Hi Alessandro,The CAS you have described is very common where the target of the authentication scheme is a jsp (or asp) page that collects the credentials and posts to the .fcc.
It sounds like the URL you are requesting is not protected by a realm that points to the CAS. When a Web Agent receives a request, it will determine the associated AgentName and URI. The Web Agent uses these two pieces of data to make an IsProtected call to the Policy Server. The Policy Server uses the combination of AgentName and URI to attempt to map the call to a realm. Based on the results you're seeing, the request you are making is mapping to a realm that has the .fcc as a Target of the authentication scheme assigned to the realm.
There are a few ways you can resolve this. If all resources under the realm that is currently protecting the test resource should be protected with the CAS, you can simply assign the CAS to this realm. If this realm contains resources that should use the current .fcc auth scheme that is assigned to the realm, you can either create a new realm for the resources that should be protected with the CAS, or if that's not possible, if you have control over how the resource is requested you may be able to separate the resources that require different auth schemes by making changes that will result in the two resources resolving to different AgentNames (such as if users can be forced to use a separate hostname for the resources protected by the CAS).
I hope this helps.