One thing some of you might be interested in: I found a subtle issue with the CAS / Roller stuff after I sent that stuff a few weeks ago. It's probably not a huge deal, but here's the problem:
If you login to a SSO environment involving Roller, starting *from* Roller (eg /roller-ui/login-redirect.jsp) then after you login and wind up back at the Roller page, it will "recognize" your login and display the "edit" links and the full menu, etc. as appropriate for your role. But... If you start at a different app in the SSO environment, and then jump to the Roller page(s), Roller doesn't know you're logged in yet. You still have to go through /roller-ui/login-redirect.jsp once so Roller can do it's behind-the-scenes magic. Of course once you're signed into CAS, once you click the Roller login link, everything is handled for you and you wind up back at the right page automatically, but with it now recognizing that you are logged in. I fought and fought with this and finally the best solution I could come up with was to add a new filter to CAS that would set a global (path "/" ) cookie indicating to all apps that CAS is now "enabled." Then I modified Roller's index.jsp to look for that cookie and redirect to /roller-ui/login-redirect.jsp if the two conditions A. CAS is enabled and B. Roller doesn't think I'm logged in yet, hold. This seamlessly allows Roller to recognize the SSO login when coming in from a different app. I consider this to be a fairly brutal hack though, and would like to find a cleaner way to handle this issue. But for now that's all I could come up with. TTYL, Phil
