diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b8f96daa..e1ed9cc3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -30,7 +30,13 @@ class ApplicationController < ActionController::Base
   exempt_from_layout /\.js\.erb$/
 
   if ( SITE_CONFIG['authentication_schemes'].include? 'cas')
-    before_filter CASClient::Frameworks::Rails::Filter
+    # This will allow the user to view the index page without authentication
+    # but will process CAS authentication data if the user already
+    # has an SSO session open.
+    before_filter CASClient::Frameworks::Rails::GatewayFilter, :only => :login
+
+    # This requires the user to be authenticated for viewing allother pages.
+    before_filter CASClient::Frameworks::Rails::Filter, :except => :login
   end
   before_filter :set_session_expiration
   before_filter :set_time_zone
diff --git a/app/controllers/login_controller.rb b/app/controllers/login_controller.rb
index d67899c4..89186d3d 100644
--- a/app/controllers/login_controller.rb
+++ b/app/controllers/login_controller.rb
@@ -6,11 +6,15 @@ class LoginController < ApplicationController
   skip_before_filter :login_required
   before_filter :login_optional
   before_filter :get_current_user
-  
+
   def login
+    if cas_enabled?
+      @username = session[:cas_user]
+      @login_url = CASClient::Frameworks::Rails::Filter.login_url(self)
+    end
     if openid_enabled? && using_open_id?
       login_openid
-    elsif cas_enabled?
+    elsif cas_enabled? && session[:cas_user]
       login_cas
     else
       @page_title = "TRACKS::Login"
@@ -136,7 +140,7 @@ class LoginController < ApplicationController
         end
         redirect_back_or_home
       else
-        notify :warning, "Sorry, no user by that identity URL exists (#{identity_url})"
+        notify :warning, "Sorry, no user by that CAS username exists (#{session[:cas_user]})"
       end
     else
       notify :warning, result.message
diff --git a/app/views/login/login.html.erb b/app/views/login/login.html.erb
index de3d3fe4..5c62c5a7 100644
--- a/app/views/login/login.html.erb
+++ b/app/views/login/login.html.erb
@@ -1,6 +1,7 @@
 <% auth_schemes = Tracks::Config.auth_schemes
    show_database_form = auth_schemes.include?('database')
    show_openid_form = auth_schemes.include?('open_id')
+   show_cas_form = auth_schemes.include?('cas')
 -%>
 
 <div title="Account login" id="loginform" class="form">
@@ -54,6 +55,22 @@
     <% end %>
   </div>
  <% end %>
+
+<% if show_cas_form %>
+  <div id="cas_auth_form" style="display:block">
+      <table>
+        <tr>
+          <td>
+			<% if @username %>
+			  <p>Hello, <%= @username %>! You are authenticated.</p>
+			<% else %>
+			  <p>You are not yet authenticated. <%= link_to("Login", @login_url) %>
+			<% end %>
+			</td>
+        </tr>
+      </table>
+  </div>
+ <% end %>
  
 </div>
 <% if show_openid_form %><p id="alternate_auth_openid" class="alternate_auth">or, <a href="#" onclick="Login.showOpenid();return false;">login with an OpenId</a></p><% end %>