Hi again, I finally managed to get my setup working :-) In detail: The problem was me using the Soulwing Client (thanks to microcline). Using the Yale CAS client, I am able to retrieve the user and receipt from the session within my portlet. Now I had working authentication, but my web application uses Tomcat Realms for authorization. Not going through the former login process and replacing this with CAS results in being authenticated but not authorized as no security role was assigned to the user. I was able to solve this issue by using the excellent SecurityFilter to mimic Tomcat authorisation. A tutorial is available from http://www.ja-sig.org/wiki/display/CASC/Combining+CASFilter+with+Tomcat+R.... Now we've got a fully integrated application in the IFramePortlet within jBoss Portal. Thanks again to all who helped! Greetings from Germany, Chris View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131844#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...