...
CAS receives this secure server-to-server request, verifies that application1 has been loaded into it's persistent store of CAS registered services, and if successful, fulfills the application server's HTTPS CAS client request and returns an XML message of "success" along with the authenticated username. Remember that all of this is occurring whilst the user has only made a single request to access application1. The original request then passes though exits the CAS filter/module and allows application1 to serve content to this newly authenticated user.
...