diff --git a/CASA-auth-token/sample/CASA-auth.pl b/CASA-auth-token/sample/CASA-auth.pl
new file mode 100755
index 00000000..4d9bfa8a
--- /dev/null
+++ b/CASA-auth-token/sample/CASA-auth.pl
@@ -0,0 +1,137 @@
+#!/usr/bin/perl
+
+use MIME::Base64();
+
+# Prompt for ATS details
+print "ATS host: ";
+$ATShost = <>;
+chomp $ATShost;
+$ATSport = 2645;
+
+# Request authentication policy for end service
+print "CASA enabled service host: ";
+$CASAEnabledServer = <>;
+chomp $CASAEnabledServer;
+print "CASA enabled service name: ";
+$CASAEnabledService = <>;
+chomp $CASAEnabledService;
+
+# Send auth-policy request
+$getAuthPolicyReq = &getAuthPolicyRequest($CASAEnabledService, $CASAEnabledServer);
+#print "$getAuthPolicyReq\n";
+$ret = `curl -k -sS --data-binary \'$getAuthPolicyReq\' https://$ATShost:$ATSport/CasaAuthTokenSvc/Rpc?method=GetAuthPolicy`;
+print $ret;
+$ret =~ /<auth_policy>(.*)<\/auth_policy>/;
+$authPolicyB64 = $1;
+$authPolicy = MIME::Base64::decode($authPolicyB64);
+print "\n\nPOLICY FOR $CASAEnabledService/$CASAEnabledServer:\n$authPolicy\n";
+$authPolicy =~ /<realm>(.*)<\/realm>/;
+$realm = $1;
+
+if ($realm eq "") {
+	print "Realm: ";
+	$realm = <>;
+	chomp $realm;
+}
+
+# Request session token
+$authenticateReq = &getSessionTokenRequest($realm);
+#print "$authenticateReq\n";
+$ret = `curl -k -sS --data-binary \'$authenticateReq\' https://$ATShost:$ATSport/CasaAuthTokenSvc/Rpc?method=Authenticate`;
+#print "$ret\n";
+$ret =~ />([^>]*)<\/session_token>/;
+$sessionTokenB64 = $1;
+$sessionToken = MIME::Base64::decode($sessionTokenB64);
+print "\n\nSESSION TOKEN CONTENTS:\n$sessionToken\n";
+
+# Request auth token
+$getAuthTokenReq = &getAuthTokenRequest($CASAEnabledService, $CASAEnabledServer, $sessionTokenB64);
+#print "$getAuthTokenReq\n";
+$ret = `curl -k -sS --data-binary \'$getAuthTokenReq\' https://$ATShost:$ATSport/CasaAuthTokenSvc/Rpc?method=GetAuthToken`;
+open $tokfile, ">token.txt";
+$ret =~ /(<auth_token>.*<\/auth_token>)/;
+#print $tokfile "$1\n";
+$ret =~ />([^>]*)<\/auth_token>/;
+$authTokenB64 = $1;
+$WSS_msg = MIME::Base64::decode($authTokenB64);
+print $tokfile "$WSS_msg\n";
+$WSS_msg =~ /<ident_token_data>(.*)<\/ident_token_data>/;
+$authToken = MIME::Base64::decode($1);
+print "\n\nAUTH TOKEN ID INFO:\n$authToken\n";
+
+# Validate the auth token
+$ret = `./validate_auth_token.exe \'$CASAEnabledService\' \'$authTokenB64\'`;
+print "$ret\n";
+
+# CASA request URLs:
+# 1. https://<host>:<port>/CasaAuthTokenSvc/Rpc?method=GetAuthPolicy
+# 2. https://<host>:<port>/CasaAuthTokenSvc/Rpc?method=Authenticate
+# 3. https://<host>:<port>/CasaAuthTokenSvc/Rpc?method=GetAuthToken
+
+sub getAuthPolicyRequest {
+	my ($service, $host, $policyRequest);
+	$service = $_[0];
+	$host = $_[1];
+
+#	$policyRequest = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>
+	$policyRequest = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
+<get_auth_policy_req>
+<service>$service</service>
+<host>$host</host>
+</get_auth_policy_req>";
+
+	return $policyRequest;
+}
+
+sub getSessionTokenRequest {
+	my ($realm, $mechanismID, $mechanismTokenData, $sessionTokeniReq);
+	$realm = $_[0];
+#	print "Realm: ";
+#	$realm = <>;
+#	chomp $realm;
+
+	# PwdAuthenticate or Krb5Authenticate
+	$mechanismID = "PwdAuthenticate";
+	$mechanismTokenData = &getPasswordMechToken();
+
+	$sessionTokenReq = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>
+<auth_req>
+<realm>$realm</realm>
+<mechanism>$mechanismID</mechanism>
+<auth_mech_token>$mechanismTokenData</auth_mech_token>
+</auth_req>";
+
+	return $sessionTokenReq;
+}
+
+sub getPasswordMechToken {
+	my ($username, $password, $mechData, $mechTokenData);
+	print "User: ";
+	$username = <>;
+	chomp $username;
+	print "Password: ";
+	$password = <>;
+	chomp $password;
+	$mechData = "$username\r\n$password\r\n";
+	$mechTokenData = MIME::Base64::encode("$mechData", '');
+	return $mechTokenData;
+}
+
+sub getKerberosMechToken {
+}
+
+sub getAuthTokenRequest {
+	my ($service, $host, $sessionTokenB64, $authTokenReq);
+	$service = $_[0];
+	$host = $_[1];
+	$sessionTokenB64 = $_[2];
+
+	$authTokenReq = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
+<get_auth_tok_req>
+<service>$service</service>
+<host>$host</host>
+<session_token>$sessionTokenB64</session_token>
+</get_auth_tok_req>";
+
+	return $authTokenReq;
+}
diff --git a/CASA-auth-token/sample/Makefile b/CASA-auth-token/sample/Makefile
new file mode 100644
index 00000000..be8261bf
--- /dev/null
+++ b/CASA-auth-token/sample/Makefile
@@ -0,0 +1,8 @@
+all: tokenValidate.class
+
+tokenValidate.class: tokenValidate.java
+	javac -classpath /srv/www/casaats/webapps/CasaAuthTokenSvc/WEB-INF/classes tokenValidate.java
+
+clean:
+	rm -f *.class
+
diff --git a/CASA-auth-token/sample/README b/CASA-auth-token/sample/README
new file mode 100644
index 00000000..fe693472
--- /dev/null
+++ b/CASA-auth-token/sample/README
@@ -0,0 +1,14 @@
+Files in this directory:
+-----------------------
+
+CASA-auth.pl: Tool for requesting auth token from ATS. The auth token will be
+put in a file "token.txt".
+
+tokenValidate.java: Code for validating auth token.
+
+Makefile: Builds tokenValidate.class
+
+validate.sh: Run this after running CASA-auth.pl. It will validate the token in
+"token.txt" and print the identity token to stdout. This should be run on a
+machine where ATS certificates have been properly configured. It is better to
+run this on the server where ATS runs.
diff --git a/CASA-auth-token/sample/tokenValidate.java b/CASA-auth-token/sample/tokenValidate.java
new file mode 100644
index 00000000..1f37f555
--- /dev/null
+++ b/CASA-auth-token/sample/tokenValidate.java
@@ -0,0 +1,22 @@
+import java.io.FileReader;
+import java.io.BufferedReader;
+import java.io.IOException;
+
+import com.novell.casa.authtoksvc.AuthToken;
+
+public class tokenValidate {
+	public static void main(String[] args) throws IOException {
+		BufferedReader tokenFile = null;
+
+		tokenFile = new BufferedReader(new FileReader("token.txt"));
+
+		String l;
+		l = tokenFile.readLine();
+
+		String id;
+		id = AuthToken.validate(l);
+
+		System.out.println(id);
+	}
+}
+
diff --git a/CASA-auth-token/sample/validate.sh b/CASA-auth-token/sample/validate.sh
new file mode 100755
index 00000000..59758680
--- /dev/null
+++ b/CASA-auth-token/sample/validate.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+CLASSPATH=.
+CLASSPATH=$CLASSPATH:/srv/www/casaats/webapps/CasaAuthTokenSvc/WEB-INF/classes
+CLASSPATH=$CLASSPATH:/usr/share/java/xerces-j2.jar
+CLASSPATH=$CLASSPATH:/usr/share/java/log4j.jar
+CLASSPATH=$CLASSPATH:/opt/novell/zenworks/share/tomcat/common/classes
+CLASSPATH=$CLASSPATH:/srv/www/casaats/webapps/CasaAuthTokenSvc/WEB-INF/lib/xmlsec-1.4.0.jar
+CLASSPATH=$CLASSPATH:/srv/www/casaats/webapps/CasaAuthTokenSvc/WEB-INF/lib/commons-logging.jar
+
+export CLASSPATH
+id_token=`java tokenValidate`
+
+perl -e "use MIME::Base64(); print MIME::Base64::decode('$id_token')"