BBWUJ8avVnQ%3D&reserved=0<https://goo.gl/mh7qDG> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email tocas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion visit Warning this link may be malicious, it actually goes to the site "groups.google.com" while displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2Fc9057747-931f-4578-9459-e049e5c80ff2%2540caveo.ca&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376153359%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=7QMR5RrzsGcphF8UDr9VjHGc8sQ6p2ggdX6S15%2BrUWM%3D&reserved=0<https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9057747-931f-4578-9459-e049e5c80ff2%40caveo.ca>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00051693d044ee8e0deda0d969b8287a654c0232.camel%40uvic.ca.
