In WsFederationFilter.authenticateWithToken need to call request.getSession() so that a session has been created before any response.sendError is called. The reason is that this.writeSessionToken(httpRequest, principal) when called after response.sendError is called then provokes an IllegalStateException.
In WsFederationFilter.authenticateWithToken need to call request.getSession() so that a session has been created before any response.sendError is called. The reason is that this.writeSessionToken(httpRequest, principal) when called after response.sendError is called then provokes an IllegalStateException.