> Any suggestions what is causing it to fail there? Exactly what it said, there's no identity given to it. > BTW - our idp(s) redirect to CAS for each authn Then the IdP isn't getting any user identity from the CAS client. -- Scott