Worked it out - a slightly convoluted explanation coming up…
I'm using the CAS java client - it's better supported than mod_auth_cas and I'm using CAS 4
I was attempting to minimise changes to the web.xml, and hoping to be able to produce a CAS jar that could be installed separately.
In order to do this I changed the web.xml to use the version 3 servlet spec and put the filter settings into a web-fragment.xml file.
This worked quite nicely with only a tiny change to the core web.xml
This is where we come in…
The reason for the above behaviour is the order in which the filters are evaluated, unfortunately the filters in the main web.xml is evaluated first leading to the redirect to the Alfresco log in page before the redirect to the CAS log in page.
The solution is to put the CAS filters into the web.xml before the stock ones so that they are evaluated first (I guess the Authentication Filter is the important one)
I did experiment with using <ordering> but as I suspected this doesn't seem apply to the main web.xml
It's a less elegant solution and means that it's not worth producing a CAS module jar but it works.
(I don't think it would be hard to move the SSO Authentication Filter code into a separate jar which would enable my original plan but that's a bigger customization)
