I need help.

I have JBOSS with jsf + seam web-application. Previously I work with auth by <login-config> FORM type auth with own LoginModule work over JAAS. To protected web pages uses <security-constraint> by roles.

Now need integration with CAS.

I add CAS-Server  web-app to project and implement cas-client to my wep-app, but if I use <security-constraint> session for my web-app do not have a remote user, without <security-constraint> - all fine, cas-server put remote into session.

May anybody help me? Why if I use <security-constraint> session not have remote user or why it`s cleared?

In my web.xml I do not have <login-config>.