...
If i don't log into the Portal, it can't get my mail. After my CAS session expires, it can't get my mail.
Said another way, CAS without proxy requires the browser in each authentication "transaction". In the case of a portal or other middle tier application, the component needing to authenticate isn't the browser, it's an application like a portal. So proxy authentication allows one application (portal) which accepted and validated a CAS ticket to get data from another application (email) which is configured to trust the first (portal).
~susan.bramhall@yale.edu SusanBramhall