diff --git a/CASA-auth-token/server-java/Svc/TODO b/CASA-auth-token/server-java/Svc/TODO
index 2c9e1219..446de73b 100644
--- a/CASA-auth-token/server-java/Svc/TODO
+++ b/CASA-auth-token/server-java/Svc/TODO
@@ -10,11 +10,6 @@ This file contains a list of the items still outstanding for AuthTokenSvc.
 
 OUTSTANDING ITEMS
 
-- Add code to verify that client/server communications occur over HTTPS.
 - Create plug-in API for Identity Token Providers.
-- Change printfs used for debugging into a suitable mechanism.
-- Create tool to connect Tomcat instance to Apache Server and disabling port 2645 listener.
-- Create tool to help administrators import certificates into the ATS's key store.
-- Create tool to easily edit the iaRealms file.
 - Add identity token encryption capabilities.
  
diff --git a/CASA-auth-token/server-java/Svc/linux/CasaIsWebServerAvailable.sh b/CASA-auth-token/server-java/Svc/linux/CasaIsWebServerAvailable.sh
index c785fe4a..7e613a21 100755
--- a/CASA-auth-token/server-java/Svc/linux/CasaIsWebServerAvailable.sh
+++ b/CASA-auth-token/server-java/Svc/linux/CasaIsWebServerAvailable.sh
@@ -39,14 +39,14 @@ if [ -f $APACHE_SYSCONFIG_FILE_PATH ]; then
    TEST_PROXY_AJP=$(grep -i proxy_ajp $APACHE_SYSCONFIG_FILE_PATH | cut -c1-14 | grep -i APACHE_MODULES)
    if [ -z "${TEST_PROXY_AJP}" ]; then
       echo "mod_proxy_ajp not configured to be loaded"
-      retVal=1
+      retVal=0
    else
       echo "mod_proxy_ajp configured to be loaded"
-      retVal=0
+      retVal=1
    fi
 else
    echo "Apache not installed"
-   retVal=1
+   retVal=0
 fi
 
 exit $retVal
diff --git a/CASA-auth-token/server-java/Svc/linux/CasaTomcatConnectorEditor.sh b/CASA-auth-token/server-java/Svc/linux/CasaTomcatConnectorEditor.sh
index 2b4f52c3..78edfa05 100644
--- a/CASA-auth-token/server-java/Svc/linux/CasaTomcatConnectorEditor.sh
+++ b/CASA-auth-token/server-java/Svc/linux/CasaTomcatConnectorEditor.sh
@@ -71,47 +71,81 @@ AJP_CONNECTOR_COMMENT_BEGIN="<!-- AJP_CONNECTOR_COMMENT_BEGIN"
 AJP_CONNECTOR_COMMENT_END="AJP_CONNECTOR_COMMENT_END -->"
 
 
+# Assume success
+retVal=0
+
 # Perform the operation requested
 if [ $# -eq 2 ]; then
    if [ $1 = "-e" ]; then
       if [ $2 = "ssl" ]; then
          echo "Enabling ssl connector"
-         sed -i s:$SSL_CONNECTOR_COMMENT_BEGIN:$SSL_CONNECTOR_BEGIN:g SERVER_XML_FILE_PATH
-         sed -i s:$SSL_CONNECTOR_COMMENT_END:$SSL_CONNECTOR_END:g SERVER_XML_FILE_PATH
+         sed -i s:"$SSL_CONNECTOR_COMMENT_BEGIN":"$SSL_CONNECTOR_BEGIN":g $SERVER_XML_FILE_PATH
+         sed -i s:"$SSL_CONNECTOR_COMMENT_END":"$SSL_CONNECTOR_END":g $SERVER_XML_FILE_PATH
       else
          if [ $2 = "ajp" ]; then
             echo "Enabling ajp connector"
-            sed -i s:$AJP_CONNECTOR_COMMENT_BEGIN:$AJP_CONNECTOR_BEGIN:g SERVER_XML_FILE_PATH
-            sed -i s:$AJP_CONNECTOR_COMMENT_END:$AJP_CONNECTOR_END:g SERVER_XML_FILE_PATH
+            sed -i s:"$AJP_CONNECTOR_COMMENT_BEGIN":"$AJP_CONNECTOR_BEGIN":g $SERVER_XML_FILE_PATH
+            sed -i s:"$AJP_CONNECTOR_COMMENT_END":"$AJP_CONNECTOR_END":g $SERVER_XML_FILE_PATH
+            ln -s /etc/CASA/authtoken/svc/casaats.conf /etc/apache2/conf.d/casaats.conf
          else
             echo "Connector type not supported"
+            retVal=1
          fi
       fi
    else
       if [ $1 = "-d" ]; then
          if [ $2 = "ssl" ]; then
             echo "Disabling ssl connector"
-            sed -i s:$SSL_CONNECTOR_BEGIN:$SSL_CONNECTOR_COMMENT_BEGIN:g SERVER_XML_FILE_PATH
-            sed -i s:$SSL_CONNECTOR_END:$SSL_CONNECTOR_COMMENT_END:g SERVER_XML_FILE_PATH
+            sed -i s:"$SSL_CONNECTOR_BEGIN":"$SSL_CONNECTOR_COMMENT_BEGIN":g $SERVER_XML_FILE_PATH
+            sed -i s:"$SSL_CONNECTOR_END":"$SSL_CONNECTOR_COMMENT_END":g $SERVER_XML_FILE_PATH
+            rm -f /etc/apache2/conf.d/casaats.conf
          else
             if [ $2 = "ajp" ]; then
                echo "Disabling ajp connector"
-               sed -i s:$AJP_CONNECTOR_BEGIN:$AJP_CONNECTOR_COMMENT_BEGIN:g SERVER_XML_FILE_PATH
-               sed -i s:$AJP_CONNECTOR_END:$AJP_CONNECTOR_COMMENT_END:g SERVER_XML_FILE_PATH
+               sed -i s:"$AJP_CONNECTOR_BEGIN":"$AJP_CONNECTOR_COMMENT_BEGIN":g $SERVER_XML_FILE_PATH
+               sed -i s:"$AJP_CONNECTOR_END":"$AJP_CONNECTOR_COMMENT_END":g $SERVER_XML_FILE_PATH
             else
                echo "Connector type not supported"
+               retVal=1
             fi
          fi
       else
-         if [ $1 = "-file" ]; then
-            echo "Process properties file"
-            $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar $*
+         if [ $1 = "-s" ]; then
+            if [ $2 = "ssl" ]; then
+               echo "Checking ssl connector status"
+               TEST_SSL_CONNECTOR=$(grep "$SSL_CONNECTOR_BEGIN" $SERVER_XML_FILE_PATH)
+               if [ -z "${TEST_SSL_CONNECTOR}" ]; then
+                  echo "Connector disabled"
+               else
+                  echo "Connector enabled"
+               fi
+            else
+               if [ $2 = "ajp" ]; then
+                  echo "Checking ajp connector status"
+                  TEST_AJP_CONNECTOR=$(grep "$AJP_CONNECTOR_BEGIN" $SERVER_XML_FILE_PATH)
+                  if [ -z "${TEST_AJP_CONNECTOR}" ]; then
+                     echo "Connector disabled"
+                  else
+                     echo "Connector enabled"
+                  fi
+               else
+                  echo "Connector type not supported"
+                  retVal=1
+               fi
+            fi
          else
-            echo "Invalid operation requested"
-         fi
+            if [ $1 = "-file" ]; then
+               echo "Process properties file"
+               $JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar $*
+            else
+               echo "Invalid operation requested"
+               retVal=1
+            fi
+         fi 
       fi 
    fi
 else
    echo "Invalid number of parameters"
+            retVal=1
 fi
 
diff --git a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-ibm.xml b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-ibm.xml
index 19f9e4a6..253cb5f9 100644
--- a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-ibm.xml
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-ibm.xml
@@ -77,6 +77,12 @@
     <!-- Note : To disable connection timeouts, set connectionTimeout value
      to 0 -->
 	
+      <!-- Important Note : The ATS uses configuration tools to enable and disable  connectors.
+            These tools expect that the connectors be surrounded by  comments containing
+            XX_CONNECTOR_YYY or XXX_CONNECTOR_COMMENT_YYY  where XXX refers
+            to the type of connector (SSL or AJP) and YYY refers to either BEGIN  or END.  Please
+            do not modify these comments to avoid conflicting with the configuration tools.  -->
+
     <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
     <!-- SSL_CONNECTOR_BEGIN -->
     <Connector port="2645" 
diff --git a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml
index 483d053d..02561711 100644
--- a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml
@@ -77,6 +77,12 @@
     <!-- Note : To disable connection timeouts, set connectionTimeout value
      to 0 -->
 	
+      <!-- Important Note : The ATS uses configuration tools to enable and disable  connectors.
+            These tools expect that the connectors be surrounded by  comments containing
+            XX_CONNECTOR_YYY or XXX_CONNECTOR_COMMENT_YYY  where XXX refers
+            to the type of connector (SSL or AJP) and YYY refers to either BEGIN  or END.  Please
+            do not modify these comments to avoid conflicting with the configuration tools.  -->
+
     <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
     <!-- SSL_CONNECTOR_BEGIN -->
     <Connector port="2645" 
diff --git a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-sun.xml b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-sun.xml
index c22bc582..2659355d 100644
--- a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-sun.xml
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-sun.xml
@@ -77,6 +77,12 @@
     <!-- Note : To disable connection timeouts, set connectionTimeout value
      to 0 -->
 	
+      <!-- Important Note : The ATS uses configuration tools to enable and disable  connectors.
+            These tools expect that the connectors be surrounded by  comments containing
+            XX_CONNECTOR_YYY or XXX_CONNECTOR_COMMENT_YYY  where XXX refers
+            to the type of connector (SSL or AJP) and YYY refers to either BEGIN  or END.  Please
+            do not modify these comments to avoid conflicting with the configuration tools.  -->
+
     <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
     <!-- SSL_CONNECTOR_BEGIN -->
     <Connector port="2645" 
diff --git a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-sun.xml b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-sun.xml
index 205789e7..e21ab8fc 100644
--- a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-sun.xml
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-sun.xml
@@ -77,6 +77,12 @@
     <!-- Note : To disable connection timeouts, set connectionTimeout value
      to 0 -->
 	
+      <!-- Important Note : The ATS uses configuration tools to enable and disable  connectors.
+            These tools expect that the connectors be surrounded by  comments containing
+            XX_CONNECTOR_YYY or XXX_CONNECTOR_COMMENT_YYY  where XXX refers
+            to the type of connector (SSL or AJP) and YYY refers to either BEGIN  or END.  Please
+            do not modify these comments to avoid conflicting with the configuration tools.  -->
+
     <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
     <!-- SSL_CONNECTOR_BEGIN -->
     <Connector port="2645" 
diff --git a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/zen/catalina.properties b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/zen/catalina.properties
index f9eab858..9657833d 100644
--- a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/zen/catalina.properties
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/zen/catalina.properties
@@ -54,4 +54,4 @@ server.loader=${catalina.home}/server/classes,${catalina.home}/server/lib/*.jar
 #     "foo/*.jar": Add all the JARs of the specified folder as class 
 #                  repositories
 #     "foo/bar.jar": Add bar.jar as a class repository 
-shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar,/usr/share/java/identity-abstraction/*.jar,/usr/share/java/*.jar
+shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar,/usr/share/java/identity-abstraction/*.jar,/usr/share/java/CASA/*.jar,/usr/share/java/*.jar
diff --git a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/zen/server.xml b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/zen/server.xml
index 7a4c0783..dcce8ce2 100644
--- a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/zen/server.xml
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/zen/server.xml
@@ -1,6 +1,4 @@
-<!-- Example Server Configuration File -->
-<!-- Note that component elements are nested corresponding to their
-     parent-child relationships with each other -->
+<!-- CASA ATS Server Configuration File -->
 
 <!-- A "Server" is a singleton element that represents the entire JVM,
      which may contain one or more "Service" instances.  The Server
@@ -10,14 +8,8 @@
      define subcomponents such as "Valves" or "Loggers" at this level.
  -->
 
-<Server port="8585" shutdown="SHUTDOWN">
+<Server port="8585" shutdown="SHUTDOWN" debug="0">
 
-  <!-- Comment these entries out to disable JMX MBeans support used for the 
-       administration web application -->
-  <Listener className="org.apache.catalina.core.AprLifecycleListener" />
-  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
-  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
-  <Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
 
   <!-- Global JNDI resources -->
   <GlobalNamingResources>
@@ -29,9 +21,18 @@
          UserDatabaseRealm to authenticate users -->
     <Resource name="UserDatabase" auth="Container"
               type="org.apache.catalina.UserDatabase"
-              description="User database that can be updated and saved"
-              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
-              pathname="conf/tomcat-users.xml" />
+       description="User database that can be updated and saved">
+    </Resource>
+    <ResourceParams name="UserDatabase">
+      <parameter>
+        <name>factory</name>
+        <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+      </parameter>
+      <parameter>
+        <name>pathname</name>
+        <value>conf/tomcat-users.xml</value>
+      </parameter>
+    </ResourceParams>
 
   </GlobalNamingResources>
 
@@ -73,37 +74,43 @@
          IP address of the remote client.
     -->
 
+    <!-- Note : To disable connection timeouts, set connectionTimeout value
+     to 0 -->
 	
-	<!-- Note : To use gzip compression you could set the following properties :
-	
-			   compression="on" 
-			   compressionMinSize="2048" 
-			   noCompressionUserAgents="gozilla, traviata" 
-			   compressableMimeType="text/html,text/xml"
-	-->
-
+      <!-- Important Note : The ATS uses configuration tools to enable and disable  connectors.
+            These tools expect that the connectors be surrounded by  comments containing
+            XX_CONNECTOR_YYY or XXX_CONNECTOR_COMMENT_YYY  where XXX refers
+            to the type of connector (SSL or AJP) and YYY refers to either BEGIN  or END.  Please
+            do not modify these comments to avoid conflicting with the configuration tools.  -->
 
     <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
+    <!-- SSL_CONNECTOR_BEGIN -->
     <Connector port="2645" 
                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
                enableLookups="false" disableUploadTimeout="true"
+               maxPostSize="16384" connectionTimeout="10000"
                acceptCount="100" debug="0" scheme="https" secure="true"
                clientAuth="false" sslProtocol="TLS"
                keystoreFile="/etc/CASA/authtoken/keys/server/jks-store"
                keystorePass="secret" algorithm="SunX509" />
+    <!-- SSL_CONNECTOR_END -->
 
+    <!-- Define an AJP Connector -->
+    <!-- AJP_CONNECTOR_BEGIN -->
+    <Connector enableLookups="false" port="9595" protocol="AJP/1.3"/>
+    <!-- AJP_CONNECTOR_END -->
 
     <!-- An Engine represents the entry point (within Catalina) that processes
          every request.  The Engine implementation for Tomcat stand alone
          analyzes the HTTP headers included with the request, and passes them
          on to the appropriate Host (virtual host). -->
 
-    <!-- You should set jvmRoute to support load-balancing via AJP ie :
-    <Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">         
+    <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
+    <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">         
     --> 
          
     <!-- Define the top level container in our container hierarchy -->
-    <Engine name="Catalina" defaultHost="localhost">
+    <Engine name="Catalina" defaultHost="localhost" debug="0">
 
       <!-- The request dumper valve dumps useful debugging information about
            the request headers and cookies that were received, and the response
@@ -123,6 +130,11 @@
       <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
       -->
 
+      <!-- Global logger unless overridden at lower levels -->
+      <Logger className="org.apache.catalina.logger.FileLogger"
+              prefix="catalina_log" suffix=".txt"
+              timestamp="false"/>
+
       <!-- Because this Realm is here, an instance will be shared globally -->
 
       <!-- This Realm uses the UserDatabase configured in the global JNDI
@@ -130,189 +142,15 @@
            that are performed against this UserDatabase are immediately
            available for use by the Realm.  -->
       <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
-             resourceName="UserDatabase"/>
-
-      <!-- Comment out the old realm but leave here for now in case we
-           need to go back quickly -->
-      <!--
-      <Realm className="org.apache.catalina.realm.MemoryRealm" />
-      -->
-
-      <!-- Replace the above Realm with one of the following to get a Realm
-           stored in a database and accessed via JDBC -->
-
-      <!--
-      <Realm  className="org.apache.catalina.realm.JDBCRealm"
-             driverName="org.gjt.mm.mysql.Driver"
-          connectionURL="jdbc:mysql://localhost/authority"
-         connectionName="test" connectionPassword="test"
-              userTable="users" userNameCol="user_name" userCredCol="user_pass"
-          userRoleTable="user_roles" roleNameCol="role_name" />
-      -->
-
-      <!--
-      <Realm  className="org.apache.catalina.realm.JDBCRealm"
-             driverName="oracle.jdbc.driver.OracleDriver"
-          connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
-         connectionName="scott" connectionPassword="tiger"
-              userTable="users" userNameCol="user_name" userCredCol="user_pass"
-          userRoleTable="user_roles" roleNameCol="role_name" />
-      -->
-
-      <!--
-      <Realm  className="org.apache.catalina.realm.JDBCRealm"
-             driverName="sun.jdbc.odbc.JdbcOdbcDriver"
-          connectionURL="jdbc:odbc:CATALINA"
-              userTable="users" userNameCol="user_name" userCredCol="user_pass"
-          userRoleTable="user_roles" roleNameCol="role_name" />
-      -->
+                 debug="0" resourceName="UserDatabase"/>
 
       <!-- Define the default virtual host
            Note: XML Schema validation will not work with Xerces 2.2.
        -->
-      <Host name="localhost" appBase="webapps"
+      <Host name="localhost" debug="0" appBase="webapps"
        unpackWARs="true" autoDeploy="true"
        xmlValidation="false" xmlNamespaceAware="false">
 
-        <!-- Defines a cluster for this node,
-             By defining this element, means that every manager will be changed.
-             So when running a cluster, only make sure that you have webapps in there
-             that need to be clustered and remove the other ones.
-             A cluster has the following parameters:
-
-             className = the fully qualified name of the cluster class
-
-             clusterName = a descriptive name for your cluster, can be anything
-
-             mcastAddr = the multicast address, has to be the same for all the nodes
-
-             mcastPort = the multicast port, has to be the same for all the nodes
-             
-             mcastBindAddress = bind the multicast socket to a specific address
-             
-             mcastTTL = the multicast TTL if you want to limit your broadcast
-             
-             mcastSoTimeout = the multicast readtimeout 
-
-             mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
-
-             mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
-
-             tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes 
-
-             tcpListenAddress = the listen address (bind address) for TCP cluster request on this host, 
-                                in case of multiple ethernet cards.
-                                auto means that address becomes
-                                InetAddress.getLocalHost().getHostAddress()
-
-             tcpListenPort = the tcp listen port
-
-             tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
-                                  has a wakup bug in java.nio. Set to 0 for no timeout
-
-             printToScreen = true means that managers will also print to std.out
-
-             expireSessionsOnShutdown = true means that 
-
-             useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
-                            false means to replicate the session after each request.
-                            false means that replication would work for the following piece of code: (only for SimpleTcpReplicationManager)
-                            <%
-                            HashMap map = (HashMap)session.getAttribute("map");
-                            map.put("key","value");
-                            %>
-             replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
-                               * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
-                               * Synchronous means that the thread that executes the request, is also the
-                               thread the replicates the data to the other nodes, and will not return until all
-                               nodes have received the information.
-                               * Asynchronous means that there is a specific 'sender' thread for each cluster node,
-                               so the request thread will queue the replication request into a "smart" queue,
-                               and then return to the client.
-                               The "smart" queue is a queue where when a session is added to the queue, and the same session
-                               already exists in the queue from a previous request, that session will be replaced
-                               in the queue instead of replicating two requests. This almost never happens, unless there is a 
-                               large network delay.
-        -->             
-        <!--
-            When configuring for clustering, you also add in a valve to catch all the requests
-            coming in, at the end of the request, the session may or may not be replicated.
-            A session is replicated if and only if all the conditions are met:
-            1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
-            2. a session exists (has been created)
-            3. the request is not trapped by the "filter" attribute
-
-            The filter attribute is to filter out requests that could not modify the session,
-            hence we don't replicate the session after the end of this request.
-            The filter is negative, ie, anything you put in the filter, you mean to filter out,
-            ie, no replication will be done on requests that match one of the filters.
-            The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
-
-            filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
-            ending with .gif and .js are intercepted.
-            
-            The deployer element can be used to deploy apps cluster wide.
-            Currently the deployment only deploys/undeploys to working members in the cluster
-            so no WARs are copied upons startup of a broken node.
-            The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
-            When a new war file is added the war gets deployed to the local instance,
-            and then deployed to the other instances in the cluster.
-            When a war file is deleted from the watchDir the war is undeployed locally 
-            and cluster wide
-        -->
-        
-        <!--
-        <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
-                 managerClassName="org.apache.catalina.cluster.session.DeltaManager"
-                 expireSessionsOnShutdown="false"
-                 useDirtyFlag="true"
-                 notifyListenersOnReplication="true">
-
-            <Membership 
-                className="org.apache.catalina.cluster.mcast.McastService"
-                mcastAddr="228.0.0.4"
-                mcastPort="45564"
-                mcastFrequency="500"
-                mcastDropTime="3000"/>
-
-            <Receiver 
-                className="org.apache.catalina.cluster.tcp.ReplicationListener"
-                tcpListenAddress="auto"
-                tcpListenPort="4001"
-                tcpSelectorTimeout="100"
-                tcpThreadCount="6"/>
-
-            <Sender
-                className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
-                replicationMode="pooled"
-                ackTimeout="15000"
-                waitForAck="true"/>
-
-            <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
-                   filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/>
-                   
-            <Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
-                      tempDir="/tmp/war-temp/"
-                      deployDir="/tmp/war-deploy/"
-                      watchDir="/tmp/war-listen/"
-                      watchEnabled="false"/>
-                      
-            <ClusterListener className="org.apache.catalina.cluster.session.ClusterSessionListener"/>
-        </Cluster>
-        -->        
-
-
-
-        <!-- Normally, users must authenticate themselves to each web app
-             individually.  Uncomment the following entry if you would like
-             a user to be authenticated the first time they encounter a
-             resource protected by a security constraint, and then have that
-             user identity maintained across *all* web applications contained
-             in this virtual host. -->
-        <!--
-        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-        -->
-
         <!-- Access log processes all requests for this virtual host.  By
              default, log files are created in the "logs" directory relative to
              $CATALINA_HOME.  If you wish, you can specify a different
@@ -325,19 +163,15 @@
                  pattern="common" resolveHosts="false"/>
         -->
 
-        <!-- Access log processes all requests for this virtual host.  By
-             default, log files are created in the "logs" directory relative to
-             $CATALINA_HOME.  If you wish, you can specify a different
-             directory with the "directory" attribute.  Specify either a relative
-             (to $CATALINA_HOME) or absolute path to the desired directory.
-             This access log implementation is optimized for maximum performance,
-             but is hardcoded to support only the "common" and "combined" patterns.
-        -->
-        <!--
-        <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
-                 directory="logs"  prefix="localhost_access_log." suffix=".txt"
-                 pattern="common" resolveHosts="false"/>
-        -->
+        <!-- Logger shared by all Contexts related to this virtual host.  By
+             default (when using FileLogger), log files are created in the "logs"
+             directory relative to $CATALINA_HOME.  If you wish, you can specify
+             a different directory with the "directory" attribute.  Specify either a
+             relative (to $CATALINA_HOME) or absolute path to the desired
+             directory.-->
+        <Logger className="org.apache.catalina.logger.FileLogger"
+                 directory="logs"  prefix="localhost_log" suffix=".txt"
+            timestamp="false"/>
 
       </Host>
 
diff --git a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
index 44571a5b..d6f187ff 100644
--- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
+++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
@@ -187,11 +187,11 @@ install -m 755 Svc/linux/CasaAuthtokenSvcD %{buildroot}/etc/init.d/casa_atsd
 
 # Tomcat Base files
 install -m 600 Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/conf/catalina.policy
-install -m 600 Svc/tomcat5/conf/linux/zen/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
+install -m 600 Svc/tomcat5/conf/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
 install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
 install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
 install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
-install -m 600 Svc/tomcat5/conf/linux/zen/server.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
+install -m 600 Svc/tomcat5/conf/linux/server-sun.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
 install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
 install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
 install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
diff --git a/CASA-auth-token/yast2-casa-ats/src/CasaAts.ycp b/CASA-auth-token/yast2-casa-ats/src/CasaAts.ycp
index 4054efd0..5bc35b23 100644
--- a/CASA-auth-token/yast2-casa-ats/src/CasaAts.ycp
+++ b/CASA-auth-token/yast2-casa-ats/src/CasaAts.ycp
@@ -58,6 +58,8 @@ string authPolicyEditor = "/usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEdit
 string iaRealmsFile = "/etc/CASA/authtoken/svc/iaRealms.xml";
 string iaRealmsEditor = "/usr/share/java/CASA/authtoken/bin/CasaIaRealmsEditor.sh";
 string trustedServerCertsFolder = "/etc/CASA/authtoken/keys/trustedATSCerts";
+string tomcatConnectorEditor = "/usr/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh";
+string webServerIsAvailableChecker = "/usr/share/java/CASA/authtoken/bin/CasaIsWebServerAvailable.sh";
 
 /**
  * Settings Map
@@ -190,16 +192,13 @@ global boolean Read() {
 
 	// Set defaults
 	Settings["CONFIG_CASAATS_ENABLE"] = false;
-	Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = true;
+	Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = true;;
 	Settings["CONFIG_CASAATS_WEB_ACCESS"] = false;
 	Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"] = 60;
 
     if (FileUtils::Exists("/etc/sysconfig/casa-ats")) {
         Settings["CONFIG_CASAATS_ENABLE"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_ENABLE)) == "yes";
 		if ((Settings["CONFIG_CASAATS_ENABLE"]:false) == true) {
-			Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_DIRECT_ACCESS)) == "yes";
-			Settings["CONFIG_CASAATS_WEB_ACCESS"] = tolower((string)SCR::Read(.sysconfig.casa-ats.CONFIG_CASAATS_WEB_ACCESS)) == "yes";
-
 			cmd = svcSettingsEditor + " -get ReconfigureInterval -file " + svcSettingsFile;
 			ret = (map) SCR::Execute(.target.bash_output, cmd);
 			integer exit = ret["exit"]:-1;
@@ -377,6 +376,57 @@ global boolean Read() {
 			
 			Settings["CONFIG_CASAATS_REALMS"] = realms;
 		}
+
+		// Get the Tomcat SSL connector statuses
+		cmd = tomcatConnectorEditor + " -s ssl";
+		ret = (map) SCR::Execute(.target.bash_output, cmd);
+		exit = ret["exit"]:-1;
+		if (exit != 0)
+			y2error("Failed to read ssl connector status");
+		else {
+			string cmd_output = ret["stdout"]:"";
+			list<string> lines = splitstring(cmd_output, "\n");
+			string statusLine = lines[2]:"";
+			if (statusLine == "Connector enabled") {
+				y2milestone("SSL connector enabled");
+				Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = true;
+			}
+			else {
+				y2milestone("SSL connector disabled");
+				Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = false;
+			}
+		}
+
+		// Get the Tomcat AJP connector statuses
+		cmd = tomcatConnectorEditor + " -s ajp";
+		ret = (map) SCR::Execute(.target.bash_output, cmd);
+		exit = ret["exit"]:-1;
+		if (exit != 0)
+			y2error("Failed to read ajp connector status");
+		else {
+			string cmd_output = ret["stdout"]:"";
+			list<string> lines = splitstring(cmd_output, "\n");
+			string statusLine = lines[2]:"";
+			if (statusLine == "Connector enabled") {
+				y2milestone("AJP connector enabled");
+				Settings["CONFIG_CASAATS_WEB_ACCESS"] = true;
+			}
+			else {
+				y2milestone("AJP connector disabled");
+				Settings["CONFIG_CASAATS_WEB_ACCESS"] = false;
+			}
+		}
+
+		// Get the Web Server status
+		integer status = (integer) SCR::Execute(.target.bash, webServerIsAvailableChecker);
+		if (status == 1) {
+			y2milestone("Web server available");
+			Settings["WEB_SERVER_AVAILABLE"] = true;
+		}
+		else {
+			y2milestone("Web server un-available");
+			Settings["WEB_SERVER_AVAILABLE"] = false;
+		}
 	}
 
     // read firewall settings
@@ -523,8 +573,6 @@ global boolean Write() {
     if(Abort()) return false;
     Progress::NextStage();
     SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_ENABLE, Settings["CONFIG_CASAATS_ENABLE"]:false ? "yes" : "no");
-	SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_DIRECT_ACCESS, Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:true ? "yes" : "no");
-	SCR::Write(.sysconfig.casa-ats.CONFIG_CASAATS_WEB_ACCESS, Settings["CONFIG_CASAATS_WEB_ACCESS"]:false ? "yes" : "no");
     if (false) Report::Error (_("Cannot sysconfig settings."));
     sleep(sl);
 
@@ -661,6 +709,36 @@ global boolean Write() {
 		// Refresh the server Keystore
 		SCR::Execute(.target.bash, "/usr/share/java/CASA/authtoken/bin/refresh_server_keystore.sh");
 
+		// Adjust the Tomcat connectors
+		//
+		// First disable them both and then re-enable as necessary
+		cmd = tomcatConnectorEditor + " -d ssl";
+		exit = (integer) SCR::Execute(.target.bash, cmd);
+		if (exit != 0)
+			y2error("Failed to disable the SSL connector");
+		else {
+			if ((Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:false) == true) {
+				cmd = tomcatConnectorEditor + " -e ssl";
+				exit = (integer) SCR::Execute(.target.bash, cmd);
+				if (exit != 0)
+					y2error("Failed to enable the SSL connector");
+			}
+		}
+
+		cmd = tomcatConnectorEditor + " -d ajp";
+		exit = (integer) SCR::Execute(.target.bash, cmd);
+		if (exit != 0)
+			y2error("Failed to disable the AJP connector");
+		else {
+			if (Settings["CONFIG_CASAATS_WEB_ACCESS"]:false == true)
+			{
+				cmd = tomcatConnectorEditor + " -e ajp";
+				exit = (integer) SCR::Execute(.target.bash, cmd);
+				if (exit != 0)
+					y2error("Failed to enable the AJP connector");
+			}
+		}
+
 		// Adjust firewall as needed
 		if (Abort()) return false;
 		Progress::NextStage();
diff --git a/CASA-auth-token/yast2-casa-ats/src/dialogs.ycp b/CASA-auth-token/yast2-casa-ats/src/dialogs.ycp
index 568cd037..2c364602 100644
--- a/CASA-auth-token/yast2-casa-ats/src/dialogs.ycp
+++ b/CASA-auth-token/yast2-casa-ats/src/dialogs.ycp
@@ -738,8 +738,8 @@ zero means that the server only reads its configuration during start up.</p>
     integer items = 0;
 	map<string, map> realms = (map<string, map>) CasaAts::Settings["CONFIG_CASAATS_REALMS"]:$[];
     list<term> table_items = [];
-    boolean direct_access = CasaAts::Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:true;
-    boolean web_access = false;
+    boolean direct_access = CasaAts::Settings["CONFIG_CASAATS_DIRECT_ACCESS"]:false;
+    boolean web_access =  CasaAts::Settings["CONFIG_CASAATS_WEB_ACCESS"]:false;
     integer reconfig_interval = CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"]:60;
 
 	// Read list of search roots already configured for this realm
@@ -752,29 +752,59 @@ zero means that the server only reads its configuration during start up.</p>
 	});
 
     /* Dialog contents */
-    term contents = `HBox(
-		`HSpacing(5),
-		`VBox(
-			`VStretch(),
-			`Frame(_("Authentication Realms"),
-				`VBox(
-					`Table(`id(`table), `opt(`notify), `header(_("Realm")), []),
-					`HBox(`PushButton(`id(`add), _("Ad&d")),
-						`PushButton(`id(`edit), `opt(`disabled), _("&Edit")),
-						`PushButton(`id(`delete), `opt(`disabled), _("De&lete"))
+	term contents = nil;
+	if (CasaAts::Settings["WEB_SERVER_AVAILABLE"]:false == true)
+	{
+		contents = `HBox(
+			`HSpacing(5),
+			`VBox(
+				`VStretch(),
+				`Frame(_("Authentication Realms"),
+					`VBox(
+						`Table(`id(`table), `opt(`notify), `header(_("Realm")), []),
+						`HBox(`PushButton(`id(`add), _("Ad&d")),
+							`PushButton(`id(`edit), `opt(`disabled), _("&Edit")),
+							`PushButton(`id(`delete), `opt(`disabled), _("De&lete"))
+						)
 					)
-				)
+				),
+				`VSpacing(1),
+				`Left(`CheckBox(`id(`direct), `opt(`notify), _("Direc&t Access"))),
+				`VSpacing(1),
+				`Left(`CheckBox(`id(`web), _("&Web Server Access"))),
+				`VSpacing(1),
+				`Left(`TextEntry(`id(`interval), _("Recon&figure Interval"))),
+				`VStretch()
 			),
-			`VSpacing(1),
-			`Left(`CheckBox(`id(`direct), `opt(`notify), _("Direc&t Access"))),
-			`VSpacing(1),
-			`Left(`CheckBox(`id(`web), _("&Web Server Access"))),
-			`VSpacing(1),
-			`Left(`TextEntry(`id(`interval), _("Recon&figure Interval"))),
-			`VStretch()
-		),
-		`HSpacing(5)
-    );
+			`HSpacing(5)
+		);
+	}
+	else
+	{
+		contents = `HBox(
+			`HSpacing(5),
+			`VBox(
+				`VStretch(),
+				`Frame(_("Authentication Realms"),
+					`VBox(
+						`Table(`id(`table), `opt(`notify), `header(_("Realm")), []),
+						`HBox(`PushButton(`id(`add), _("Ad&d")),
+							`PushButton(`id(`edit), `opt(`disabled), _("&Edit")),
+							`PushButton(`id(`delete), `opt(`disabled), _("De&lete"))
+						)
+					)
+				),
+				`VSpacing(1),
+				`Left(`CheckBox(`id(`direct), `opt(`notify), _("Direc&t Access"))),
+				`VSpacing(1),
+				`Left(`CheckBox(`id(`web), `opt(`disabled), _("&Web Server Access"))),
+				`VSpacing(1),
+				`Left(`TextEntry(`id(`interval), _("Recon&figure Interval"))),
+				`VStretch()
+			),
+			`HSpacing(5)
+		);
+	}
 
 	boolean set_initial_focus = true;
     any ret = nil;
@@ -897,12 +927,6 @@ zero means that the server only reads its configuration during start up.</p>
 				reconfig_interval = CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"]:60;
 				continue;
 			}
-			/* Verify that web server access has not been selected */
-			if (web_access == true) {
-				Report::Error(_("Web server access is not yet supported."));
-				web_access = false;
-				continue;
-			}
 			/* Verify that the server can be accessed */
 			if (direct_access != true && web_access != true) {
 				Report::Error(_("Specify server access type."));
@@ -917,6 +941,7 @@ zero means that the server only reads its configuration during start up.</p>
 			// Save the server variables
 			CasaAts::Settings["CONFIG_CASAATS_REALMS"] = realms;
 			CasaAts::Settings["CONFIG_CASAATS_DIRECT_ACCESS"] = direct_access;
+			CasaAts::Settings["CONFIG_CASAATS_WEB_ACCESS"] = web_access;
 			CasaAts::Settings["CONFIG_CASAATS_RECONFIG_INTERVAL"] = reconfig_interval;
 			CasaAts::Settings["CONFIG_CASAATS_REALMS"] = realms;
 			break;