Hi
We have CAS 4.1.x overlay. We have one webapp and one backend services. Two different WAR files, both apps are casified. Webapp runs at localhost:8080/myapp, backend service runs at localhost:8080/xyzservice (same domain). After user login successfully into /myapp, its AngularJS code makes XhrRequest call, it does HTTP GET on /localhost:8080/xyzservice/protected/simple.html I am getting CAS login page in javascript response code when XhrRequest call is made. However, if I use browser and navigate to /localhost:8080/xyzservice/protected/simple.html, that works fine. My guess is that 1) in browser scenario, CAS tells browser to redirect to CAS login page via 302. And, when browser GETs the CAS login page, it will send the SSO TGT in the cookie. Everything else follows. 2) in XhrRequest, CAS returns 200 with CAS login page. The XhrRequest does not know how to process the HTML login page and it fails. What do I need to do, so that when XhrRequest is made by a user that is already authenticated, it will work just like browser scenario? Thx! Yan -- CAS gitter chatroom: https://gitter.im/apereo/cas CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html CAS documentation website: https://apereo.github.io/cas CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0521f18c-058a-472e-8ea0-89baf1ee2bec%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.