How to remove jsessionid from rootpage url with External SSO

Showing results for 
Search instead for 
Did you mean: 
Active Member II

How to remove jsessionid from rootpage url with External SSO


We are using Alfresco Share 5.2.6 and we are using an external SSO based on Yale CAS.

Everything was working OK when we were using Alfresco 4.2, but since we migrated to 5.2.1 (and recently to 5.2.6), we are encountering every time this problem whenever a user performs a login (for the first time during a browsing session):

1) The user tries to open https://ourserver/share/

1b) The default index.jsp page performs a redirect to https://ourserver/share/page/

2) The CAS Filter intercepts the request, and redirects to the external SSO webpage

3) The user performs a successful login in the External SSO (CAS) and it is redirected back to the following URL:


4) Then the default Share (Surf) handlers will try to display this page but in the end throw the error:

javax.servlet.ServletException: Could not resolve view with name ';jsessionid=210C2ECCDE88B1F5B074FBDD913497F9' in servlet with name 'Spring Surf Dispatcher Servlet'


If the user then removes from the browser addressbar everything after /share/, then the login is successful.
But this is not a real solution.


Is there any Share of Surf configuration (or something that we can do) to remove from the URL the part starting with ";...."  ?

(I wonder why was it working in Alfresco 4.2, without us doing any special manipulation of the URL.)

Thank you in advance to anyone who has encountered this problem or can suggest us which configuration parameter or code we should use to make sure we don't get this error.



1 Reply
Active Member II

Re: How to remove jsessionid from rootpage url with External SSO

Finally I solved it by creating a custom Filter to perform the following operation after the CAS Filter:

public void doFilter(ServletRequest sreq, ServletResponse sresp, FilterChain chain) throws IOException, ServletException {

HttpServletRequest req = (HttpServletRequest) sreq;
HttpServletResponse resp = (HttpServletResponse) sresp;

// Remove from the request URL the CAS_SESSION_ID (can have different names), since it interferes with the ViewResolver
HttpServletRequest wreq = new HttpServletRequestWrapper(req) {
public String getRequestURI() {
String originalRequestURI = super.getRequestURI();
return originalRequestURI.replaceFirst(";[^?]*", "");

chain.doFilter(wreq, sresp);

This will simply remove everything starting with ; and to the end of the URL (or until the query-string, in case the SESSION_ID was inserted before the query-string parameters).



<filter-name>CAS filter</filter-name>

<filter-name>Remove SESSION_ID Filter</filter-name>


For the moment it works, and I hope it doesn't introduce other side-effects which I haven't thought about.