I really think that based on this, that you actually need to do...nothing. It's totally fine to have multiple applications running on the same Tomcat instance, even if some are protected by CAS and some aren't. The CAS settings are application-specific, not application server instance-specific. Eg., you configure CAS authentication per application. So, if you don't want one application to be protected by CAS, just don't tell it about CAS, and it'll hum happily along, oblivious to the existence of CAS.
Ultimately, CAS is just an application that runs under Tomcat. Other applications can talk to it for authentication, but they don't have to (unless, of course, they literally have to because they're coded to do so...) Even if they're running on the same application server instance. It's kind of like - if all of your neighbors on your street want to change the locks on their houses, that doesn't mean that you're required to change your locks. You're not even required to have locks on your house. Chris >>> William <[email protected]> 02/08/16 10:39 AM >>> Chris, You hit the nail on the head. That is exactly what I am referring to. I am running CAS Server, CAS Service (user interface), and a few applications which I want protected by CAS. I have one that I do not want users prompted by a login page. I believe what Dmitriy is saying that I need to configure Spring Security and/or web.xml not to intercept attempts to this one application (with context root of "keepalive"). Regards. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
