Then how do you integrate an external application if not using some kind of iframe portlet? The integration works fine, as long as no authentication is required. CAS creates a cookie (TGC, Ticket Granting Cookie) which allows you to get a service ticket. The mentioned cookie is (as it seems to me) valid for the HTTP session of the portal, but as soon as the iframe portlet tries to load the external application, another HTTP session starts, requiring authentication as well and thus presenting the CAS login screen. This is visible viewing the session ids in the browser. CAS is working correctly as it detects an unauthorized session and I've not been able to pass the original cookie from the portal session to the portlet. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4130403#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...