For anyone who may be interested, after some intensive debugging I found that authentication is succeeding, but Tomcat authorization is failing. This was an instance of the issue identified in https://issues.jasig.org/browse/CASC-188: AssertionCasRealmDelegate and PropertiesCasRealmDelegate don't handle "*" role like tomcat does.
I verified this by hacking a change to insert a particular role for a user in /cas-client-3.2.1/cas-client-integration-tomcat-common/src/main/java/org/jasig/cas/client/tomcat/AssertionCasRealmDelegate.java, and it worked. Apparently this issue has been fixed in Version 3.3.0 of the client for Java. So, I need to figure out whether we want to wait for that to be released or perhaps use my hack until that time. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
